• State Not Answered
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 1166 views
  • Users 0 members are here
Options
Related

CONTENT POLICY

dario guastella
over 2 years ago

i need to create a content policy to apply only for a specific entitlements in SPP and not to any users.

for example i have two entitlements (with differente assets) and the same users have both of entitlements but only for one entitlements i need to activate a content policy.

is it possible?

in which way?

  • 0 over 2 years ago

    Hi Dario,

    There is no direct link between the SPP entitlements and the SPS Content policy but you can do the following:

    Create a new Channel within the same Channel Policy then select the Channel type and the required Content policy here then define the target Asset IPs in the To field where you want this channel to be applied.

    Then move this channel to the top of the list so that it will take precedence when users connect to the defined target Asset IPs.

    I would test this first to see if it works for what you need before making changes in prod.

    Thanks!

  • 0 over 2 years ago in reply to Tawfiq.Ahmad

    Great Tawfiq, always very very helpful!

    Fantastic!!!
    yes I will sure try to do this.

    So I have to work like this: (considering for example SSH Control --> Channel Policy and i will create a similar to "Shell only" policy type)

    So I have to create a new channel policy similar to this above and where I will specify the type of channel (maybe the same), the new content policy, the Target (with the specific hostname or IP of the specific server) and I can specify also an AD group of the users to which i want to apply this new policy and in the Target field I can put the hostname or the IP for which I want to trigger this policy.

    Right?

    If everything is right I expect that the users I will not specify in the AD group that I will add in the field (gateway or remote group) that wants to access to the specific server I specified in the Target field and execute specific commands don't make trigger the policy and I also can select any single action to do for all other users thaa are in the AD group and so they can trigger the content policy.

    The policy will be triggered for any other users that are not in the AD group for example.

    Doubt: if I would like to specify more then one user to which I want to apply this policy I can put an AD group but in the remote group or gateway group?

    Then i will move this channel to the top of the list so that it will take precedence when users connect to the defined target Asset IPs.

    Thank you so much Tawfiq!

  • 0 over 2 years ago in reply to dario guastella

    Yes that is correct.

    If the restricted channel does not match for users not in the AD group then it will jump to next channel where no restrictions is applied for other users that are not members of the specified group.

    If the users are not authenticating against SPS as gateway then you would specify the AD group in the Remote Users Group section.

    Also since you will be using an AD Group then you must also select an LDAP server policy on the SSH Connection policy > expand the connection policy > LDAP Server drop down should have an LDAP Server policy that can be used to connect to AD and perform the group lookup.

    If you don't have an existing LDAP Server policy then one can be created first under Policies > LDAP Server.

    Thanks!