Policies are how LiveStream determines who may access what, and how, at any given time.
In previous iterations of Getbusi web access management software, Policies were a singular set of rules which could be applied directly to groups or individuals. In order to easily accommodate large directory services with many user groups, Policies have been split into two components.
ProTip: Your entire policy configuration is viewable from the Dashboard, at-a-glance, including time-based policies.
For each Policy Group, four things must be defined:
Name: This unique title describes the types of user groups this policy group will be managing e.g. Staff, Managers, Teachers, Students etc.
Members: These are the user groups and device groups which this policy group will effect.A client group may only be a member of one Policy Group, this helps to avoid conflicts.
Policy Sets: Policy Sets are the actual sets of web access rules which will be applied to the members of the Policy Group. One Policy Set can be applied to multiple Policy Groups.
Priority: Policy Groups are automatically positioned in a hierarchy in order to resolve conflicts where one user is a member of multiple directory groups which are assigned to separate Policy Groups.
This allows you to group your organisation's myriad user groups into clear containers within LiveStream rather than forcing you to manage them separately. For example, if you are a school with over five student year groups in your directory, they can now be logically contained in a Policy Group that's relevant to their level of web access e.g. "Students." See specific examples, below
Policy Sets contain all the web access management rules that may be enforced for a Policy Group. Each Policy Group must have a default Policy Set which will always apply to it unless it is overridden by an optional time-based one.
Like Policy Groups, each Policy Set is uniquely identified by its name. Be sure to choose Policy Set names wisely, because you may need to differentiate them from Policy Groups based only on their name.
All rules are optional are separated across five themes:
The following example represents an education scenario where you have general students which must be assigned the same set of rules all the time and then a more specific subset which also live on campus and therefore require separate rules for when they use the web during their personal time.
This example assumes that members of the directory group boarding_students_2014 are also members of the various Yr## groups.
Boarders
Priority: 1
Members | Default Policy Set | Time-based Policy Sets |
---|---|---|
boarding_students_2014 [LDAP User Group] | Student rules | Non-school hours rules [Mon – Fri, 4PM – 10PM] |
Non-school hours rules [Sat – Sun, 7AM – 11PM] |
Students
Priority: 2
Members | Default Policy Set | Time-based Policy Sets |
---|---|---|
Yr07 [LDAP User Group] | Student rules | None |
Yr08 [LDAP User Group] | ||
Yr09 [LDAP User Group] | ||
Yr10 [LDAP User Group] | ||
Student BYOD [Device Group] |