Add a Policy Fragment to a Service Policy
You can add an included policy fragment to any service policy provided that the permissions in your role permit it. Keep the following in mind:
gateway
You can add an included policy fragment to any service policy provided that the permissions in your role permit it. Keep the following in mind:
- Adding a fragment adds all the assertions defined within that fragment. It is not possible to remove any assertion in a policy added by a fragment.
- You can view the properties for assertions added by a fragment, but you cannot make changes.
- The policy is parsed as if the assertions in the fragment were manually added to the policy. In other words, the fragment does not interrupt the normal policy logic.
Global policy fragments do not need to be manually added to a service policy. These global fragments have predefined rules as to when and where they are run.
To add an included policy fragment to a service policy:
- Open the service policy that will receive the fragment.You can choose to open an existing fragment as it is possible to nest a fragment within another fragment.
- Add the Include Policy Fragment assertion to the appropriate location in service policy.
- Choose the policy fragment to be added from the list displayed. The fragment appears as: "Include Policy Fragment: <name>" in the policy window. Some tips to note:
- If the list of fragments is empty, this means no included policy fragments have been created yet.
- You can activate another version of the fragment before adding it to the policy.
- Use the Assertions Tool Bar to reposition the policy fragment if necessary.
- Repeat steps 2 to 4 to add additional policy fragments if required.