Create Policy
The Create Policy task is used to create these types of policies:
gateway83
The Create Policy task is used to create these types of policies:
- Global policy fragments:These are policies that are always applied before or after every service policy in the system. Only Administrators can create global policies. For more information, see Working with Global Policy Fragments.
- Included Policy Fragments:These are fragments that group any number of assertions into a self-contained unit that can be dropped into any service policy. For more information, see Types of Fragments.For a shortcut method to creating an Included Policy Fragment, see Policy Fragment Shortcut.
- Policy-Backed Identity Provider Policy Fragment:These are fragments specifically intended for use with Policy-Backed Identity Providers. For more information, see Policy-Backed Identity Providers .
- Internal use policies:These are ready-made policies predefined in the CA API Gateway. These policies are designed to achieve a specific objective. For more information, see Working with Internal Use Policies.
There are several other types of policies that are not created via the Create Policy task:
- Audit sink policy:This is a special policy that is created when auditing to a policy is enabled. This policy may be edited, but it cannot be renamed nor deleted. For more information, see Managing Audit Sinks.
- Debug trace policy:This is a special trace policy to help you troubleshoot a service policy. For more information, see Working with the Debug Trace Policy.
Only users with the role of "Administrator" can create a policy.
To create a policy:
- Do either of the following:
- Select [Tasks] >Create Policyfrom the Main Menu
- Right-click a folder within the Services and Policies list and then select Create Policy.
- Complete the properties for the type of policy that you wish to create. For more information, see Policy Properties.
- Click [OK]. The new policy is created and loaded in the policy window for editing. If you currently have unsaved changes in the policy window, you are prompted to save before the new policy is loaded. New policies have the following default assertions:
- For included policy fragments: An Add Audit Detail assertion that logs the creation of the new fragment.
- For internal use policies: See Working with Internal Use Policies for details.
(1) The icon color in the Services and Policies list help you readily identify the type of policy: 
= Global policy fragment; 
= Included policy fragment; 
= Internal policy. For global and internal policies, the policy tag is displayed next to the policy name. (2) If security zones have been deployed and you have been assigned a "Manage X Zone" role, the security zone 'X' must include the "All assertions must..." composite assertion as well as every assertion in the policy (or that will be added to the policy) before you can create or edit the policy.
= Global policy fragment; = Included policy fragment; = Internal policy. For global and internal policies, the policy tag is displayed next to the policy name. (2) If security zones have been deployed and you have been assigned a "Manage X Zone" role, the security zone 'X' must include the "All assertions must..." composite assertion as well as every assertion in the policy (or that will be added to the policy) before you can create or edit the policy.