Policy Interaction

The CloudControl Policy Engine carries out the following work flow when a user performs an operation on a given policy resource:

  1. If a RuleSet is found during the process of walking up the resource tree, the local rule or rules that are shared on the same node as the RuleSet are ignored. The policy engine then evaluates the RuleSet.

    • If a true statement is found, the requested operation is allowed.

    • If a false statement is found, the policy engine terminates the user request and the operation is not allowed.

  2. If there are no RuleSets, then the CloudControl Policy Engine looks at the local rule or rules assigned to the resource object.

    • If a true statement is found from the local rule or rules, the requested operation is allowed.

    • If a false statement is found from the local rule or rules, the policy engine walks up the policy tree to the next node and applies the same line of reasoning.

 

HyTrust CloudControl v 5.6

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: