Configuring a Security Policy
The security policy allows you to determine how software can be used by members of your organization. The security settings give you the ability to restrict user changes to software; therefore, users can’t download from update sites or a Secure Marketplace catalog unless you specifically allow it.
In this tutorial, you will learn how to:
- Add a new security policy
- Configure software update policies
- Set advanced policies
1. Add a New Security Policy
Before creating a security policy, a few rules must be determined. Following is a list of security questions you should decide on before beginning.
- Should end users be allowed to continue to use software after it has been deleted or retired from the hub machine?
- Should end users be allowed to add third-party software to their local environment? If so, do you allow software additions from any site, do you want to restrict to specific sites, or allow installation from marketplace catalogs not maintained in SDC?
- Do you want end users to apply software updates immediately? If not, do you want to impose a time frame by which updates need to be installed?
- Click Security Policies under Policies in the Admin Console navigation. Alternatively, you can access the Security Policies page by clicking the View Security Policies link on a package’s Configuration tab.
Note: To edit settings for an existing policy, select the policy in the Security Policies section.
- Click in the Security Policies section to create a new policy, or click to create a new policy by duplicating another.
The Security Policies section lists the security policies available for use. These are listed in the Security Policy drop-down list on the Configuration tab. When you select a policy in the list, the Used In section displays the packages that use the policy.
To remove a policy, select it, and click . Before removing a policy, be sure no packages use the policy.
To make a policy the default, select it, and click . However, before you can make a policy the default, you must first roll out the policy by promoting it.
- Enter a title for the security policy, and click OK. This title appears in the Security Policy drop-down list on a package’s Configuration tab. The title also appears in the Title field of the Selected Security Policy section.
The Selected Security Policy section allows you to set policies for software changes by end users, update restrictions and end-user assistance.
- Set the end-user security configurations, which indicate if end users are allowed to make changes to their software.
Three settings apply to end-user installation of third-party software. The first setting allows end users to install from public Marketplace catalogs. The second, allows for software to be added by users using the dropins folder in the MyEclipse/Eclipse installation folder. The third allows end users to install from external update sites. With this setting, you can allow local changes from only admin-selected sites, or local changes from any site. Users access third-party software installation by selecting Help>Install from Catalog or Install from Site from the menu in their software package. See Installing Local Software.
A fourth option allows for users to view update details when checking for software updates. This update details window displays information about what is contained in the update and allows users to select which updates to apply. If snapshots are available, users can also choose to change their installed version to a snapshot version. See Accepting Updates to an Existing Package for information on the Available Updates window.
2. Configure Software Update Policies
- Click Updates in the Selected Security Policy section.
- Specify when users must apply package updates as they are available.
With the Allow Delayed Application of Updates option disabled, users must apply the update as it is rolled out. If you enable this option, you can specify whether to allow users to apply when they are ready or to give them a time limit.
- Select the frequency at which the automatic update check occurs in an installed package.
Users can change this setting in the Install/Update>Automatic Updates preference setting. Select the appropriate checkboxes to have the package check for updates at startup or to require a restart after package updates.
3. Set Advanced Policies
- Click Advanced in the Selected Security Policy section.
- Choose whether or not users can continue using software after you have retired the package by removing it from the hub machine.
A package is removed from the hub machine when you delete it from the Software Details page and promote the deletion. The package is removed from the portal and the installers are removed from the hub machine automatically. With this option disabled, users are required to install an updated package as you instruct.
- To help admins troubleshoot issues end users have with a package, allow users to submit assistance requests from their installation to the Admin Console for review.
When this option is enabled, end users have an option on their Help menu to request assistance. Admins are notified of pending assistance requests, and they can be viewed and managed on the User Assistance page.
- Choose whether to give users the ability to upgrade base package components, such as extra software you’ve added to a package.
By using Install from Site or Install from Catalog, users can upgrade non-core components of the package by installing a newer version. For example, in the case of Eclipse, a user upgrades to a newer version of Eclipse than what is included in the Eclipse 4.2.1 Eclipse for Java package. Another example is including the Spring Mylyn feature in MyEclipse and allowing users to get a newer version of Mylyn by enabling this option.