Global Rules are policy-level classifications, designed to enable complex searches for advanced classification scenarios.
They allow Compliance Managers and users to define content classifications criteria that span across multiple data points and categorizes or labels files only when they span multiple data dimensions and satisfy multiple rules.
Thus, Global Rules allow Compliance Managers to apply more sophisticated policies to classify their data more accurately, get more targeted results, and reduce compliance clutter. By supporting adjustable thresholds for classifications, Global Rules give compliance professionals the flexibility and agility they need to tailor their compliance suites to the needs of their organization, their internal criteria, and regulatory requirements.
Policies can only contain one Global Rule.
Users are able to add and adjust Global Rules to all user-created policies.
Adding or removing Global Rules from SailPoint delivered, out of the box, policies is possible.
Creating a Global Rule
To create a Global rule within a user-defined policy, perform the following steps:
- Navigate to Compliance > Data Classification > Policies to open the rules page.
Select + New Policy.
The available policy fields are:
- Policy Name - Policy names are unique. It is best to create a naming convention that avoids using the same name twice.
- Activate/Deactivate Policy - Users can activate or deactivate a policy using this button.
- Owner - The logged in user is the creator of the policy. (This field is read-only.)
- Description - Users can provide descriptions to the policies they create to better explain what the policy is meant for and designed to do. You can use this description to describe the logic of your Global rules, as well for additional readability.
To add a Global rule to a policy, a user must first add at least one Content rule. This can be done by either adding a new rule or by adding a pre-existing rule using the Search option. We recommend adding Global rules at the end after the Content rules have been added.
Global rule settings are enabled once Content rules have been added.
After adding at least one Content rule, select New Global Rule.
Provide the following information:
- Rule Name - Unique name for the Global rule
- Categories - The resource will be classified by the Categories when the rule is satisfied
For the Rule Criteria, add the type of categories in the Value field. The dropdown will provide a list of only the categories that are set by the content rules defined within the policy.
Creating rule criteria allows you to set a condition that will be satisfied when a set of categories are applied.
Select Save within the Rule Criteria block.
- Either add another set of rule criteria or select Save to save the new Global rule.
Global Rule Options
Within the Policy screen, a user can either Edit or Remove a Global Rule from the policy.
Select the hamburger menu within the Global rule to see these options.
- Edit - all options can be edited
- Remove - the Global rule will be removed from the policy
Global rules cannot be created or removed from out of the box policies. They can only be edited.
If you remove a Global rule from a policy, you cannot add it back. I new Global rule will have to be created and added to the policy.
Global Rule - Rules Screen
By navigating to the Rules screen (Compliance > Rules), a user can see all of the various rules including global rules that have been created. These rules will also state what type of rule they are.
From the Rules screen, Global Rules can only be deleted (with the exception of OOTB global rules). You cannot edit a Global Rule from this screen.
If a Global Rule is deleted from the Rules screen, it will automatically be deleted from any corresponding policy.
Next to the hamburger menu is a downward arrow. A user can select this arrow to view details, such as categories and criteria, about the Global Rule.
- To view only Global Rules, select the Filter icon.
- In the Type dropdown, select Global Rules.