Conditional Policy - Endpoint
Overview
The Conditional Policy Endpoint feature manages document security policies on a local PC with Document Security 6 installed. This feature allows for the conversion of regular documents to AIP documents or DRM documents, as well as mutual conversion between AIP documents and DRM documents.
Purpose
- Set the conditional policies for the Local PC with Document Security 6 installed through the admin page.
- Automate document state transitions and security management through conditional policies.
Prerequisites
- Local PC subject to conditional policies must have Document Security 6 or higher installed.
- The local PC must be logged into both Security365 and the SCI Server (Document Security server).
Policy Configuration Guide
warning
- The policy name must be unique and cannot be duplicated.
- **Required fields (*) must be filled in.**The policy must be saved.
- You must select at least one extension when specifying the extension.
- Members added to the exclusion list will not be subject to the policy, even if they are included in the assignment list.
- If you navigate to another page without saving when there are policy changes, the changes will be lost.
Json Code Editor
- When clicking an item in the registered policy list, in the top menu**
JSON 보기**You can use the feature. - Displays conditional policies for registered policies in JSON code format, supporting editing and saving functions.
- When performing manual tasks, it is recommended to conduct a thorough review as there may be grammatical errors that could cause the policy to not function correctly.
Policy Creation and Option Settings
- After logging into the admin page, go to [Conditional Policy] → [Endpoint] menu.
- Policy RegistrationClick the button.
- policy'sInformationIt consists of:
Basic Policy Information
Policy Name
| Settings Item | Description |
|---|---|
| Policy Name | Enter the unique name of the policy. (No duplicates allowed) |
| Policy Description | Enter description information about the policy. |
Members
| Settings Item | Description |
|---|---|
| Allocation | Specify the user, group, or policy group to which the policy will be applied. |
| Exclusion | Specify the members to be excluded from policy application. Excluded members will not be subject to the policy even if they are added to the assignment. |
- Allocation Settings Options
- All Users: Applies to all users within the registered organization.
- User and Group Selection: Applies only to designated users and groups within the registered organization.
Target Document | General Document
| Settings Options | Description |
|---|---|
| Not Applicable | General documents are excluded from the target. |
| All General Documents | All general documents are subject to this. |
| File Extension Specification | Only documents with the selected extension will be targeted. |
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf, zip
Target Document | DRM Document
| Settings Options | Description |
|---|---|
| Not Applicable | DRM documents are excluded from the subject. |
| All DRM Documents | All DRM documents are subject to this. |
| Designated DRM Document | Only DRM documents that meet specific conditions will be eligible. |
Designated DRM DocumentAdditional settings when selected:
- Constructor Verification
- Check if the document creator is the same as the currently logged-in user, and apply policies accordingly.
- Constraints: [Integration Management] → [Document Security] path
멀티 서버 등록This option is only displayed when the feature is enabled.
- Constraints: [Integration Management] → [Document Security] path
- Option: Enabled / Disabled
- In the case of use, you need to specify the following two options.
- Apply policy when the document creator and the logged-in user match
- Policy application when the document creator and the logged-in user do not match
- In the case of use, you need to specify the following two options.
- Check if the document creator is the same as the currently logged-in user, and apply policies accordingly.
- DRM Document Encryption Types
- Select from DAC(ACL), MAC(Category), GRADE(Rating)
- You can enter the relevant ID depending on the selected type.
- DRM Document Permissions
- Check document permissions for logged-in users, creators, and added groups
- Types of permissions: Read, Edit, Output, Export, Release, Change Permission, Print Marking, Validity Period
- File Extension Specification
- Specifying the Extension of the Target DRM Document
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
Target Document | AIP Document
| Settings Options | Description |
|---|---|
| Not Applicable | AIP documents are excluded from the subject. |
| All AIP Documents | All AIP documents are subject to this. |
| Designated AIP Document | Only AIP documents that meet specific conditions will be eligible. |
Designated AIP DocumentAdditional settings when selected:
- Labeling
- Using AIP label information as a condition
- File Extension Specification
- Specify the extension of the target AIP document
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
Common Configuration Items
- Check Security Label: This is an option used to determine whether a security label is applied to the document and its status, and to assign and change the security level.
| Settings Options | Description |
|---|---|
| Not confirmed | Refers to the entire selected document type regardless of security label status. |
| Document with specified label as the target | Referring to document types with security labels applied |
| Targeting unlabeled documents | Refers to document types that do not have security labels applied. |
| ::: |
warning
pdf,zip,pptmThe extension is a format that does not support security labels and is excluded from label verification.
Document Path Specification
| Settings Item | Description |
|---|---|
| All Paths | Policies are applied to files in all paths. |
| specified path | Policies are applied to files at the specified path. |
- Settings Options
- Manual Input: Enter the path directly.
- Default Provided Path : %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, %USERS%, %TEMP%
Document Events
- Mouse Right-Click Menu
- Right-click the mouse and click on the [Encrypt Document] menu.
- Right-click the mouse and click the [Document Conversion] menu.
- Right-click the mouse and click the [Document Level Setting] menu.
- Right-click the mouse and click the [Delete AIP Label] menu.
- How to Use the Document
- Viewing/Editing Document and Exiting (or Saving)
- Document Viewing
- Local Explorer
- Moving/Copying Files in OneDrive
- Moving/Copying Files to OneDrive
- Moving/Copying Files in SharePoint
- Moving/Copying Files in SharePoint
- Cloud
Setting Conditions
Location (IP)
| Settings Options | Description |
|---|---|
| No location restrictions | Policies are applied to all locations (IP). |
| Select from registered locations | Select a specific location to apply the policy. |
time
| Settings Options | Description |
|---|---|
| No time limit | The policy applies at all times. |
| Select from registered time | Select a specific time to apply the policy. |
Document Execution Policy
Encryption with DRM
| Settings Options | Description |
|---|---|
| Force DRM encryption on all target documents | All target documents are encrypted with DRM. |
| Applied according to DRM encryption types | Encrypts according to the selected encryption type (DAC, MAC, GRADE). |
Encryption with AIP
| Settings Options | Description |
|---|---|
| Label Selection | Select the AIP label to apply to the target document. |
Maintain State
| Settings Options | Description |
|---|---|
| Maintain State | It does not change the status of the target document. └ Mainly used for exception handling |
Security Level Settings
| Settings Options | Description |
|---|---|
| Select the grade to specify | • Assigns and changes the security level of the target document. • You can retrieve the grade information in the Security365 management center, and multiple selections are available. └ The label information of the selected grades will be displayed in the client UI along with the grade colors when the client right-clicks. |
| Set to default grade | • Select the grade to set as the default grade, limited to the selected grade. The radio button of the label located at the top of the grade selected by default will be displayed as the default selection in the client UI. • Even when only one grade is selectednecessarily 기본 등급으로 설정You need to click the button. |
Delete AIP Label
| Settings Options | Description |
|---|---|
| Delete AIP Label | When the specified event in the target document occurs, the assigned AIP label will be deleted. |
Policy Configuration
Usage status
| Settings Options | Description |
|---|---|
| ON | Activates the policy. |
| OFF | Disabling the policy. |
Expiration Date
| Settings Options | Description |
|---|---|
| No expiration date | No expiration date is set for the policy. |
| Setting Expiration Date | Set the start date and end date. (The end date is무기한can be set to) |