Conditional Policy - Endpoint
Overview
The conditional policy Endpoint feature manages document security policies on a local PC with Document Security 6 installed. This feature allows for the conversion of regular documents to AIP documents or DRM documents, as well as mutual conversion between AIP documents and DRM documents.
Purpose
- Set the conditional policy for the Local PC with Document Security 6 installed through the admin page.
- Automate the state transitions and security management of documents through conditional policies.
Prerequisites
- The Local PC subject to conditional policies must have Document Security 6 or higher installed.
- Local PC must be logged in to both Security365 and the SCI Server (Document Security server).
Policy Configuration Guide
warning
- The policy name must be unique and cannot be duplicated.
- **Required fields (*) must be filled in.**The policy will be saved.
- You must select at least one extension when specifying the extension.
- Members added to the exclusion list will not be subject to the policy, even if they are included in the assignment list.
- If you navigate to another page without saving when there are policy changes, the changes will be lost.
info
Json Code Editor
- When clicking an item in the registered policy list, in the top menu,
JSON 보기You can use the feature. - Show the conditional policy for the registered policy in JSON code format, supporting editing and saving features.
- When performing manual tasks, it is recommended to thoroughly review as there may be grammatical errors that could cause the policy to not function properly.
Policy Creation and Option Settings
- After logging into the admin page, go to [Conditional Policy] → [Endpoint] → [Document Security] menu.
- Policy RegistrationClick the button.
- policy'sInformationConfiguring the listening:
Policy Basic Information
Policy Name
| Settings Item | Explanation |
|---|---|
| Policy Name | Enter the unique name of the policy. (No duplicates allowed) |
| Policy Description | Enter description information about the policy. |
Members
| Settings Item | Explanation |
|---|---|
| Allocation | Specify the user, group, or policy group to which the policy will be applied. |
| Exclusion | Specify the members to be excluded from policy application. Excluded members will not be subject to the policy even if they are added to the assignment. |
- Allocation Settings Options
- All users: Applies to all users within the registered organization.
- User and Group Selection: Applies only to designated users and groups within the registered organization.
Target Document | General Document
| Settings Options | Explanation |
|---|---|
| Not applied | General documents are excluded from the subject. |
| All general documents | All general documents will be subject to this. |
| File Extension Specification | Only documents with the selected extension will be targeted. |
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf, zip
Target Document | DRM Document
| Settings Options | Explanation |
|---|---|
| Not applied | DRM documents are excluded from the subject. |
| All DRM Documents | All DRM documents are subject to this. |
| Designated DRM Document | Only DRM documents that meet specific conditions will be targeted. |
Designated DRM DocumentAdditional settings when selected:
- Constructor Verification
- Check if the document creator is the same as the currently logged-in user, and apply policies accordingly.
- Constraints: [Integration Management] → [Document Security] path's
멀티 서버 등록This option is only displayed when the feature is in use.
- Constraints: [Integration Management] → [Document Security] path's
- Option: Enabled / Disabled
- When using, you need to specify the following two options.
- Policy application when the document creator and the logged-in user match
- Policy application when the document creator and the logged-in user do not match
- When using, you need to specify the following two options.
- DRM Document Encryption Types
- Select from DAC(ACL), MAC(Category), GRADE(Rating)
- You can enter the related ID depending on the selected type.
- DRM Document Permissions
- Check document permissions for logged-in users, creators, and added groups
- Permission types: Read, Edit, Output, Export, Release, Change Permission, Print Marking, Validity Period
- File Extension Specification
- Specify the extension of the target DRM document
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
Target Document | AIP Document
| Settings Options | Explanation |
|---|---|
| Not applied | AIP documents are excluded from the subject. |
| All AIP documents | All AIP documents are subject to this. |
| Designated AIP Document | Only AIP documents that meet specific conditions will be targeted. |
Designated AIP DocumentAdditional settings when selected:
- Labeling
- Use AIP label information as a condition
- File Extension Specification
- Specify the extension of the target AIP document
doc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
info
Common configuration items
- Security Label Check: This is an option used to determine whether a security label is applied to the document and its status, and to designate and change the security level.
| Settings Options | Explanation |
|---|---|
| Not confirmed | Refers to the entire selected document type, regardless of whether it has a security label. |
| Document with specified label as target | Referring to document types that have security labels applied |
| Targeting documents without labels | Referring to document types that do not have a security label applied |
| ::: |
warning
pdf,zip,pptmThe extension is a format that does not support security labels and is excluded from label verification.
Document Path Specification
| Settings Item | Explanation |
|---|---|
| All Paths | Policies are applied to files in all paths. |
| designated path | Policies are applied to files at the specified path. |
- Settings Options
- Manual Input: Enter the path directly.
- Default Provided Path : %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, %USERS%, %TEMP%
Document Events
- Mouse Right-Click Menu
- Right-click the mouse and click the [Encrypt Document] menu.
- Right-click the mouse and click the [Document Conversion] menu.
- Right-click the mouse and click the [Document Grade Setting] menu.
- Right-click the mouse and click the [Delete AIP Label] menu.
- Document Usage Method
- Document Viewing/Editing and Exit (or Save)
- Document Viewing
- Local Explorer
- Moving/Copying Files in OneDrive
- Moving/Copying Files to OneDrive
- Moving/Copying Files in SharePoint
- Moving/Copying Files in SharePoint
- Cloud
Setting Conditions
Location (IP)
| Settings Options | Explanation |
|---|---|
| No location restrictions | Policies are applied to all locations (IP). |
| Select from registered locations | Select a specific location to apply the policy. |
time
| Settings Options | Explanation |
|---|---|
| No time limit | The policy applies at all times. |
| Select from registered time | Select a specific time to apply the policy. |
Document Execution Policy
Encryption with DRM
| Settings Options | Explanation |
|---|---|
| Force DRM encryption on all target documents | Encrypt all target documents with DRM. |
| Applied according to DRM encryption types | Encrypt according to the selected encryption type (DAC, MAC, GRADE). |
Encryption with AIP
| Settings Options | Explanation |
|---|---|
| Label Selection | Select the AIP label to apply to the target document. |
Maintain Status
| Settings Options | Explanation |
|---|---|
| Maintain State | The status of the target document will not be changed. └Mainly used for exception handling |
Security Level Settings
| Settings Options | Explanation |
|---|---|
| Select the grade to specify | • Assign and change security levels for the target document. • Retrieve grade information from the Security365 management center, and multiple selections are possible. └ The label information of the selected grades will be displayed in the client UI along with the grade color when the client is right-clicked. |
| Set to default grade | • Select the grade to be set as the default grade only for the selected grade. └ The radio button of the label located at the top of the grade selected as the default value will be displayed as the default selection in the client UI. • Even when only one grade is selected,necessarily 기본 등급으로 설정You need to click the button. |
Delete AIP label
| Settings Options | Explanation |
|---|---|
| Delete AIP label | When the event specified in the target document occurs, the assigned status AIP label is deleted. |
Policy Settings
Usage Status
| Settings Options | Explanation |
|---|---|
| ON | Activating the policy. |
| OFF | Disabling the policy. |
Expiration Date
| Settings Options | Explanation |
|---|---|
| No expiration date | No expiration date is set for the policy. |
| Expiration Date Setting | Set the start date and end date. (The end date is무기한can be set to) |