Skip to main content

Business System Control - Conditional Policy

Control of Business SystemsConditional PolicyThe tab manages policies that limit the number of screens that can be opened simultaneously in the isolated browser and the work systems (apps, URL input fields) accessible by each member.

⚠️ Read carefullyThis policy applies to all access to work systems.Highest Priority Control PolicyIt is. The menus that are not allowed here cannot be accessed by users regardless of how the sub conditional policies (app conditional policies, URL input field conditional policies) are set.

Feature Overview

Conditional policies limit the menus that users can access on SHIELDGate and efficiently manage isolated browser resources.Top-level permission controlIt is a feature.

Controllable items

  • App: Access permissions for the registered app list
  • URL input field: Direct URL input feature access permission
  • Maximum number of screens: Limit on the number of screens that can be opened simultaneously in the isolation browser

Policy Application Structure

조건부정책 (최상위)
├── 앱 허용 → 앱 조건부정책 적용 가능
├── URL입력창 허용 → URL입력창 조건부정책 적용 가능
└── 최대 화면 수 설정 → 구성원별 화면 수 제한

Example:

  • Conditional policy "URL input field" not allowed → URL input field conditional policy invalid
  • "App" not allowed in conditional policy → Conditional policy for app invalid
  • Set the maximum number of screens to 10 in the conditional policy → the corresponding member can use up to 10 screens only.

Policy Priorities

If the same member is included in multiple policies,**Policies with a higher priority (smaller numbers) are applied first.**It works.

Example:

  • Priority 1: Member Hong Gil-dong / Work SystemAllowable / Maximum number of screens 5
  • Priority 2: Member Organization / Work SystemandURL입력창Allowed / Maximum number of screens unlimited
  • resultHong Gil-dong is subject to priority 1 policy, which disables the URL input field and allows the use of a maximum of 5 screens only.

Screen Layout

Admin Page →Business System ControlConditional PolicyMove to tab

Main Components

1. Policy List

  • Priority: Policy application order (1 has the highest priority)
  • Policy NameUnique name identifying the policy
  • Members: Users/Groups to which the policy applies
  • Target business system: Allowed Menu (App, URL Input Field)
  • Maximum number of screens: Number of screens that can be used simultaneously
  • Modification Date: Last modified date

2. Top Features

  • [+ Policy Registration]: Create a new control policy
  • Search: Searchable by various criteria such as policy name, members, target, usage status, etc.
  • Edit/Delete: Modify or delete the selected policy

You can search for policies based on various criteria, including policy name, members, target business systems, and usage status.

Types of search filters

FilterSearch MethodDescription
Policy NameInclude searchSearch for policy names containing keywords
MembersInclude search + dropdown selectionUser (Name·Email), Group, Department search, Assignment/Exception distinction selection, Multiple selection available
TargetDropdown selectionApp, URL input field selection, multiple selection available
Usage statusDropdown selectionUse / Not Use Selection
ConditionInclude search + dropdown selectionSearch by location (IP), time, and device conditions, multiple selections allowed.
Execution PolicyDropdown selectionAllow/Block access, select additional authentication methods (email·OTP), multiple selections available

Member Search Details

  • When you enter a name or email in the search box, results will be displayed in real-time in a dropdown.
  • Allocation / ExceptionYou can select a tab to distinguish between cases where the member is assigned to the policy and cases that are handled as exceptions.
  • 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.
  • Location: 위치 제한 없음You can search by entering a registered location name. The results are위치명 | IP 범위It will be displayed in the format.
  • time: 시간 제한 없음You can search by entering the registered time name. The results are시간명 | 시간 범위It will be displayed in the format.
  • Device: 모든 디바이스, Desktop, Tablet, MobileSelect __PH_0__.

Search Condition Combination Rules

  • **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • **Within filter (OR condition)**If you select multiple items within the same filter, any policy that matches at least one will be displayed.
  • Each set condition is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ Priority changes (drag and drop) are not possible when search filters are applied. To change the priority, please clear all search filters.

3. Policy TrendsIf no policy is registered, the following message will be displayed:

  • "There are no registered work system control policies."
  • Policy Registration Guide Text:
    • You can control members' access to the business system (app and URL input field).
    • Even if you set conditional policies in the [App and URL Input Field] of the complete menu, assigned members cannot access the business system.

Add Policy

1. Start adding policy

  • **[+ Policy Registration]**Button click
  • The policy addition slide panel opens from the right.

2. Policy Basic Information

These are the default settings displayed at the top of the slide panel.

Policy Name

  • Enter a unique name to identify the policy.
  • Duplicate names cannot be used.
  • For example: "Development Team", "Basic Policy", "Executive Only", etc.

Members

Select the target to which the policy will be applied.

Select allocation method:

  • All users: Apply policy to all users
  • Select user or group: Specify a specific user or group

When selecting a user/group:

  1. Select Target in the Allocation Tab
  2. Select exception target in the Exclusion tab (optional)
  3. Search for username or group name through the search bar.
  4. The selected members can be confirmed in the box below.

Target business system

Select the allowed menu with checkboxes:

  • App: Allow access to the list of registered apps
  • URL input field: Allow direct URL input feature access
  • You can select both or only one.

3. Conditions

You can set conditions for location, time, and device to restrict the policy to apply only in specific environments.

Location (IP)

No location restrictionsWhen selected:

  • Apply policies at all locations

**Location restrictions apply.**When selected:

  • Select from the locations registered in the Security365 condition items.
  • Apply the policy only at the selected location.
  • If a new location condition is required**[+Location Registration]**Click

time

No time limitWhen selected:

  • Policy applied at all times, 24 hours a day.

**There is a time limit.**When selected:

  • Select from the registered time in the Security365 condition items.
  • Apply the policy only to the selected time zone.
  • If a new time condition is needed**[+Time Registration]**Click

Device

No device restrictionsWhen selected:

  • Apply policies across all devices.

**Device restrictions apply.**When selected:

  • Select from the devices registered in the Security365 condition items.
  • Apply the policy only to the selected device.
  • If new device conditions are required**[+Device Registration]**Click

4. Control Policy

Number of simultaneous screens

Set the maximum number of screens that can be opened simultaneously in the isolation browser.

Settings options:

  • No limit on the number of screens(Default): Unlimited use without screen number restrictions
  • Specify maximum number of screens: Enter the maximum number of screens directly
    • Input format: An integer greater than or equal to 1 (at least 1)
    • For example: When entering 10 → The member can use a maximum of 10 screens only.

Effects of Screen Count Limitation:

  • Preventing Excessive Use of System Resources
  • Fair resource allocation
  • Ensuring overall system performance stability
  • Flexible resource management with differentiated restrictions by member.

5. Configuration

Policy Configuration

Sets whether the policy is active.

  • use: Activate the policy immediately and apply it to members.
  • Not in useSave the policy but keep it in an inactive state.

6. Save Policy

  • After completing all settings __PH_0__**[Save]**Button click
  • The policy is applied immediately and reflected to the respective member.

Policy Modification

How to modify

  1. Policy Selection: Select a single policy to edit from the list.
  2. Edit Button: Activated at the top**[Edit]**Button click
  3. Content modificationChange the required items on the policy modification slide.
  4. Save: **[Save]**Apply changes with the button

Editable items

  • Policy Name (No Duplicates Allowed)
  • Member Assignment/Exclusion
  • Allowed Work System (App/URL Input Field)
  • Condition Settings (Location/Time/Device)
  • Maximum number of screens setting
  • Policy Configuration

Change Priority

After selecting a policy, you can change the priority using the following method.

  • Drag and DropDrag and drop the policy directly from the list to the desired location.
  • Move to the top / Move to the bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location.

⚠️ Priority changes are not possible when a search filter is applied. Please proceed after clearing all filters.

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Full DownloadSave all registered policy information as an Excel file.
  • Download Search Results: Save only the results with the current search filter applied to an Excel file.

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.

Delete Policy

Deletion Method

  1. Policy SelectionSelect one or more policies to delete from the list.
  2. Delete button: Activated at the top**[Delete]**Button click
  3. Delete confirmation: In the confirmation modal window**[Check]**Button click

Caution

  • Deleted policies cannot be restored.
  • Members of the policy are subject to the basic policy or other policies.

User Experience

When the screen limit is reached

If the user attempts to open a new screen after reaching the maximum number of screens set, an informational modal window will be displayed.

Modal window example (with a limit of up to 10)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
화면 열기 제한 안내
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

현재 사용자는 동시에 최대 10개의 격리 브라우저 화면만 열 수 있습니다. (관리자 정책에 따른 개인별 제한)

새 화면을 열려면 기존에 열려 있는 화면을 닫은 후 다시 시도해 주세요.

[확인]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Operation Description:

  • If the user retries after closing the existing screen, normal access will be restored.
  • The "N" in the modal window is dynamically displayed based on the configured maximum number of screens.
  • Clicking [Confirm] will close the modal window, allowing the user to manage the existing screen.

Problem Solving

Common Issues

When a conditional policy is set but the user cannot access it:

⚠️ The most common causeThe menu is not allowed in the conditional policy.

  1. Verification Order:
    • Priority 1: Check whether the corresponding menu (app/URL input field) is allowed in the conditional policy.
    • Priority 2: Check if the user is included in the conditional policy.
    • 3rd Priority: Check the settings for lower conditional policies (app conditional policies, URL input field conditional policies)
  2. SolutionAllow the necessary menu in the conditional policy first, then set the sub-policy.

When the user can no longer open the screen:

  • Check the maximum number of screens set in the conditional policy.
  • Check the priority of the policies applied to the user.
  • Modify the policy as needed to increase the maximum number of screens or change it to unlimited.

When the policy is not applied:

  • Check Priority (whether there is a higher priority policy)
  • Check member settings (whether included in the exclusion list)
  • Check Condition Settings (Time/Location Condition Fulfillment)

When the menu is not visible:

  • Check the policies applied to the user.
  • Check if the necessary menus are checked in the business system selection options.

Condition setting error:

  • Check if the location/time/device conditions are correctly registered in the Security365 condition items.
  • Check if the required condition is set to "Limit Exists".

Policy configuration order

Step 1: Set Conditional Policy

  • Basic menu access permission settings (App/URL input field)
  • Maximum number of screens per member setting

Step 2: Set App Conditional Policies

  • Detailed permission settings for individual apps

Step 3: Set Conditional Policy for URL Input Field

  • Detailed permission settings by URL

⚠️ CautionMenus not allowed in step 1 make the settings in steps 2-3 meaningless.

Priority Management

  • Set exceptional policies to high priority.
  • Set general policies to a low priority.
  • Regular review of the priority system
  • Development Team/Designer: 30~50 items (multiple reference materials needed)
  • General office position: 10~20 items (business documents and system access)
  • Executives/Management: Unlimited or high limits (flexible work environment needed)
  • External partners/contract workers: 5~10 items (limited access recommended)

Monitoring Method

  • Session ManagementCheck the real-time screen usage status in the tab.
  • Excessive Screen User Identification and Policy Adjustment
  • Regular Policy Effectiveness Review