Policies Window

Concept

The policies window displays each policy on the KeyServer, as well as a summary of current configuration and usage.

Policies are defined by administrators, in order to configure what happens with usage of programs within a product. A policy can have an action of Log, Deny, or Control. For a Control Policy, it can impose usage limits and access restrictions on a product (which is comprised of a program or group of programs). Most importantly, a policy can enforce a purchased number of entitlements. However, policies can also restrict who uses products, when, and for how long.

A default policy (KeyVerify Policy) is created at installation. All other items in this window are defined and maintained strictly through KeyConfigure. Unlike the Computers, Programs, and Connected Clients Windows, items are never automatically added to the Policies window, regardless of user activity.

In many cases, a product will be controlled by a single policy. Conversely, this policy will control only that one product. However, a product can be controlled by multiple policies, and similarly, a policy can control multiple products. The most common reason to have two policies for a single product is to Control the product for computers within a certain scope while ignoring, Logging, or Denying it on other computers. For more about Scope, see the Policy Details Window documentation.

In short, a policy can be thought of as a particular set of access and usage rules being applied to one or more items in the Products Window. When a user attempts to run a program which is part of a product, each policy which controls the product is used to determine whether the program launch will succeed.

Policies Window

Columns

The columns in the Policies Window give you a simple overview of all policies. They show the most basic configuration options, as well as a summary of the current usage. Additional columns can be added to the Policies window by right-clicking a column header and selecting “Customize Columns”. Of the default columns, only Name applies to all Policies with all Actions. The rest are only used for Control Policies.

• The Issued column shows how many copies of the policy have been issued. This is the number which is checked against the policy limit. For a Concurrent policy, it is the same as the In Use count. It is blank if no copies are allocated.
• The In Use column shows how many copies of the policy are currently in active use. It is blank if no copies are in use.
• The Waiting column is blank unless at least one user is queued and waiting for a license from the policy to become available, so that they can run a program which is in a product controlled by this policy.
• The Limit column shows the total number of entitlements which are managed by this policy. If the policy is a Node-Locked policy, a computer icon appears to the right of the number. A Lease policy also has an icon which appears in this column - a computer overlaid with a stopwatch.
• The Name column shows the name which has been chosen for this policy. For policies which control a single product, this is usually the product name, plus the word “Policy”.

Creating Policies

One way to create a new policy is to drag a product from the Products Window into the Policies Window. You can also right-click in the Policies Window and select Create New Policy, in which case you can associate a Product with the Policy after it has been created. Alternatively, if you have entered information for the purchase of the product before adding a Policy to manage the policy, you can use the purchase record to create a new Policy according to the Rights & Conditions defined in the purchase record.

Modifying Policies

Most policy parameters are modified from the Policy Details Window (double click on a particular policy) but some drag actions are also supported.

• Additional products can be placed under the control of an existing policy simply by dragging an item from the Products window onto a particular policy item in the Policies window – the policy will immediately impose control on the product without a confirming save dialog. Use this procedure to easily aggregate several products under the control of a single policy. Note however that it will be more common to aggregate several programs into a single "suite" product, and then create a policy which still controls a single product.

Context Menu Actions

Right-clicking on a Policy in the Policies window allows you to Reconcile or Edit Permissions. Additionally, you will see a list of reports that can be run on that policy.

• Reconcile will bring up a window that lists purchases vs policies for the product controlled by the particular product you right-clicked. For more on this see the Reconcile Product documentation.
• Edit Permissions allows permissions for this particular policy to be specified on an administrator by administrator or role by role basis.

Right-clicking anywhere else in the policies window allows you to create a New Policy....

Drag and Drop Actions

Policies in the Policies Window can be Dragged and Dropped into the policies list in the Policies pane of a product details window. This sets the product so that it is controlled by the policy.