Create a Smart Rule and Assign Policy in BeyondInsight

After you have added and uploaded a policy to BeyondInsight from the Policy Editor, log in to your BeyondInsight instance to create Smart Rules and assign policies for assets and users.

If BeyondInsight and Privilege Management for Mac are successfully communicating, the Endpoint Privilege Management option becomes available under Menu > Assets.

Create a Smart Rule for Assets

Image of the BeyondInsight Home page

  1. In your BeyondInsight instance, click on Assets.

 

  1. Click Manage Smart Rules.
  2. Click New.

Image of the New Smart Rules page

  1. From the Smart Rules Manager for Assets dialog, type a name for the Smart Rule.
  2. Check Active.
  3. From the Category dropdown, select Assets and Devices.
  4. Enter a description, if needed.
  5. In the Asset Selection Criteria section, design a query to pull in the assets you wish to assign policy to.

 

For this example, we can narrow down the results of our query to locate our test system, NN-1K12RBR. Choose Match ALL Criteria. Select Asset fields > Asset Name > contains > NN-1K12RBR.

  1. From the Perform Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  2. Click the .. button.
  3. Select an option from the policy you uploaded from Privilege Management for Mac .
  4. Click Save.

For more information about creating and organizing Smart Rules, please see Use Smart Rules to Organize Assets in the BeyondInsight User Guide.

Create a Smart Rule for Users

Image of the Policies card

  1. In your BeyondInsight instance, click on Policies.

 

  1. Click Manage Smart Rules.
  2. Click New.

Image of the Policy Users selection

  1. From the Smart Rules Manager for Assets dialog, type a name for the Smart Rule.
  2. Check Active.
  1. From the Category dropdown, select Policy Users.
  2. Enter a description, if needed.
  3. In the Selection Criteria section, design a query to pull in the users you wish to assign policy to.
  4. Click the .. button to build your query.
  5. When finished, click Save.
  6. From the dropdown, choose the query.
  7. Check Discover Users.
  8. From the Perform Actions section, choose the policy users and policies you wish to apply. Order policies as needed.
  9. Select Show as Group.
  10. Click OK.
  11. Click Save.

For more information about managing policies for EPM, please see Manage User Policies in the BeyondInsight User Guide.

Grant Users Permissions to Log in to the Policy Editor

If you would like to grant additional users access to log in to the Policy Editor, read and write access needs to be included on the Privilege Management for Mac assets. This access is included by including permissions in the Smart Rule.

  1. On the BeyondInsight Home page, click Configuration.
  2. On the Configuration grid, select Role Based Access > User Management.
  3. Locate the group you wish to edit and click the vertical ellipsis button to the far right.
  4. Select View Group Details.
  5. In the Group Details pane, click Smart Groups.
  6. In the Smart Groups Permissions pane, select the appropriate Smart Group.

An example of a Smart Group

  1. Click either the vertical ellipsis button to the far right or the Assign Permissions button at the top of the list.
  2. Click Assign Permissions Full Control.