Create a Smart Rule and Assign Policy in BeyondInsight

After you have added and uploaded a policy to BeyondInsight from the Policy Editor, log in to your BeyondInsight instance to create Smart Rules and assign policies for assets and users.

If BeyondInsight and Privilege Management for Mac are successfully communicating, the Endpoint Privilege Management option becomes available under Menu > Assets.

Create a Smart Rule for Assets

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Click Create Smart Rule +.

Create an Asset Smart Rule in BeyondInsight to deploy endpoint privileged management policies.

  1. From the Category dropdown, select Assets and Devices.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a query to create a list of assets you wish to assign policy to.

For this example, we can narrow down the results of our query to locate our test system, NN-1K12RBR. Choose to match ALL criteria and select Asset fields > Asset Name > contains > NN-1K12RBR.

  1. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  2. Click Select Policies for Deployments.
  3. The Endpoint Privilege Management policies you uploaded from Privilege Management for Mac are listed. Click + to add the policy, and then click Accept Changes.
  4. Click Create Smart Rule.

 

For more information about creating and organizing Smart Rules, please see Use Smart Rules to Organize Assets in the BeyondInsight User Guide.

Create a Smart Rule for Policy Users

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Select Policy User from the dropdown.
  3. Click Create Smart Rule +.

Create a Policy Users Smart Rule in BeyondInsight to deploy endpoint privileged management policies.

  1. From the Category dropdown, select Policy Users.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a directory query to create a list of users you wish to assign policy to.
  4. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  5. Click Select Policies for Deployments.
  6. The Endpoint Privilege Management policies you uploaded from Privilege Managementfor Mac are listed. Click + to add the policy, and then click Accept Changes.
  7. Click Create Smart Rule.

 

For more information about managing policies for EPM, please see Manage EndPoint Privilege Management Policies in the BeyondInsight User Guide.

Grant Users Permissions to Log in to the Policy Editor

If you would like to grant additional users access to log in to the Policy Editor, read and write access needs to be included on the Privilege Management for Mac assets. This access is included by including permissions in the Smart Rule.

  1. From the homepage in your BeyondInsight instance, click Configuration.
  2. Under Role Based Access, select User Management.
  3. Locate the group you wish to edit and click the vertical ellipsis button to the far right.
  4. Select View Group Details.

Screenshot of assigning permissions to a Smart Group in BeyondInsight.

  1. In the Group Details pane, click Smart Groups.
  2. In the Smart Groups Permissions pane, select the appropriate Smart Group.
  3. Click Assign Permissions above the grid.
  4. Select Assign Permissions Full Control.