Create a Smart Rule and Assign Policy in BeyondInsight

After you have added and uploaded a policy to BeyondInsight from the Policy Editor, log in to your BeyondInsight instance to create Smart Rules to assign policies for assets and users.

If BeyondInsight and Privilege Management for Windows are successfully communicating, the Endpoint Privilege Management option becomes available under Menu > Assets.

Create a Smart Rule for Assigning Policies to Assets

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Click Create Smart Rule.

Create New Smart Rule to Assign Policies to Assets

  1. From the Category dropdown, select Assets and Devices.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a query to create a list of assets you wish to assign policy to.

For this example, we can narrow down the results of our query to locate our test system, NN-1K12RBR. Choose to match ALL criteria and select Asset fields > Asset Name > contains > NN-1K12RBR.

  1. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  2. Click Select Policies for Deployment.
  3. The Endpoint Privilege Management policies you uploaded from Privilege Management for Windows are listed. Click + to add the policy, and then click Accept Changes.
  4. Click Create Smart Rule.

 

For more information about creating and organizing Smart Rules, please see Use Smart Rules to Organize Assets in the BeyondInsight User Guide.

Create a Smart Rule for Assigning Policies to Users

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Select Policy User from the dropdown.
  3. Click Create Smart Rule +.

Create a new Smart Rule to assign policies to users.

  1. From the Category dropdown, select Policy Users.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a directory query to create a list of users you wish to assign policy to.
  4. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  5. Click Select Policies for Deployments.
  6. The Endpoint Privilege Management policies you uploaded from Privilege Managementfor Windows are listed. Click + to add the policy, and then click Accept Changes.
  7. Click Create Smart Rule.

 

For more information about managing policies for EPM, please see Manage EndPoint Privilege Management Policies in the BeyondInsight User Guide.

Grant Users Permissions to Log in to the Policy Editor

If you would like to grant additional users access to log in to the Policy Editor, read and write access needs to be included on the Privilege Management for Windows assets. This access is included by including permissions in the Smart Rule.

  1. From the homepage in your BeyondInsight instance, click Configuration.
  2. Under Role Based Access, select User Management.
  3. Locate the group you wish to edit and click the vertical ellipsis button to the far right.
  4. Select View Group Details.

Screenshot of assigning permissions to a Smart Group in BeyondInsight.

  1. In the Group Details pane, click Smart Groups.
  2. In the Smart Groups Permissions pane, select the appropriate Smart Group.
  3. Click Assign Permissions above the grid.
  4. Select Assign Permissions Full Control.