.. _policies:

========
Policies
========

Starting with LinOTP version 2.3 also policies for users and administrators are supported. There are two different
policy types. The first policy type is for users connecting to the Selfservice Portal. This way it is possible to
define, which user from which realm is allowed to perform which action within the Selfservice Portal. The other
policy type is for administrators managing the tokens. This way it is possible to define, that an administrator is only
allowed to manage tokens within a certain realm. A policy consists of the values:

``Active``
    If you want to turn off a certain policy, you do not need to delete the policy
    but you can mark the policy inactive.

``Policy name``
	This is the name, just to identify the policy.

``Scope``
    This is the scope, for which the policy is defined. Valid scopes are selfservice, admin, system and enrollment etc.

``Action``
    This is the action, which means, if this policy is valid for a certain user, the user will be allowed to do this. Several comma separated actions may be entered here.

``User``
   This is the username, for whom this policy will be valid. Several comma separated username may be entered here.
   For more information see :ref:`users_in_policies`.

``Realm``
	This is the realm, for which the policy is defined.

``Client``
   The client IP or subnet for which this policy is defined.
   For more information see :ref:`clients_in_policies`.

``Time``
     N/A


.. toctree::
   :maxdepth: 2

   admin
   audit
   authentication
   authorization
   enrollment
   notification
   gettoken
   ocra
   reporting
   selfservice
   system
   users-in-policies
   clients-in-policies
   policy-checker
   import-export
   best-practice