Skip to main content

Reference articlePolicies (Conditions of Use for Enclaves) User Guide

  • Updated

Policies (Conditions of Use for Enclaves) User Guide

Introduction

A Tehama policy, sometimes referred to as an "access policy", describes the "conditions of use" that an organization and its users need to meet to gain access to an Enclave and any assets contained within it.

A policy can be assigned to an organization within an Enclave, to act as the "conditions for use" of that Enclave for that organization. Different policies may be assigned to each organization in a Enclave.

At this time policies are somewhat limited, but conceptually they let you remind users of the rules they need to follow in order to work in the Enclave and gain access to your resources.

Policies are owned by an organization. When an organization invites another organization to access a Enclave, it assigns a policy for that organization under which access to the Enclave is authorized. Different access policies may be specified for each organization invited to a Enclave.

All users of the Enclave will have to accept the policy assigned to their organization before accessing the Enclave. If the policy is changed, or a new policy is assigned for the organization, they will again be asked to accept the policy.

Policy components

A policy has two components.

  • Terms of use - a statement that users must agree to before proceeding
  • Conditions of access - access requirements

The terms of use is a statement that users must agree to before proceeding to work in the Enclave. For example: "All work conducted on this platform is the property of the Company."

The conditions of access, the access conditions, let you specify rules that are enforced by Tehama and must be met by users of the organization to which the policy is assigned in order for them to work in the Enclave.

Access conditions that can be set are:

  • Country of Citizenship: Lets you specify through inclusion or exclusion any restrictions on the citizenship of members of the Enclave. Citizenship is matched against the "Country of Citizenship" field in the Tehama user profile of the member.
  • Location: Lets you specify through inclusion or exclusion any restrictions on the location of members of the Enclave. Location is matched against the "Country" field in the Tehama user profile of the member.

Policy states

A policy has two states:

  • Draft
  • Published

When you first create the policy, it is in a draft state. It will remain in a draft state until you publish it.

NOTE: Only the published version of the policy can be applied as a condition of use to organizations in Enclave.

Once a policy has been published, you can edit it to create a new draft version. The new version will not be applied to organizations in Enclave, as a condition of use, until it has been published (superseding the previously published version).

The PUBLISH functionality provides you with the ability to safely edit the policy without impacting the access to an Enclave of organizations which currently have this policy as a condition of use in the Enclave.

View a policy/condition-of-use defined in your organization

Only the Org Admin user and Org Managers of an organization can view the policies defined and managed by the organization. Check the description of your custom role, to see if you can view the polices.

The list of Tehama policies, created by your organization and used as 'conditions of use' for organizations in Enclaves owned by your organization, is available in the Tehama Web UI. The Org Admin user and Org Managers of your organization can view the policies from the organization's CONDITIONS OF USE page under the ORGANIZATION page.

To view the list of policies defined in your organization:

  1. Log in to the Tehama Web UI.
  2. Click on the ORGANIZATION tab in the navigation bar.
  3. Click on the CONDITIONS OF USE sidebar item. You will see a list of all the policies defined for your organization.

Each entry contains the name of the policy and the number of Enclaves in which it is currently assigned to at least one organization.

To view a policy defined in your organization:

  1. Log in to the Tehama Web UI.
  2. Click on the ORGANIZATION tab in the navigation bar.
  3. Click on the CONDITIONS OF USE sidebar item. You will see a list of all the policies defined for your organization.
  4. Click on the name of the policy in the list of policies. You will see the viewing page for that policy.

The viewing page for a policy contains three sub-pages:

  • Click on the Terms of use header item to view the terms of use. 
     
  • Click on the Conditions of access header item to view the access conditions. 
     
  • Click on the Reference header item to view the list of Enclaves in which the policy is currently assigned to at least one organization. (You can also access this page directly from the entry for the policy in the list of policies by clicking on the number of Enclaves in the entry.) Click on the name of a Enclave to see the list of organizations in the Enclave that the policy is assigned to (as a 'condition of use').

Create a policy/condition-of-use

Only the Org Admin user and Org Managers in an organization can create policies for the organization. Check the description of your custom role, to see if you can perform this action.

Create a policy for your organization, to be used as a 'condition of use' for organizations in Enclaves owned by your organization.

  1. Log in to the Tehama Web UI.
  2. Click on the ORGANIZATION tab in the navigation bar.
  3. Click on the CONDITIONS OF USE sidebar item. You will see a list of all the policies defined for your organization.
  4. Click on the NEW button in the top right corner of the page. You will see the CREATE NEW POLICY dialog.
  5. Enter a name for the policy in the dialog.
  6. Click CREATE NEW POLICY in the dialog. You will be directed to the policy editor. 

    Your new policy will be in the 'Draft' state. It will remain in this state until you explicitly publish it. 
     
  7. Click on the Terms of use header item to edit the terms of use in the policy editor.
  8. Write the draft for your policy's terms of use in the text field.
  9. Click on the Conditions of access header item to edit the access conditions.
  10. Enter the criteria for access here. ('Country of Citizenship' and 'Location'. You can leave either or both of these fields blank, if desired.) These field match to the fields with the same name in the Tehama user profile

    You can go back and forth between the Terms of use and the Conditions of access until you are happy with the draft of your new policy. 
     
  11. Click PUBLISH in the top right corner of the page to publish your new policy. If you leave the policy editor without clicking publishing the policy, it will remain in the draft state. Attempts to assign it to an organization in a Enclave will fail with an error, until it is published. Resume editing your unpublished policy by clicking on its name in the list of polices under CONDITIONS OF USE.

Edit a policy/condition-of-use

Only the Org Admin user and Org Managers in an organization can edit policies for the organization. Check the description of your custom role, to see if you can perform this action.

Edit an existing policy owned by your organization.

Once a policy has been published, you can edit it. If it has been published, editing it will create a new draft version of the policy. The new version will not be applied to organizations in Enclaves, as a condition of use, until it has been published (superseding the previously published version).

The PUBLISH functionality provides you with the ability to safely edit the policy without impacting the access to a Enclave of organizations which currently have this policy as a condition of use in the Enclave.

  1. Log in to the Tehama Web UI.
  2. Click on the ORGANIZATION tab in the navigation bar.
  3. Click on the CONDITIONS OF USE sidebar item. You will see a list of all the policies defined for your organization.
  4. Click on the name of the policy in the list of policies. 

    If your policy has been published at least once, you will be directed to the viewing page for that policy, which will have an EDIT button. 

    If your policy has never been published, you will be directed to the policy editor immediately, showing the draft state of the policy. 
     
  5. Click on the EDIT button in the top right corner of the page (if necessary). You will be directed to the policy editor. 

    If a draft version of the policy already exists, that draft version of the policy is what you will be editing in the policy editor. 

    If there is no draft version of the policy, a new draft version of your policy will be created and that is what you will be editing in the policy editor. 

    The published version of the policy will continue to be the version used by the Enclaves in which it is assigned until you publish this draft. 
     
  6. Click on the Terms of use header item to edit the terms of use.
  7. Write the draft for your policy's terms of use in the text field.
  8. Click on the Conditions of access header item to edit the access conditions.
  9. Enter the criteria for access here. ('Country of Citizenship' and 'Location'. You can leave either or both of these fields blank, if desired.) These field match to the fields with the same name in the Tehama user profile

    You can go back and forth between the Terms of use page and the Conditions of access page until you are happy with this draft of your policy. 
     
  10. Click on the policy name at the top of the policy editor to edit the name.
  11. Type in the policy name field to change it. Leave the field by clicking outside it. Publishing the draft version of the policy will save your name change. 

    IMPORTANT - BEWARE: If you click the ENTER key on your keyboard while you are editing the policy name, the entire draft version of the policy will be published - just as if you clicked on the PUBLISH button, as detailed in part (a) of the next step. Only click the ENTER key in the policy name edit field, if you want to immediately publish the draft policy. 
     
  12. You now have two choices:
    • (a) Click PUBLISH in the top right corner of the page to publish this new version of your policy, (superseding the previously published version). All Room members in organization's that are assigned the policy will be required to re-accept the policy. If any are now in violation of the policy, they will lose access to the Room.
    • (b) Click BACK (or navigate away from the page in another way - without clicking on PUBLISH) to exit the policy editor while keeping the draft version of the policy, so you, or someone else in your organization, can continue editing it later.

Delete a policy/condition-of-use

Only the Org Admin user and Org Managers in an organization can delete policies from the organization. Check the description of your custom role, to see if you can perform this action.

Delete a policy as follows:

Note: If you delete a policy that is currently being used as a 'condition of use' for an organization in a Enclave, be aware that once the policy is deleted, the organization will no longer have this policy applied to them in the Enclave.

  1. Log in to the Tehama Web UI.
  2. Click on the ORGANIZATION tab in the navigation bar.
  3. Click on the CONDITIONS OF USE sidebar item. You will see a list of all the policies defined for your organization.
  4. Locate the entry of the policy to be deleted in the list.
  5. Select the entry by clicking on the checkbox to the left of the entry.
  6. Click the trash can icon trash can icon found at the bottom of the page. You will see the DELETE POLICY dialog. The dialog will list any organizations that currently use the policy as a 'condition of use' in a Enclave, along with a warning message that, once the policy is deleted, the organizations will no longer have this policy applied to them.
  7. Click DELETE.

View the policy/condition-of-use assigned to your organization in a Enclave

The Org Admin user, the Org Managers and all Enclave members from an organization in a Enclave can view the policy that has been set for the organization. Check the description of your custom role, to see if you can view the organization's policy in a Enclave.

View the name of the policy that has been set as the 'condition of use' for your organization in a Enclave as follows:

Note: Conditions of use for an organization in a Enclave can be viewed by all organizations in the Enclave, but they can only be set by the Enclave's connected organization.

  1. Log in to the Tehama Web UI.
  2. Click on the ENCLAVES tab.
  3. Click on the name of the Enclave you want to access. You will see the Enclave's interface. The tab you will see depends on the role you have within your organization.
  4. Click on the MEMBERS tab.
  5. Locate your organization name. The name of the policy will be visible adjacent to your organization name, prefaced by "Conditions of use:".

As an Enclave member, view the details of the policy (as many details that your role allows you to see) as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the ENCLAVES tab.
  3. Click on the name of the Enclave you want to access. You will see the Enclave's interface. The tab you will see depends on the role you have within your organization.
  4. Click on the CONDITIONS OF USE tab. You will see the name of the policy assigned to your organization in the Enclave and its terms of use. (You will automatically be directed to this tab to accept the policy, if you have not already done so, when you first attempt to access the Enclave's assets after the policy has been assigned or changed.)
  5. If you are the Org Admin user or an Org Manager of the Enclave's connected organization and also a Room member:
    • Click on the policy name to be redirected to a view the policy itself under the organization's ORGANIZATION page. (This is a shortcut for the steps outlined in the View a policy/condition-of-use defined in your organization section.)
    • From that page, you will be able to see the complete details of the policy, both the terms of use and the conditions of access.

Assign a policy/condition-of-use to an organization in a Enclave

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) in a Enclave's connected organization (owner+connected or connected-only) can assign/change the policy for an organization in the Enclave (including their own). Check the description of your custom role, to see if you can perform this action.

Note: Conditions of use for an organization in a Enclave can be viewed by all organizations in the Enclave, but they can only be set by the Enclave's connected organization.

Assign a policy as a 'condition of use' for an organization in a Enclave, or change the current assignment, as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the ENCLAVES tab.
  3. Click on the name of the Enclave you want to access. You will see the Enclave's interface. The tab you will see depends on the role you have within your organization.
  4. Click on the MEMBERS tab.
  5. Locate the organization name. The policy will be visible adjacent to the organization name.
  6. Click on the policy name. You will see the ASSIGN CONDITIONS TO ROOM dialog.
  7. Select the policy you want to assign from the "Conditions of use" dropdown field. 

    View the policies you can choose from under your organization's CONDITIONS OF USE tab. (See the 'View a policy/condition-of-use defined in your organization' section above.) 

    If you want to remove the currently set policy without assigning another one, select the 'No policy' option. 
     
  8. Click ASSIGN.

All Enclave members in the organization will be required to accept the policy.

All Enclave members in the organization that are in violation of the policy's 'Conditions of access', will lose access to the Enclave.

Accept a policy/condition-of-use for an organization in an Enclave

All members of a Enclave can accept the current policy for their organization in the Enclave.

You are required to accept the policy that is currently assigned as the 'condition of use' for your organization in a Enclave in which you are a member, before you can access the Enclave or connect to your Desktop(s) in the Enclave.

You must re-accept the policy if it has been updated since the last time you accepted it.

You will be prompted to accept the policy when you try to connect, or when you try to work or access assets in the Enclave.

IMPORTANT: You will only be able to accept the policy if you meet the Conditions of access for the policy. If you do not meet the conditions, you will be considered to be in violation of the policy and be denied access to the Enclave and your Desktops in the Enclave.

Accept the policy , as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the ENCLAVES tab.
  3. Click on the name of the Enclave you want to access. You will see the Enclave's interface. The tab you will see depends on the role you have within your organization.
  4. Click on the CONDITIONS OF USE tab. You will see the name of the policy and its terms of use.
  5. Click I ACCEPT to accept the policy.

Policy/condition-of-use violation

If you see one of the following, you are in violation of the policy that has been assigned as the "conditions of use" for your organization in a Enclave:

- You see the **DENIED ACCESS** dialog, after attempting to connect to a Desktop in the Enclave. 

- You see the following banner: **Access to this Enclave has been denied due to policy violation. For further details please contact your organization administrator.**, after attempting to perform work through the Enclave's interface.

When you are in violation of the policy, you will be denied access to the Enclave and be unable to connect to your Desktops in the Enclave.

Contact your manager to determine the nature of the violation.

Related articles