What are Custom Access Policies (CAP's)?
Assume you are going to the movies to see a horror movie or some other age restricted showing. Before you are allowed to purchase a ticket, you may have to prove that you are of the correct age so that no rules are violated. The movie theaters policy is to verify this by your ID. If you are old enough, you are sold the ticket and you can now enter the Movie complex.
Now that you are inside, you have to visit a specific theater. However you must pass by the Ushers who check your ticket and direct you to the proper theater. You are not Allowed to go into another movie if you have not been authorized.
It is the role of the Usher that is performed by the CAP. Based on the ID that you supply to the Access Rule, the CAPs then determine what is and what’s not available to you based on that ID.
The Custom Access Policies (CAPs) in bt-WebFilter provide similar type of function. They allow the administrator the ability to control browsing (Access)in a number of different ways. The administrator can choose to deny all access except an approved list of URLs and/or Categories, or allow general web access but deny destinations deemed unsuitable for the workplace. Restrictions and Permissions can also be enforced or relaxed based on bandwidth usage, time allotment, time of day, IP Address, username, Active Directory Group, or any combination that is needed.
Custom Access Policies are based on 3 different Access Types:
- Permission – Denies all access to Web sites unless specifically allowed. When this option is chosen, any Custom Access Policies that are created and set to use the Default' option for the Individual Access Policy Type will take on this behavior for whatever is listed on the Apply To tab.
- Restriction – Denies access only to Web sites or Categories that are specified on the Custom Access Policies Deny tab when the CAP is using the Default policy settings under its Individual Access Type Properties page.
- Combination – This is a specialized policy type as it has characteristics of both Restriction and Permission. The basic function of the policy is as Permission in that users are denied access unless specifically allowed. However it also has the ability to Deny parts of Web sites or Categories that have been allowed. This allows you to have more control over Control List Categories at a policy level instead of modifying the contents of the Category itself.
Once you determine the type of CAP that you will be using, you can begin populating the Allow or Deny sections accordingly. Each Category or URL that you enter will also allow you to select a Schedule for when the CAP should be Active or Inactive.
Quotas can also be assigned to the CAP and have their own Schedule section. This allows you more granular control over the Access provided. For example, you may Allow access to some Social Networking related websites and may even use some for business activities. Others however are not used by the business. With the Quota Schedules, you can allow your Business to access the sites whenever they need however restrict non-business versions to a specific amount of bandwidth Daily and only during lunch and/or break periods.