# Global Policies
The **Policies** tab is used to customize policies at a global level. The pre-defined deployment firewall rules that are listed can be customized as per your requirement using this tab. The severity, action and status of the rule can be changed as needed. The changes made in the rules are reflected across all the applications connected to Delivery Shield.
### To View the Rules:
Navigate to **Policies** tab. The Rules Config details page is displayed. The top panel displays the various stages such as **Source**, **Build**, **Artifact** and **Deploy**.
On clicking each stage, the corresponding rules are displayed.
The following details of the rules are displayed after the panel:
* **Rule :** Displays the name of the rule.
* **Tag :** Displays the related tags for the rule. The tags indicate to which security framework the rules are complied with. You can also add [user-defined tags](#to-add-tags).
* **Stage :** Displays the stage for which the rule is created.
* **Category :** Displays the category of the rule.
* **Severity :** Displays the severity or impact of the rule namely **Major**, **Critical** or **Normal.**
* **Action :** Displays whether the rule displayed is set as an **Alert** or **Prevent.** If the action is set to alert, when the rule fails an alert is generated but the deployment succeeds. Similarly, if the action is set to prevent, when the rule fails the deployment will be blocked and an alert will be generated.
* **Description :** Displays the description of the rule.
* **Status :** Displays whether the rule is enabled or disabled. You can **Enable** or **Disable** the rule for the selected application by clicking the **Status** radio button. If the rule is enabled, the status button is green in color.
### To Customize the Rules:
The displayed rules can be customized as per your requirement. The **Severity** and **Status** field for an individual rule or a set of rules can be customized.
#### To Customize Individual Rules
* Select the rule for which you wish to change the severity or status field.
* Click the **Severity** drop down to change the severity of the rule and **Action** drop down to change the rule to be an alert or prevent.
* Click **Save Changes** to save the modifications. A popup appears.
* Choose **New Applications** to apply this change for the newly added applications. ( The changes will reflect to the applications that are added after the modifications are saved only).
* Choose **Both Existing and New Applications** to apply this change to existing applications as well as newly added applications.
* Click **Save Changes**. The changes to the rules are saved.
#### To Customize a Set of Rules
* Click **Bulk Edit**.
* Select the rules you need to modify.
* Click the **Update Action** drop down to change the action of the rule.
* Click the **Update Status** drop down to change the status of the rules. Select **Enable All** to enable the selected rules and **Disable All** to disable the selected rules.
* Click **Save Changes** to save the modifications. A popup appears.
* Choose **New Applications** to apply this change for the newly added applications. ( The changes will reflect to the applications that are added after the modifications are saved only).
* Choose **Both Existing and New Applications** to apply this change to existing applications as well as newly added applications.
* Click **Save Changes**. The changes to the rules are saved.
### To Add Tags:
You can add your customized tags to the **Tags** column.
* Select the rule for which you want to add tags.
* Click the tags as the arrow indicates in the image below:
* A popup to add tags is displayed. Add the required tag in the **Add a Tag** column.
* A message as shown in the image below appears once you add a tag.
* Press **Enter**. The tag gets added and a message **(Successfully saved)** is displayed as shown below:
* To delete the added tags, click on the space near the tags. The popup appears listing the available tags.
* Click on the '**x'** mark provided near the added tags.
* The tag gets deleted and a message **(Successfully unassigned)** is displayed as shown below:
{% hint style="info" %}
Only user defined tags can be deleted.
{% endhint %}
{% hint style="info" %}
The **Severity** and **Action** of the rules can only be changed at the global level. Enabling or disabling individual rules for specific applications and environments can be done at each application level. Refer [Policies](https://docs.opsmx.com/opsmx-delivery-shield-platform/user-guide/view-security-posture/application-security-posture/policies) for more details.
{% endhint %}
### Smart Search
The smart search option available in this page, helps you to search the available **Rules** based on Action, Severity, Stage, Status, Policy and Tags.
The following example shows how to search for rules based on Tags.
* Select **Tags** from the search drop down**.** The various tags that are available are displayed. Select the checkbox near the tag for which you want to filter the assigned rules.
* The rules associated with the selected tags are displayed.
### Sync Policies
The Sync Policies option is a feature added to the page. This option allows users to create user-defined rules. To create user rules, you need to integrate **Custom Policy Source** in Delivery Shield, as shown below:
### To Integrate Custom Policy Source
To Integrate Custom Policy Source:
1. Navigate to **Config** > **Integrations**.
2. In the **Others** panel, click on **Custom Policy Source**.
3. The **Custom Policy Source** integration page is displayed.
4. Enter the **Repo URL & Path** and **Token** value of your custom policy source account.
3. Click **Save**. The tool is integrated.
4. You can edit the entered values by clicking the **Edit** option as shown below:
7. Enter the new **Repo URL & Path** and **Token** value and click **Update**.
The new values get updated.
### To Create Rules:
Go to your Github path that was added to the Delivery Shield secret. Create the required rule with the following fields as given below:
* **Rule name**: The name of the created rule.
* **Rule Severity**: The severity of the rule, namely: Low, Medium, and High.
* **Rule Action**: The rule type, Alert or Prevent.
* **Rule Description**: A description of the created rule.
* **Variables**: The set of system defined values used to validate the policy. For example: github\_repo\_visibility
* **Rule Stage**: The stage in which the rule needs to be applied, namely: Source, Build, Artifact and Deploy, .
* **Rule**: The rule script, ( a rego-based script).
{% hint style="info" %}
Rego is a query language used for defining policy that is easy to read and write. See [Policy Language](https://www.openpolicyagent.org/docs/latest/policy-language/) for more details.
{% endhint %}
The rule gets added. You can create any number of rules.
A sample user defined policy or rule is given below. This rule indicates that the github repository should not be publicly visible and also public repositories should not be allowed.
```
ruleName: Github Repo Visibility Validation Policy
ruleSeverity: Medium
ruleAction: Alert
ruleDescription: Github Repository must not be publically visible
variables: github_repo_visibility
ruleStage: Source
rule: |
package opsmx
deny[msg] {
checkvisibility := inpu.github_repo_visibility
checkvisibility == "public"
msg + "Public repositories are not allowed"
}
```
#### To Access the User-Defined Rules:
The created rules need to be synced in order to be applied in the deployment stages. Follow the steps provided below to sync the created rules:
* Navigate to **Deployment Firewall** > **Rules Config**.
* Click the **Sync Policies** option present at the top right corner of the **Rules Config** page.
* The **Sync Policies** page is displayed with the list of policies created by the user.
* Click **Sync**. The user-defined rules get synced and gets added to the rule list.
If there are any errors in the values added to the fields, the rules cannot be synced and shows sync error as shown below:
A tag named **User Defined Policies** is added to the Tags column once the user defined rules are synced. You can search for the rules using this tag option.
{% hint style="info" %}
The user-defined rules can only be edited in the source git repository. Sync the rules to update the changes.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.opsmx.com/opsmx-1/opsmx-delivery-shield-platform/user-guide/manage-policies/global-policies.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.