# カスタムポリシータイプ

<figure><img src="/files/Men8WaNXrilZLCzAIKXV" alt=""><figcaption></figcaption></figure>

**カスタム**ポリシーは、標準のポリシー分類に当てはまらない用途向けです。社内の特殊なワークフロー、外部連携、カスタム評価など、実装ごとに形が決まるケースで使います。

***

### 手順: カスタムポリシーの作成 (高度なJSONから)

{% stepper %}
{% step %}
**エンドポイント特権マネージャー** → **\[ポリシー]** に移動

<figure><img src="/files/uq52MPoT1AUq5wcPGC2u" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**\[ポリシーの作成]** ボタンをクリック

ポリシー作成用のモーダルが開きます。

<figure><img src="/files/Hn1TQcU2TBuyR6pPYuN9" alt="" width="375"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**ポリシー属性の定義**

新しいポリシーには、適切で分かりやすい名前を付けます。

新規ポリシーでは、UIに表示されている**既存のポリシータイプのいずれか**を選びます (あくまで作成時のテンプレートであり、**カスタム**は後述のJSONで指定します)。

ステータスを選びます。初めてポリシーを用意するときは、**監視**を推奨します。

**\[コントロールを追加]** ボタンをクリックしてコントロールを1つ以上追加し、新しいポリシーに含めたいコントロールを選びます。

ユーザーグループ、マシンコレクション、アプリケーションコレクションを指定します。
{% endstep %}

{% step %}
**ポリシーの適用対象の設定**

UIで、コレクション/ユーザー/マシン/アプリ/プラットフォームなどから、必要な **適用対象** を設定します。ポリシーの適用先を決めます。
{% endstep %}

{% step %}
**Advanced Mode** (JSONビュー) を開く

ポリシーフォーム左下の **\[Advanced Mode]** のリンクをクリックして開きます。

<figure><img src="/files/NgeQ2U57RyINTbb1KkEx" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**JSONでポリシータイプを再定義**

`PolicyType` を **`"Custom"`** に設定します。
{% endstep %}

{% step %}
**カスタムフィールドの追加**

社内の連携や評価処理が想定するフィールドを、必要なだけJSONに追加します (置き場所や形は実装依存です)。
{% endstep %}

{% step %}
**ポリシーを保存**
{% endstep %}
{% endstepper %}

### 重要な注意

「Custom」は、以下の内容を明示的に公開しない限り、ドキュメント上では意図的にスキーマを定義しない形式としています。

* 必須のJSONスキーマおよびキー
* ポリシーを解釈するコンポーネント
* 適用結果を検証する方法 (利用者向けの手順)

***

## JSONの例

## 例1: カスタムポリシー (ベースライン許可)

組み込みルールで条件がそろったら一致とみなし、MFA・正当化・承認は求めないときの例です。

```
{
  "PolicyName": "Custom - Baseline Allow",
  "PolicyType": "Custom",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "ALLOW"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A custom policy matched and allowed this action.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 25,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    },
    {
      "RuleName": "ApplicationCheck",
      "ErrorMessage": "This application is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckFile(false)"
    },
    {
      "RuleName": "DateCheck",
      "ErrorMessage": "Current date is not covered by this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckDate()"
    },
    {
      "RuleName": "TimeCheck",
      "ErrorMessage": "Current time is not covered by this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckTime()"
    },
    {
      "RuleName": "DayCheck",
      "ErrorMessage": "Today is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckDay()"
    },
    {
      "RuleName": "CertificateCheck",
      "ErrorMessage": "Certificate hash is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckCertificate()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {}
}
```

***

## 例2: MFA・正当化・承認が必要なカスタムポリシー

`Actions.OnSuccess.Controls` と同じ考え方で、成功時に実行するコントロールを複数指定します。

```
{
  "PolicyName": "Custom - Require MFA + Justification + Approval",
  "PolicyType": "Custom",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "MFA",
        "JUSTIFY",
        "APPROVAL"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "This custom policy requires MFA, justification, and approval before continuing.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 75,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    },
    {
      "RuleName": "ApplicationCheck",
      "ErrorMessage": "This application is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckFile(false)"
    },
    {
      "RuleName": "DateCheck",
      "ErrorMessage": "Current date is not covered by this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckDate()"
    },
    {
      "RuleName": "TimeCheck",
      "ErrorMessage": "Current time is not covered by this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckTime()"
    },
    {
      "RuleName": "DayCheck",
      "ErrorMessage": "Today is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckDay()"
    },
    {
      "RuleName": "CertificateCheck",
      "ErrorMessage": "Certificate hash is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckCertificate()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {}
}
```

***

## 例3: カスタムペイロード付きのカスタムポリシー (プラグイン/連携向け)

他のポリシーと同じJSONの骨組みのまま、`Extension` に連携用のペイロードを載せる例です。プラグインや外部システムがここを読み取ります。

```
{
  "PolicyName": "Custom - Integration Payload",
  "PolicyType": "Custom",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "ALLOW"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "Custom policy payload published for integration consumption.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 30,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    },
    {
      "RuleName": "ApplicationCheck",
      "ErrorMessage": "This application is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckFile(false)"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "Schema": "com.company.integration.v1",
    "Mode": "monitor",
    "Endpoint": "https://integration.example/api/decision",
    "TimeoutSeconds": 10
  }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/jp/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/custom-policy-type.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.