Manualshelf

HP 3PAR Policy Server Administrator's Guide (QR483-96003, December 2012)

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
31323334353637383940
HP 3PAR Policy Server 4-3
Access Rights
After creating a permission, you can assign it a different access right than the default (for the most part, Ask
for Approval) and you can create filters for the permission. These filters are optional but all permissions
have at least the default filter, which consists of a single access right. An access right specifies how you
want the individual assets to handle the related action. Three access rights are available:
Always Allow – the Agent can execute the action without asking for approval or sending the action
information to Policy Server. To see which actions of Always allow rights were performed on an
asset, refer to the log file of the Agent running on the asset.
Ask for Approval – the default access right for any new permission and for most permissions in the
Global asset group when you first start a Policy Server. When you select this access right, the Agent
forwards the action and its parameters to Policy Server for approval, and sends a status message to
the HP 3PAR Enterprise Server. When it receives the request for approval, Policy Server sends an e-
mail to the address specified for the asset group to which the related asset belongs and then stores
the action request in the Pending Requests queue. The action request remains in the Pending
Request page until it is approved or denied, or until it times out. The timeout period is 60 minutes by
default. However, you can change the timeout for each action. If a pending request times out, the
action is denied and needs to be requested again and a message is written to the audit log of the
Policy Server.)
When approved or denied, the action request is removed from the Pending Requests page. A
message regarding the approval or denial is written to the audit log of the Policy Server. Policy
Server sends the response (accept or deny) to the Agent running on the asset. The Agent sends
another status message to the HP 3PAR Enterprise Server to identify whether the action request was
approved or denied. If the action request was approved, the Agent then processes the action.
Note: Pending requests for remote sessions are tracked in the Remote Sessions tab as well as in the
Pending Requests tab. If a remote session is denied, the request is removed from the Pending Requests
tab but not from the Remote Sessions tab.
Never Allow the Agent will not execute the action and will send information about requests for an
action with this access right to Policy Server only when Never Allow actions are requested from the
HP 3PAR Enterprise Server. To see which asset-initiated actions of Never Allow rights were denied
on an asset, refer to the log file of the Agent running on the asset.
Important! Due to the frequency of requests for the following actions, these actions do NOT support the
Ask for Approval access right nor do they support filters: Set Time, Data Item Values, Alarms, Event,
and Email. If you apply a filter to one of these actions, it will not have any effect.