Manualshelf

Software User Manual

ManualsBrandsHP ManualsStorage3PAR Policy Manager
21222324252627282930
Assigning Access Rights
After setting an action and its permission, you assign it an access right. An access right specifies
how you want the individual devices to handle the related permission. There are three types of
access rights:
Always Allow - the Secure Service Custodian can execute these permissions without asking
for approval or sending the action information to Policy Manager. To see which actions of
Always Allow rights were performed on a device, refer to the device's log file.
Ask for Approval - the Custodian forwards the action and its parameters to Policy Manager
for approval, as well as a status message to the Enterprise server. When Policy Manager
receives the action, it sends an Email to the address specified for the device's policy and then
stores the action request in the Pending Requests queue. The action request remains shown in
the Pending Request page until it is approve or denied, or it times out. If timed out, the action
is denied and needs to be re-requested, if desired, and a message is logged to the Policy
Manager audit log.
If approved or denied, the action request is removed from the Pending Requests page. A
message regarding the approval or denial is logged to the Policy Manager audit log. Policy
Manager sends its response (accept or deny) to the device. The device sends another status
message to the Collector Server to identify whether the action request was approved or denied.
If the action request was approved, the device then processes the action.
Never Allow - the Custodian will not execute these permissions and will send information for
these requests to Policy Manager only when Never Allow actions are requested from the
Enterprise server. To see which device-initiated actions of Never Allow rights were denied on
a device, you need to refer to the device's log file.
To assign an access right to an action:
1. In the Access Right column on the View or change the policy settings for <Group Name> page,
click the access right list for the action you wish to assign an access right.
Figure 23 Selecting an Access Right
2. Select the appropriate access right.
3. Repeat step 1 and step 2 as necessary.
4. Click Done on the lower right-hand corner of the Policy tab.
5. When prompted for confirmation of the changed policy, click OK.
The View or change the policy settings for <Group Name> page refreshes and displays the
newly set access right(s).
Software Management Package Access Rights
Software management packages are NOT broken into components. This can lead to actions being
performed on a device without consent. For example, if a Run Script action has a Never Allow
30 Using HP 3PAR Policy Manager