Manualshelf

Service Processors

ManualsBrandsHP ManualsStorage3PAR
51525354555657585960
7.12
Working in the Policy Tab
3PAR Secure Service Policy Manager User’s Guide
7.2.4 Assigning Access Rights
After setting an action and its permission, you assign it an access right. An access right specifies
how you want the individual devices to handle the related permission. There are three types of
access rights:
Always Allow - the Secure Service Custodian can execute these permissions without
asking for approval or sending the action information to Policy Manager. To see which
actions of Always Allow rights were performed on a device, refer to the device's log file.
Ask for Approval - the Custodian forwards the action and its parameters to Policy
Manager for approval, as well as a status message to the Enterprise server. When Policy
Manager receives the action, it sends an Email to the address specified for the device's
policy and then stores the action request in the Pending Requests queue. The action
request remains shown in the Pending Request page until it is approve or denied, or it
times out. If timed out, the action is denied and needs to be re-requested, if desired, and a
message is logged to the Policy Manager audit log.
If approved or denied, the action request is removed from the Pending Requests page. A
message regarding the approval or denial is logged to the Policy Manager audit log. Policy
Manager sends its response (accept or deny) to the device. The device sends another status
message to the Collector Server to identify whether the action request was approved or
denied. If the action request was approved, the device then processes the action.
Never Allow - the Custodian will not execute these permissions and will send information
for these requests to Policy Manager only when Never Allow actions are requested from
the Enterprise server. To see which device-initiated actions of Never Allow rights were
denied on a device, you need to refer to the device's log file.
To assign an access right to an action:
1 In the Access Right column on the View or change the policy settings for <Group
Name> page, click the access right list for the action you wish to assign an access right.