HP 3PAR StoreServ 7200 2-node HP 3PAR Policy Server Administrator's G - Page 36
Filter Evaluation, Policy Server application.
View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
If the permission inherited filters from the parent asset group or if another filter was applied directly to this permission for this asset group, you will receive a warning when you try to apply other filters. This warning tells you that you will lose all other applied filters. If only the default filter is shown for the permission, then you will not see this warning. The default filter is always preserved. If the Access Right field is disabled (dimmed), this permission is locked at a higher level. The name of the parent asset group where the permission is locked appears in the Inheritance column. For more information about creating, editing, deleting, and assigning filters, refer to the online help for the Policy Server application. Filter Evaluation Filters are always evaluated in the order in which they appear in the Assigned Filters window (which is the order you assign them), from first to last. There is an implicit OR operator between filters. Evaluation stops when a filter in the list is matched. A filter match means that the Agent gateway or Policy Agent was able to match both the expression and the time attribute of the filter to an incoming user request. An implicit AND operator exists between the filter's expression and time window. When an Agent evaluates a filter, both the associated expression AND the Time Window must match before the filter is considered a match and the requested action is allowed. That is, a filter is a match if and only if the attributes of the incoming user (userId and enterpriseId) match the filter's expression AND the user is requesting the action within the Time Window associated with the filter. When a filter has no explicit expression or Time Window, the filter has no restrictions with regard to the user making the request or the time of the request. A filter with an empty expression matches all users and a filter with an empty time window matches at all times. Note: A Time Window is not associated with any particular time zone. When evaluating the filter, the Agent uses its system clock. For more details, refer to the topic, "Evaluation of filters in different time zones," in the online help for the Policy Server application. For more information about filter evaluation, refer to the online help for the Policy Server application. HP 3PAR Policy Server 4-6