HP 3PAR StoreServ 7200 2-node HP 3PAR Policy Server Administrator's G - Page 36

Filter Evaluation, Policy Server application.

Get HP 3PAR StoreServ 7200 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

If the permission inherited filters from the parent asset group or if another filter was applied directly to this permission for this asset group, you will receive a warning when you try to apply other filters. This warning tells you that you will lose all other applied filters. If only the default filter is shown for the permission, then you will not see this warning. The default filter is always preserved. If the Access Right field is disabled (dimmed), this permission is locked at a higher level. The name of the parent asset group where the permission is locked appears in the Inheritance column. For more information about creating, editing, deleting, and assigning filters, refer to the online help for the Policy Server application. Filter Evaluation Filters are always evaluated in the order in which they appear in the Assigned Filters window (which is the order you assign them), from first to last. There is an implicit OR operator between filters. Evaluation stops when a filter in the list is matched. A filter match means that the Agent gateway or Policy Agent was able to match both the expression and the time attribute of the filter to an incoming user request. An implicit AND operator exists between the filter's expression and time window. When an Agent evaluates a filter, both the associated expression AND the Time Window must match before the filter is considered a match and the requested action is allowed. That is, a filter is a match if and only if the attributes of the incoming user (userId and enterpriseId) match the filter's expression AND the user is requesting the action within the Time Window associated with the filter. When a filter has no explicit expression or Time Window, the filter has no restrictions with regard to the user making the request or the time of the request. A filter with an empty expression matches all users and a filter with an empty time window matches at all times. Note: A Time Window is not associated with any particular time zone. When evaluating the filter, the Agent uses its system clock. For more details, refer to the topic, "Evaluation of filters in different time zones," in the online help for the Policy Server application. For more information about filter evaluation, refer to the online help for the Policy Server application. HP 3PAR Policy Server 4-6

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
HP 3PAR Policy Server
4-6
If the permission inherited filters from the parent asset group or if another filter was applied directly to this
permission for this asset group, you will receive a warning when you try to apply other filters. This warning
tells you that you will lose all other applied filters. If only the default filter is shown for the permission, then
you will not see this warning. The default filter is always preserved.
If the Access Right field is disabled (dimmed), this permission is locked at a higher level. The name of the
parent asset group where the permission is locked appears in the Inheritance column.
For more information about creating, editing, deleting, and assigning filters, refer to the online help for the
Policy Server application.
Filter Evaluation
Filters are always evaluated in the order in which they appear in the Assigned Filters window (which is the
order you assign them), from first to last. There is an implicit OR operator between filters. Evaluation stops
when a filter in the list is matched. A filter
match
means that the Agent gateway or Policy Agent was able to
match both the expression and the time attribute of the filter to an incoming user request.
An implicit AND operator exists between the filter’s expression and time window. When an Agent evaluates
a filter, both the associated expression AND the Time Window must match before the filter is considered a
match and the requested action is allowed. That is, a filter is a match if and only if the attributes of the
incoming user (userId and enterpriseId) match the filter’s expression AND the user is requesting the action
within the Time Window associated with the filter.
When a filter has no explicit expression or Time Window, the filter has no restrictions with regard to the
user making the request or the time of the request. A filter with an empty expression matches all users and a
filter with an empty time window matches at all times.
Note: A Time Window is not associated with any particular time zone. When evaluating the filter, the
Agent uses its system clock. For more details, refer to the topic, "Evaluation of filters in different time
zones," in the online help for the Policy Server application.
For more information about filter evaluation, refer to the online help for the Policy Server application.