HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Administrator's G - Page 33

Access Rights, Always Allow, Ask for Approval, Never Allow

Get HP 3PAR StoreServ 7400 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

Access Rights After creating a permission, you can assign it a different access right than the default (for the most part, Ask for Approval) and you can create filters for the permission. These filters are optional but all permissions have at least the default filter, which consists of a single access right. An access right specifies how you want the individual assets to handle the related action. Three access rights are available: • Always Allow - the Agent can execute the action without asking for approval or sending the action information to Policy Server. To see which actions of Always allow rights were performed on an asset, refer to the log file of the Agent running on the asset. • Ask for Approval - the default access right for any new permission and for most permissions in the Global asset group when you first start a Policy Server. When you select this access right, the Agent forwards the action and its parameters to Policy Server for approval, and sends a status message to the HP 3PAR Enterprise Server. When it receives the request for approval, Policy Server sends an email to the address specified for the asset group to which the related asset belongs and then stores the action request in the Pending Requests queue. The action request remains in the Pending Request page until it is approved or denied, or until it times out. The timeout period is 60 minutes by default. However, you can change the timeout for each action. If a pending request times out, the action is denied and needs to be requested again and a message is written to the audit log of the Policy Server.) When approved or denied, the action request is removed from the Pending Requests page. A message regarding the approval or denial is written to the audit log of the Policy Server. Policy Server sends the response (accept or deny) to the Agent running on the asset. The Agent sends another status message to the HP 3PAR Enterprise Server to identify whether the action request was approved or denied. If the action request was approved, the Agent then processes the action. Note: Pending requests for remote sessions are tracked in the Remote Sessions tab as well as in the Pending Requests tab. If a remote session is denied, the request is removed from the Pending Requests tab but not from the Remote Sessions tab. • Never Allow - the Agent will not execute the action and will send information about requests for an action with this access right to Policy Server only when Never Allow actions are requested from the HP 3PAR Enterprise Server. To see which asset-initiated actions of Never Allow rights were denied on an asset, refer to the log file of the Agent running on the asset. Important! Due to the frequency of requests for the following actions, these actions do NOT support the Ask for Approval access right nor do they support filters: Set Time, Data Item Values, Alarms, Event, and Email. If you apply a filter to one of these actions, it will not have any effect. HP 3PAR Policy Server 4-3

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
HP 3PAR Policy Server
4-3
Access Rights
After creating a permission, you can assign it a different access right than the default (for the most part, Ask
for Approval) and you can create filters for the permission. These filters are optional but all permissions
have at least the default filter, which consists of a single access right. An access right specifies how you
want the individual assets to handle the related action. Three access rights are available:
Always Allow
– the Agent can execute the action without asking for approval or sending the action
information to Policy Server. To see which actions of Always allow rights were performed on an
asset, refer to the log file of the Agent running on the asset.
Ask for Approval
– the default access right for any new permission and for most permissions in the
Global asset group when you first start a Policy Server. When you select this access right, the Agent
forwards the action and its parameters to Policy Server for approval, and sends a status message to
the HP 3PAR Enterprise Server. When it receives the request for approval, Policy Server sends an e-
mail to the address specified for the asset group to which the related asset belongs and then stores
the action request in the Pending Requests queue. The action request remains in the Pending
Request page until it is approved or denied, or until it times out. The timeout period is 60 minutes by
default. However, you can change the timeout for each action. If a pending request times out, the
action is denied and needs to be requested again and a message is written to the audit log of the
Policy Server.)
When approved or denied, the action request is removed from the Pending Requests page. A
message regarding the approval or denial is written to the audit log of the Policy Server. Policy
Server sends the response (accept or deny) to the Agent running on the asset. The Agent sends
another status message to the HP 3PAR Enterprise Server to identify whether the action request was
approved or denied. If the action request was approved, the Agent then processes the action.
Note: Pending requests for remote sessions are tracked in the Remote Sessions tab as well as in the
Pending Requests tab. If a remote session is denied, the request is removed from the Pending Requests
tab but not from the Remote Sessions tab.
Never Allow
– the Agent will not execute the action and will send information about requests for an
action with this access right to Policy Server only when Never Allow actions are requested from the
HP 3PAR Enterprise Server. To see which asset-initiated actions of Never Allow rights were denied
on an asset, refer to the log file of the Agent running on the asset.
Important!
Due to the frequency of requests for the following actions, these actions do NOT support the
Ask for Approval access right nor do they support filters: Set Time, Data Item Values, Alarms, Event,
and Email. If you apply a filter to one of these actions, it will not have any effect.