4 assigning access rights, Assigning access rights – HP 3PAR Service Processors User Manual

Page 56

Advertising
background image

7.12

Working in the Policy Tab

3PAR Secure Service Policy Manager User’s Guide

7.2.4 Assigning Access Rights

After setting an action and its permission, you assign it an access right. An access right specifies

how you want the individual devices to handle the related permission. There are three types of

access rights:

Always Allow - the Secure Service Custodian can execute these permissions without

asking for approval or sending the action information to Policy Manager. To see which

actions of Always Allow rights were performed on a device, refer to the device's log file.

Ask for Approval - the Custodian forwards the action and its parameters to Policy

Manager for approval, as well as a status message to the Enterprise server. When Policy

Manager receives the action, it sends an Email to the address specified for the device's

policy and then stores the action request in the Pending Requests queue. The action

request remains shown in the Pending Request page until it is approve or denied, or it

times out. If timed out, the action is denied and needs to be re-requested, if desired, and a

message is logged to the Policy Manager audit log.

If approved or denied, the action request is removed from the Pending Requests page. A

message regarding the approval or denial is logged to the Policy Manager audit log. Policy

Manager sends its response (accept or deny) to the device. The device sends another status

message to the Collector Server to identify whether the action request was approved or

denied. If the action request was approved, the device then processes the action.

Never Allow - the Custodian will not execute these permissions and will send information

for these requests to Policy Manager only when Never Allow actions are requested from

the Enterprise server. To see which device-initiated actions of Never Allow rights were

denied on a device, you need to refer to the device's log file.

To assign an access right to an action:

1

In the Access Right column on the View or change the policy settings for <Group

Name> page, click the access right list for the action you wish to assign an access right.

Advertising
Popular Brands
Popular manuals