Question & Answer
Question
How to schedule the policy reinstall on the appliances when there are multiple policies per appliance?
Answer
The policy reinstall process for when there are multiple policies on the collector, works the same way as when there is only one policy per collector. It re-installs each policy present.
The scheduled job unaware of what policy "should" be installed, looks at what currently is installed and re-installs in the same order.
The schedule is NOT there to make sure a certain set of policies is always installed and reverted if they are accidentally changed. It's job to install policy will never change which policy is installed. It just re-installs whatever is already there.
Reason for code behavior: Until the policy is re-installed, group changes will not take effect in the policy.
For example, when pulling in LDAP users into a group. LDAP updates, resulting in the LDAP job pulling those users into the Guardium group. Policy itself will not see those users until the policy is reinstalled.
Was this topic helpful?
Document Information
Modified date:
22 August 2018
UID
ibm10718347