F-SECURE POLICY MANAGER 8.0 Administrator's Manual - page 122
122
Access restrictions are Final and Hidden. Final always forces the policy:
the policy variable overrides any local host value, and the end user
cannot change the value as long as the Final restriction is set. Hidden
merely hides the value from the end user. Unlike the Final restriction, the
Hidden restriction may be ignored by the managed application.
Figure 5-20 Embedded restriction editor
Using value restrictions, an administrator can restrict the values of any
policy variable to a list of acceptable values from which the user can
choose. Additionally, the administrator can restrict integer-type variables
(Integer, Counter, and Gauge) to a range of acceptable values. An
additional restriction, the FIXED SIZE restriction, can be applied to tables.
With this restriction, the end user cannot add or delete rows from
fixed-size tables. Because the Final restriction cannot be used for empty
tables, the FIXED_SIZE restriction should be used for this purpose
(preventing end users from changing tables' values).
If a variable in the product Management Information Base (MIB) already
contains a range or choice definition, the administrator can further restrict
the range or choices, but not extend them. If the product MIB does not
define value restrictions, the administrator can specify any range or
choice restriction.
Restrictions can be edited within the embedded Product View pane, or in
a separate dialog box. To toggle between these two choices, choose
Embedded Restriction Editors from the View menu. If embedded editors
are switched off, the Product View pane displays buttons for launching the
dialog editors.