IBM Proventia Network Enterprise User Manual - page 79
Policy Inheritance with Asset Policies
79
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
Policy Inheritance with Asset Policies
Introduction
This topic describes rules of inheritance for asset policies. It also explains where policies
appear in the SiteProtector Console, based on the ways in which you can define them.
Rules for policy
inheritance
The following rules describe policy inheritance for agent policies:
●
You can define only one Network Locations policy, at the Site level, to be used for all
agents and assets in your entire group structure.
●
A Discovery policy applies to only the group for which you define it.
●
The remaining policies are inheritable. A subgroup inherits a policy from the first
group higher than itself in the group structure that has a defined policy.
Asset policies in the
Console
You work with policies in a Policy tab in the SiteProtector Console. When you select a
group on the left pane, the group’s policies appear on the right pane. If you expand the
group, the policies also appear below the group. Figure 20 is an example of asset policies
in the CorporateScanningGroups group:
Figure 20: Example of asset policies in a Policy tab in the SiteProtector system
Examples of
inheritance
indicators
The following table uses Figure 20 to illustrate the inheritance indicators:
Inheriting From
Value
Description
blank
The Assessment, Discovery, Scan Control, and Scan Window policies are
defined at the selected group level—
CorporateScanningGroups
.
Inheriting from the
factory defaults
The agent is configured to use the Assessment Credentials and Scan
Exclusion policies defined at a higher level, but neither policy is defined in
the agent’s group structure.
A_Group_Name
The Network Services policy is defined at the Cancun level.
Table 26: Asset policy inheritance indicators