Previous Topic: Policy DependencyNext Topic: How Policy Verification Works


Policy Verification

When policy verification is enabled, CA ControlMinder checks that a policy does not contain errors before it deploys the policy. If CA ControlMinder finds errors in the policy deployment script, the policy script does not execute on the endpoint. This ensures that policies do not deploy with errors and lets you trace script errors on the endpoint. Policy verification is disabled by default.

If policy verification is not enabled and you deploy a policy with errors, some policy commands may still execute despite the errors in other commands.

Policy verification checks CA ControlMinder database commands only, that is, selang commands in the AC environment. Policy verification does not check commands in the native, configuration, or policy model environments. If a policy contains commands for both the AC environment and another environment, policy verification checks commands in the AC environment only.

Policy verification cannot check undeploy scripts.