Previous Topic: Automatic Rule-based Policy UpdatesNext Topic: How You Use a PMDB to Propagate Configuration Settings

Endpoint Administration Guide for UNIXManaging Policy ModelsAutomatic Rule-based Policy UpdatesHow Automatic Rule-based Policy Updates Work

How Automatic Rule-based Policy Updates Work

When you configure your environment for automatic rule-based policy updates, each rule you define in the central database is automatically propagated to all of its subscribers in the following way:

  1. A rule is defined for any PMDB with at least one subscriber.
  2. The PMDB sends the command to all subscriber databases.
  3. The subscriber database applies the propagated command.
    1. If the subscriber database does not respond, the PMDB sends the command at a regular interval (by default, every 30 minutes) until the subscriber database has been updated.

      Alternatively, you can update subscriber databases as soon as they become available, by setting the pull_option token to yes in the [pmd] section of the seos.ini file on the subscriber computer.

    2. If a subscriber database is responding, but refuses to apply the command, the PMDB places the command in the Policy Model error log.
  4. If the subscriber database is a parent to other subscribers, it then sends the command to its subscribers.

Example: Removing a user from all computers in a hierarchy

If a user is deleted from a PMDB using the rmusr command, the same rmusr command is sent to all the subscriber databases. In this way, a single rmusr command can remove a user from many databases on a variety of computers.