Managing Configuration Items › Configuration Audit and Control Facility (CACF) › CACF Administration and Policy Definition › How Configuration Audit and Control Facility Works › Policy Actions

Policy Actions

After CACF selects a policy, the action section of the policy determines the outcome of the attribute update. This section identifies the most important part of the verification policy because it affects the integrity of the CMDB. This section also affects the change management workflow, related notifications, and created Incidents.

A policy can have one of the following Update Behaviors:

Allow Update Only if Matches Change Specification

Conditionally applies the inbound attribute update to the CI if it matches a change specification. This update occurs when the Change Order is in a Verification Active state. Selecting this option enables change verification.

Allow Attribute Update

Unconditionally applies the inbound attribute update to the CI. This option effectively disables all change verification. Use this behavior for standard changes, when you have a trusted data source, authoritative, and you do not require a Change Order.

Always Cancel Entire Transaction

Cancels the update and any other attribute update in this transaction, even if a matching change specification exists. Use this behavior to prevent MDRs from updating CIs where they are not authorized to update. If any policy cancels a transaction, the entire transaction is canceled, even if other policies would have allowed the change to occur.

For example, specify this behavior to stop an unauthorized MDR from inserting a CI, and also specify a common attribute name such as Name.

Keep Old Attribute Value

Cancels the single attribute update, but allows other attributes in the transaction to update if their policy allows it. Use this behavior when an MDR is unauthoritative at the attribute level.

A verification policy can specify that Incidents close automatically when failed verifications are remediated. The policy can specify that the inbound transaction data copies to the TWA. This type of policy is useful when data from an unauthorized MDR requires review before updating the CMDB.

To let the Configuration Manager identify that CACF policies that created the TWA record, the Change Order field in the TWA is set to the name of the policy that created it. Writing data to the TWA is independent of updating the CI in the CMDB, so a policy can update the CI, write to the TWA, or both.