CentraSite 10.3 | CentraSite User’s Guide | Policy Management | Introduction to Design and Change-Time Policies | Execution of Design/Change-Time Policy
 
Execution of Design/Change-Time Policy
When an event occurs in the registry, CentraSite determines which policies are within the scope and executes those policies in priority order (from lowest assigned value to the highest assigned value). If an action within a policy fails, CentraSite immediately exits the policy. It does not execute any of the remaining actions in the policy nor does it execute any remaining policies that are within scope of the event.
If the policy was triggered by a pre-operation event (for example, a PreCreate event or a PreStateChange event) the requested operation is also not executed. For example, if a user attempts to add an XML Schema to the catalog, and the schema does not satisfy a validation policy that is triggered by the PreCreate event for XML Schemas, CentraSite rejects the user's request to add the new schema to the catalog.
Policy failures are written to CentraSite's policy log. From the Inbox page in CentraSite Control, users can view the failed policies that were logged during the events that they initiated. Administrators with View Policy Log permission can view and query the entire log using CentraSite Control's Logging feature.
CentraSite provides a special event type called an OnTrigger event. Policies that you create for this event type can be run on demand from the CentraSite Control user interface. Anyone who has View permission on an OnTrigger policy can execute the policy on demand.
When you run a policy on demand, CentraSite applies the policy directly to each object instance in the registry that:
*Is of a type specified in the policy's object scope.
*Satisfies all conditional criteria specified by the policy (that is, Name, Description, and Classification criteria that the policy specifies).
*Is an object on which the user running the policy has View permission. If the policy is organization-specific, the policy is applied to only the objects that satisfy the preceding criteria and belong to the organization specified by the policy. If the policy is system-wide, the policy is applied to all objects in the registry that satisfy the preceding criteria.
Administrators often use OnTrigger policies to assign permissions to a specified set of objects instead of manually setting permissions on individual objects using the user interface.