| Description | A pointer to the row or rows in the pmPolicyCodeTable that
contain the condition code for this policy. When a policy
entry is created, a pmPolicyCodeIndex value unused by this
policy's adminGroup will be assigned to this object.
A policy condition is one or more PolicyScript statements
that result(s) in a boolean value that represents whether
an element is a member of a set of elements upon which an
action is to be performed. If a policy is ready and the
condition returns true for an element of a proper element
type, and if no higher-precedence policy should be active,
then the policy is active on that element.
Condition evaluation stops immediately when any run-time
exception is detected, and the policyAction is not executed.
The policyCondition is evaluated for various elements. Any
element for which the policyCondition returns any nonzero value
will match the condition and will have the associated
policyAction executed on that element unless a
higher-precedence policy in the same precedence group also
matches 'this element'.
If the condition object is empty (contains no code) or
otherwise does not return a value, the element will not be
matched.
When this condition is executed, if SNMP requests are made to
the local system and secModel/secName/secLevel aren't
specified, access to objects is under the security
credentials of the requester who most recently modified the
associated pmPolicyAdminStatus object. If SNMP requests are
made in which secModel/secName/secLevel are specified, then
the specified credentials are retrieved from the local
configuration datastore only if VACM is configured to
allow access to the requester who most recently modified the
associated pmPolicyAdminStatus object. See the Security
Considerations section for more information. |