|Applies To||RSA Product Set: Adaptive Authentication (Hosted)|
RSA Version/Condition: 11.0
|Issue||User is seeing an error when trying to promote a production rule that indicates that someone is already accessing the rule but no one else is logged in the back office.|
|Resolution||The locking mechanism for rule promotion is explained on pages 157 - 160 of the RSA Adaptive Authentication (Hosted) Back Office User's Guide.|
The Policy Manager application supports a comprehensive locking mechanism to prevent any accidental conflicts between rule definition and editing activities. While one user is working with a rule definition, other users are protected from accidental conflicting access through a three-tiered approach.
Click Yes to reset the session time. Click No to close the message window without changing anything. If the user chooses not to prolong the current session, the window displays a Session Expired page as soon as the current session times out. Note that the exact length of the time-out period, and use of a warning message, is configurable per organization.
Besides the Locking Mechanism, once a rule has been accessed with potential editing capabilities by one user, subsequent access requests by other users open dialog boxes that reflect these other protection mechanisms:
Users can navigate between all informative windows and data field values can be viewed upon request. Only buttons that provide access to active editing features for a rule already being accessed by another user are disabled, as indicated by the unavailable buttons highlighted in the following figure.
When working with a table of many rule entries, access is enabled to all table entries except for any specific rule that is already being accessed by another user. In this case, the option buttons for the whole table are not disabled. Editing access is only blocked for individual table entries, as indicated by the small lock icon highlighted in the following figure.
In a large corporation, most people do not start and stop work simultaneously. In the real world, many users may be working simultaneously and reaching different stages in their work at different points in time. One user may open a Rules List table at a time when complete access is allowed for all rules displayed in the table. At a later point, a different user may enter the system and begin to edit a specific rule. This rule, listed in the original user’s table display, does not appear with any locking indicator, since the original user opened the table before the second user began editing.
To handle these potential real-time conflicts, the Policy Manager application provides real-time protection safeguards. Any time that a user selects a rule for editing, even if that selection is technically enabled in the table display, an internal protection check is made, to verify that the rule is still available for edit access. If, in the interim, a second user begins to work with that rule, a warning message is displayed on the screen of the first user and editing access is denied
Normally, if a rule is being edited by one user, that rule is flagged as locked and all other users are locked out and prevented from editing that rule. However, if a user accidentally closes a rule window in the middle of editing a rule, the system will identify that user upon return and the user will be allowed to return to the interrupted editing session and not be locked out inappropriately.