Symptoms:

• A Day 2 Action policy has been defined but the User can not see the configured Day 2 Action
• after creating a Day 2 Action policy now Users/Groups can see too many Day 2 Actions

Aria Automation 8.x

Configuring Day 2 Action Policies with different Enforcement types can result in a different behaviour.

Please find below bullet points to further define the differences in Enforcement types:

Soft:

• is based on the Least Principal privilege
• when defining multiple policies as "Soft" different Actions can be combined for Users/Groups, e.g.:
  • a Organization policy was defined to allow all Users to be able to create VM Snapshots
  • a Project policy was defined to allow Users to control (Power On/Off, Restart, Shutdown etc.)
  • for another Project Users are allowed access to Remote.Console

In this example all Users of the Organization can create a Snapshot of VM's accessible to the User, however some User can only access the Remote Console in 1 project while controlling the VM in a different Project.

Hard:

• will only allow access to configured Day 2 actions according the policy setting
• when configured for a particular group, only this group will have access to the configured Day 2 actions, any other group will have no access
• does overwrite "Soft" policies, so even a policy may be configured for a project then these Users have no longer access if a Hard policy is configured for the same Project
• does also overwrite policies scoped for "Organization / Multiple Projects'