Set a warning mode

The pop modify set warning command defines the warning mode attribute. A security administrator uses this command to debug or troubleshoot the accuracy of the authorization policy set on the protected object space.

When we set the warning mode attribute to yes, any action is possible by any user on the object where the POP is attached. Any access to an object is permitted even if the security policy attached to the object is set to deny this access.

Audit records are generated that capture the results of all security policies with warning mode set throughout the object space. The audit log shows the outcome of an authorization decision as if the warning attribute was set to no. Therefore, the administrator determines if the policy is set and enforced correctly. For example:

pdadmin sec_master> pop modify poptest1 set warning yes

See IBM Security Verify Access for Web: Command Reference.

Parent topic: Configure POP attributes