All Products
Search
Document Center

Secure Access Service Edge:View disposal processes

Last Updated:Jun 20, 2026

SASE makes dynamic decisions based on user operations, behavior, and devices. When a dynamic policy is triggered, SASE applies a disposal action and generates a disposal process. This topic explains how to view and manage them.

Prerequisites

  • You have configured a dynamic policy that a user or device has triggered. For more information, see Configure dynamic policies.

  • You have activated Secure Access Service Edge. If you have not activated Secure Access Service Edge, you must purchase and activate the service. For more information, see Purchase service. You can also apply for a 7-day free trial. For more information, see Apply for a free trial.

  • You are using an Alibaba Cloud account or a RAM user with permissions to access the SASE service. If you use a RAM user, you must grant access control permissions to the RAM user. For more information, see Authorize a RAM user.

  • The SASE App installed on corporate devices is version 4.5.1 or later.

View disposal processes

When a user or device meets the trigger conditions, SASE applies a disposal action and generates a disposal process. You can then restore the action.

  1. Log on to the Secure Access Service Edge console.

  2. In the left-side navigation pane, choose Dynamic Decision-making > Handling Process.

  3. On the Handling Process page, view the process information. You can filter the records by criteria such as Occurrence Time, Action, Restoration Method, Status, and User.

    The disposal process list includes the Disposal time, User, Process ID, Device, Matched policy, Disposal action, Status, Recovery method, and Actions columns. In the Actions column, you can click Restore or Details.

  4. Click Details in the Operation column. In the Details pane, view the Basic Information and Trigger Conditions.

    The Basic information section contains fields such as disposal time, status, user, device, matched policy, result, and disposal action. The Trigger conditions section shows the combination of rule conditions that were met, displayed with logical operators such as OR.

Disposal recovery

SASE supports three recovery methods:

  • Automatic recovery: After a user or device triggers a dynamic policy, the disposal action is automatically restored if its trigger conditions are no longer met or if the policy is disabled.

    For example, you set a dynamic policy that requires the SASE App version to be 4.5.1 or later. If a user upgrades their SASE App to a compliant version, the trigger conditions are no longer met, and the disposal action is automatically restored.

  • Authentication reporting: After a user or device triggers a dynamic policy, the user is forcibly logged out of the SASE App. After the user logs back in, the disposal action is restored for the specified validity period.

    Important

    To use this recovery method, you must select the Restoration After Authentication and Reporting checkbox when you configure the dynamic policy. For more information, see Configure dynamic policies.

  • Console recovery: After a user or device triggers a dynamic policy, an administrator can manually restore the action in the console.

    1. Log on to the Secure Access Service Edge console.

    2. In the left-side navigation pane, choose Dynamic Decision-making > Handling Process.

    3. On the Disposal Process page, use either of the following methods to restore the action:

      • In the Operation column, click Restore.

      • In the Operation column, click Details. In the Details pane, click Restore.

    4. In the Note dialog box, enter the Validity Period of Reporting and click OK.

      If an employee or a device triggers a dynamic policy, the SASE App is forcibly logged out. You must log in again to regain access. The dynamic policy will not be triggered again during the validity period of reporting.

Related documents

To view logs for dynamic decision operations, see Dynamic decision logs.