When a device or employee triggers a dynamic policy, SASE takes a disposal action and logs the event as a disposal process record. This topic explains how to view those records and recover from a disposal action.
Prerequisites
Before you begin, make sure that:
The SASE App on corporate office terminals is version 4.5.1 or later
A dynamic policy has been configured and triggered by an employee or device. For more information, see Configure dynamic policies
Secure Access Service Edge is activated. If you have not activated Secure Access Service Edge, purchase and activate the service. For more information, see Purchase service. You can also apply for a 7-day free trial. For more information, see Apply for a free trial
You have an Alibaba Cloud account or a Resource Access Management (RAM) user with permissions to access SASE. For more information, see Grant permissions to a RAM user
View the disposal process
Log on to the Secure Access Service Edge console.
In the left navigation pane, choose Dynamic Decision-making > Handling Process.
On the Handling Process page, review the list of disposal process records. Filter the list by Handled At, Action, Restoration Method, Status, or User.
In the Actions column, click Details to open the Details panel.
The Details panel contains the following sections:
Section Description Basic Information General information about the disposal event, including the affected user, device, and the action taken Trigger Settings The dynamic policy conditions that caused the disposal action to trigger
Disposal recovery
Three recovery methods are available. The method that applies depends on how the dynamic policy was configured.
Automatic recovery
How it works: SASE automatically recovers the disposal action when either of the following conditions is met:
The underlying issue is resolved and the trigger conditions are no longer met
The policy is disabled
No manual steps are required.
Example: If a dynamic policy requires the SASE App to be version 4.5.1 or later and a user upgrades to a compliant version, the policy stops triggering and the disposal action is automatically recovered.
Authentication reporting
Requirement: When configuring the dynamic policy, select Recover After Authentication Reporting. For more information, see Configure dynamic policies.
How it works: After a device or employee triggers a dynamic policy:
The user is forcibly logged off from the SASE App.
The user logs on again.
The disposal action is recovered within the validity period of the authentication report.
Console recovery
An administrator can manually recover a disposal action from the console.
Log on to the Secure Access Service Edge console.
In the left navigation pane, choose Dynamic Decision-making > Handling Process.
On the Handling Process page, recover the disposal action using either of the following methods:
In the Actions column, click Restore.
In the Actions column, click Details, then click Restore in the Details panel.
In the Recovery Prompt dialog box, enter the Validity Period of Reporting and click OK.
After recovery, the user is automatically logged out of the SASE App. The user can log on again to resume service. The policy will not trigger again for the duration of the validity period.
What's next
To view logs for dynamic decision disposal and recovery operations, see Dynamic decision logs.