Autosave, Autosave Recovery, and Policy Locks

The Endpoint Privilege Management ePO Extension has autosave, autosave recovery, and concurrent edit functionality to reduce the risk or impact of data loss, as well as to prevent multiple users from overwriting individual polices.

In ePO Server 5.10, if the Server SettingsApprovals setting has been configured, autosave is disabled for users who do not have the Policy Management permission set to Approver Permission - Users with this permission can make policy changes independently. This includes the ability to approve or reject policy change requests..

Autosave

If a policy has pending edits, then these are retained initially in memory and then on session timeout to permanent storage.

This can occur if the session expires, if you select Log Off, or if the browser is closed while Endpoint Privilege Management for Mac policies are being edited.

If the server can determine that the session has ended, for example, via log out, then the permanent storage autosave is always used.

The in-memory version is only used when the browser is closed and the session has not yet timed out.

Autosave Recovery

When the policy is edited next, you receive a prompt that there is an existing edit available. You are given the option to discard or recover the changes.

The autosave is not removed until the policy has been saved.

When saved the autosave policy is automatically removed. This is the case for both recovery and discard. The choice simply affects which data is loaded into the policy.

The autosaved policy has the same name as the current policy but with (autosave) appended to the name. It is possible to duplicate this policy if the user wants to retain the changes in a different policy.

The in-memory storage recovery is covered as part of the locking workflows below.

Policy Locks

When a policy is being edited it is locked to prevent other users from making changes which could override your edits. The policy is locked after the user clicks a link or button from the policy summary screen to enter the policy. If another user attempts to edit the same policy, they are shown the name and ID of the user making the edit.

They are then presented with three options:

  • Break lock and take current changes
  • Break lock and use last save
  • Open in read only mode

They can also use the standard ePO options of Duplicate/Save/Cancel (lower right). The Save and Cancel options both act as cancel. The Duplicate option uses the last saved version.

Anyone with write access to the policy can break the lock.

If the lock on a policy that you're editing is broken, please follow the on-screen instructions, as they will vary depending on the policy management Approvals workflow and user permissions.

When the browser is closed during an edit, the returning login is treated as a new user. Therefore it is possible to be prompted with an option to break the lock for yourself. As ePO permits multiple logins from the same user, this is possible in normal usage in addition to the browser close scenario, for example, using two different browsers or through a private browsing window.