Cisco Physical Access Manager User Guide, Release 1.4.1
Configuring Automated Tasks
Downloads: This chapterpdf (PDF - 3.7MB) The complete bookPDF (PDF - 61.78MB) | Feedback

Configuring Automated Tasks

Table Of Contents

Configuring Automated Tasks

Contents

Creating Quick Launch Buttons

Creating a Button

Creating a Button That Runs An Automated Rule

Creating Panels (Windows) of Related Buttons

Restricting User Access to Button Panels

Configuring Edge Policies

Configuring Device I/O Rules

Configuring Global I/O Automated Rules

Enabling the Automation Driver

Configuring Automated Tasks Using Global I/O

Understanding Automated Rule Actions

Example: Automated Weekly Report

Automation Rules in Cisco PAM 1.4.1

Defining Reports (Report Manager)

Report Manager in Cisco PAM 1.4.1

Using the Report Manager

Filter-based Report Template

Object SQL-based Report Template

SQL-Based Report Template

Additional Information


Configuring Automated Tasks


This chapter describes how to create and manage automated tasks such as triggering a relay when an alarm is generated, playing an alarm video, or sending an event e-mail.

In addition, you can create Quick Launch buttons for commonly used actions, and organize the buttons into different panels.

Contents

Creating Quick Launch Buttons

Creating a Button

Creating a Button That Runs An Automated Rule

Creating Panels (Windows) of Related Buttons

Restricting User Access to Button Panels

Configuring Edge Policies

Configuring Device I/O Rules

Configuring Global I/O Automated Rules

Enabling the Automation Driver

Configuring Automated Tasks Using Global I/O

Example: Automated Weekly Report

Automation Rules in Cisco PAM 1.4.1

Defining Reports (Report Manager)

Using the Report Manager

Filter-based Report Template

SQL-Based Report Template

Creating Quick Launch Buttons

Quick Launch buttons provide one-click access to commonly used actions. For example, you can create buttons to unlock a door or open a Cisco PAM module. Complete the following instructions to create or modify buttons, and organize them into different panels (windows).

Creating a Button

Creating a Button That Runs An Automated Rule

Creating Panels (Windows) of Related Buttons

Restricting User Access to Button Panels

Creating a Button

 
To do this

Step 1 

Select Quick Launch from the Events & Alarms menu, in the Monitoring sub-menu. The Quick Launch window opens.

Note The Quick Launch window appears blank on first use since no Quick Launch icons have been created.

Step 2 

Select Add Widget.

Step 3 

Select a widget type to create a Quick Launch button.

The widget types include:

Open Module: creates a button that opens a Cisco PAM module window.

Device Command: creates a button that executes a command for a door or device. For example, grant access to a door.

Label: Creates a text label used to organize Quick Launch buttons into rows and columns.

Step 4 

Select the row and column where the button will appear in the Quick Launch window.

Select the Locations tab and enter the row and column number.

Note If another button already exists in that location, the existing button location automatically shifts to the right.

Step 5 

Enter the text label for the button. You can also optionally select a custom icon image.

Note If the widget type is Label, enter only the label text, then skip to Step 10.

a. Click the Appearance tab.

b. Label: select the text label for the button.

Default: the default text. For example, the name of the device and command.

None: no text label. Only the icon image appears. If no icon image is selected, a blank button is displayed.

Custom: enter a custom name for the button.

c. Image: (Optional) Select a button icon image.

Default: the default icon image.

None: no button image. Only the text label appears. If no label is selected, a blank button is displayed.

Custom: click choose to select a custom image file.

Step 6 

If the widget type is Open Module, select a module:

a. Click the Open Module tab.

b. Select the Cisco PAM module that will open when the Quick Button is clicked.

c. Click OK.

d. Skip to Step 10.

Step 7 

If the widget type is Device Command, select the door or device for the command:

a. Click the Device Command tab.

b. Select the device(s):

Single: click Choose and select a single device or door from the Hardware view, as shown in the example to the right.

Multiple (by filter) of type: select a device type from the drop-down menu. For example, select deadbolt to select all deadbolt devices in all doors. To refine the selection, click Filter and select the filter options.

Multiple (by group) of type: select a device group from the drop-down menu. Groups include:

Access Point

Door: select a Door Group. See Configuring Device Groups.

Monitor Point

Monitor Point Group

Step 8 

Select a command for the door or device(s):

a. Select Choose.

b. Select a command from the list. For example, Deactivate Access Levels.

c. Click OK.

Tip See Device and Driver Commands and Door Modes and Commands for command descriptions.

Step 9 

a. Click Choose to select the Parameters for the command, if required.

If Choose is shown in black, you must click the button to continue. Select a parameter from the list. If the message "Are you sure you want to continue?" appears, click OK. This message indicates that a parameter is not required.

b. Click OK. The new button appears on the main Quick Launch page.

Step 10 

(Optional) Repeat these steps to create additional quick launch buttons, or organize the buttons in the current panel (window).

To edit an existing button (widget), right-click the button, select Edit, and edit the properties as necessary.

To move the buttons on the page, do one of the following:

Right-click the button and select Move Left, Move Right, Move Up, or Move Down.

Right-click the button, select Edit and then Location to select the row and column.

Step 11 

(Optional) Create panels (windows) of related buttons.

Creating a Button That Runs An Automated Rule

Create a button that runs an automated rule.


Step 1 Select Add Widget and then Device Command.

Step 2 Click Choose to select a single device.

Step 3 In the Hardware view, select the Automation Driver, and then click OK.

Step 4 Click Choose next to the Command field, click Choose.

Step 5 Select Invoke Automation Rule and click OK.

Step 6 Click Choose next to the Parameters field, select a Rule, and then click OK.

Step 7 Click OK to save the changes and close the window.

See Configuring Global I/O Automated Rules for more information.


Creating Panels (Windows) of Related Buttons


Step 1 Create one or more Quick Launch buttons.

Step 2 Select Save or Save As to save the current Quick Launch window as a panel.

Step 3 Enter the panel name.

Step 4 Click OK.

Tip To toggle between the panels, select Panels from the menu bar and select a panel.

Restricting User Access to Button Panels

Restrict user access to the button panels using the Profiles and Login modules, as described in the following instructions.


Step 1 Create or modify profiles to include the required Quick Launch access privileges. Profiles are sets of access privileges that are assigned to individual user logins.

a. Open the Profiles module.

b. Click Add or Edit to create or modify a profile.

c. Click the Module tab.

d. Click Quick Launch.

e. Select the options to the right:

Allow access to module: allow profile users to access the Quick Launch module.

Allow edit: allow users to create and edit buttons.

Allow all panels: allow access to all panels. Uncheck this option to enable the following button.

Choose allowed panels. select the panels that can be accessed by this profile.

f. Click Save and Close.

Step 2 Assign the profile to the user login.

a. Open the Login module.

b. Click Add or Edit to create or modify a user login.

c. Select Profiles.

d. Select the profile that includes the required access privileges.

e. Click Save and Close.


Configuring Edge Policies

Use Edge Policies to create event based actions that are stored and executed on specific Gateway modules. These policies can trigger URL Actions that perform tasks in external devices. For example, when a user swipes their badge at a reader device, a URL action can be sent to the Cisco VSM system to start recording surveillance video for that location.

Differences Between Edge Policies and Global I/O Triggered URL Actions

Edge Policies are stored on the Gateway module, and are triggered immediately when an event occurs, even if network communication with the CPAM server is delayed or lost.

Global I/O rules may not execute immediately due to network delays, rules processing, communication between Cisco PAM and the Gateways, or other factors.

Global I/O rules, however, offer additional options for automation rule triggers and subsequent actions. In addition, URL Actions for an Edge Policy are limited to the subset of events that can be triggered by the Gateway.

See Configuring Global I/O Automated Rules instructions to create global automation rules.

Procedure

Complete the following instructions to create or modify Edge Policies:


Note This example assumes that the Gateways, readers, doors, personnel accounts, and other components are installed, configured, and working properly. For instructions, see the other chapters in this guide, including Chapter 7 "Configuring Doors" and Chapter 9 "Configuring Personnel and Badges".


 
To do this

Step 1 

Enable the Edge Policy menu.

a. Select System Configuration from the Admin menu.

b. Select the Cisco Setting tab.

c. Select the check box Enable "Edge Policies" Module.

d. Click Save.

e. Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).

Step 2 

Select Doors > Edge Policies > Edge Policy.

Step 3 

Click Add, or select an existing rule and click Edit.

Step 4 

Enter a name and description for the rule.

Tip Select or de-select Enabled to activate or deactivate the policy.

Step 5 

Define the Trigger type.

The trigger defines the event (such as Door Grant Access) and the devices (such as a Gateway) for the trigger. When the specified event occurs on the specified device, the Edge Policy action is triggered.

Release 1.3 supports event triggers only.

a. Match—Select Any trigger.

b. Type—Select Event.

Step 6 

Define the Trigger.

The trigger defines an event that occurs on a device. When this triggers occurs, the action for the Edge Policy is invoked.

a. Click Add New to select the event and device(s) used to trigger the rule.

Tip You can also use the Add available button to choose a previously defined trigger (condition). To create, edit or delete the saved triggers, select Doors > Edge Policies > Conditions.

b. Enter the General properties:

Name—enter a meaningful name. For example, Access Lobby Door.

Description—enter the trigger description. For example, Access door event at lobby door.

c. Select Event and select the event for the trigger.

Select an available event from the left column.

Click the arrow to move the event to the right column.

d. Select Devices and select the devices that the event must occur on.

Filter by—select the device. For example, Gateway.

Device Type—shows the available device types. For example, Door.

Select—highlight a device in the Available column, and click the arrow to move it to the Selected column.

Device(s)—lick Choose and select an available device (such as a Door) and move it to the Selected field.

e. Verify that the selected device name appears in the Devices field.

f. Select Save and Close.

Step 7 

Select the Action that occurs when the condition(s) are met.

URL Action—select a URL Action that will occur when the conditions are met. See the "Configuring URL Actions" section. The URL action must be an Edge action type.

Note For Cisco VSM video recording, use create a soft trigger event in VSM to generate the URL used to record video. Enter that URL in the URL action.

Step 8 

Click Save and Close to save the changes. The new or revised policy is displayed in the main window.

Tip Click the Enabled check box to activate or deactivate the policy.

Step 9 

Select Apply Configuration Changes on the affected Gateway to activate the rule.

Note Gateways must be in the Up state, signified by a green triangle in the icon. A dark green triangle means configuration changes that have not been applied.

You can apply changes using either the Hardware or Locations & Doors module:

Hardware module

Right-click the Access GW Driver and select Apply Configuration Changes to download configuration changes for all Gateways.

or

Right-click on a Gateway Controller and select Apply Configuration Changes to download configuration changes for a single Gateway.

Locations & Doors module

a. Select Gateway Controllers from the View menu to display the Gateways.

b. To download the configuration for a multiple devices, right-click a location and select Apply Configuration Changes.

or

c. Right-click a Gateway icon and select Apply Configuration Changes to download the configuration for a single device.

See Applying Configuration Changes for more information.

Configuring Device I/O Rules

Use the Device I/O Rules module to create event based rules for a specific Gateway and the doors and devices configured on the Gateway. For example, when a door is forced open, a rule can activate a generic output device to sound an alarm. Since device rules are implemented for a single Gateway, the action is triggered immediately.

Device automation rules differ from global automation rules (Global IO) in the following ways:

Device rules affect a single Gateway. Global IO rules can affect multiple Gateways.

Device rules trigger actions immediately since they are executed on the Gateway and not subject to system or network delays. Global IO rules may not execute immediately due to network delays, rules processing, communication between Cisco PAM and the Gateways, or other factors. See Configuring Global I/O Automated Rules instructions to create global rules.

Complete the following instructions to create or modify Device IO Rules:

 
To do this

Step 1 

Select Device IO Rules from the Doors menu.

Step 2 

Click Add, or select an existing rule and click Edit.

To duplicate an existing rule:

Select the entry and click the Duplicate button in the upper right of the main window.

Enter a New Name for the rule and click OK.

In the main window, select the duplicate rule name and click Edit.

Revise the rule settings as described in the following steps.

Step 3 

Enter the rule settings:

Name: enter the name of the rule.

Description: enter a short description of the rule.

Gateway: select the Gateway where the device is installed.

Trigger

Device Type: select the device type:
Door, Generic Input device, Glass Break Sensor, Motion Sensor, Duress Sensor, Fire Sensor, Tamper device or Power Fail device.

Device: select the device name.

Event: select the event type. When this event occurs on the selected device, the following action is performed.

Action

Device: select the device for the action.

Command: Select the device command. For more information, see Device and Driver Commands in the Hardware Device View.

Step 4 

Click Save and Close to save the changes. The new or revised rule is displayed in the main window.

Step 5 

Select Apply Configuration Changes on the affected Gateway to activate the rule.

Note Gateways must be in the Up state, signified by a green triangle in the icon. A dark green triangle means configuration changes that have not been applied.

You can apply changes using either the Hardware or Locations & Doors module:

Hardware module

Right-click the Access GW Driver and select Apply Configuration Changes to download configuration changes for all Gateways.

or

Right-click on a Gateway Controller and select Apply Configuration Changes to download configuration changes for a single Gateway.

Locations & Doors module

a. Select Gateway Controllers from the View menu to display the Gateways.

b. To download the configuration for a multiple devices, right-click a location and select Apply Configuration Changes.

or

c. Right-click a Gateway icon and select Apply Configuration Changes to download the configuration for a single device.

See Applying Configuration Changes for more information.

Configuring Global I/O Automated Rules

Automated rules can execute commands, generate event reports, edit multiple records, or perform URL actions. Once created, you can invoke the automated rules from other modules, such as Quick Launch buttons and Graphic Maps.

A Global I/O rule is comprised of a trigger and an action.

The trigger can be one of 3 types:

Periodic

Monthly—the day of the month and time the action occurs

Weekly—the day of the week and time the action occurs

Daily—the time of the day the action occurs

Manual

The action only occurs when manually invoked by a user.

Event

The action occurs only when specified criteria are met.

The action occurs when the trigger conditions are met. The options are to generate a report or issue a device command.

Create automated tasks using the Global I/O module, as described in the following sections.

Enabling the Automation Driver

Configuring Automated Tasks Using Global I/O

Example: Automated Weekly Report

Enabling the Automation Driver

To enable automated tasks, the Automation Driver must be created and configured in the Hardware window. The driver is created once and remains active unless deactivated.


Tip The Automation Driver is a system component that executes automation policy actions. See Viewing Doors and Devices in the Hardware View for a description of the various system drivers.


 
To do this

Step 1 

Select Hardware from the Doors menu.

Step 2 

Right-click the Driver Manager and select New Automation Driver....

Step 3 

Enter the driver settings:

a. Click the General tab and enter a Name for the Automation Driver.

b. If e-mail notification is needed, click the SMTP Server Settings tab and enter the SMTP server settings.

c. Click Save and Close to close the configuration window and create the Automation Driver.

Step 4 

Right-click the Automation Driver and select Start.

This enables the driver and activates any automated rules.

Configuring Automated Tasks Using Global I/O

Create automated rules to automatically execute commands, generate event reports. The automated rules can also be configured for manual use, useful when placing a task icon in a graphic map.

 
To do this

Step 1 

Select Global I/O from the Events & Alarms menu. The Automates Rules window lists the currently defined rules.

The main window includes the following columns.

Name: The name of the automated task.

Enabled: Yes if the task is enabled. No if the task is disabled.

Trigger: Operator-defined events, and or time schedules that execute an action or notification.

Action: Reporting or device commands executed on devices.

Notification: The notification type. For example: E-mail, FTP, or Syslog notification.

Step 2 

Click Add, or select an existing rule and click Edit.

Tip You can also right click to select an option.

Step 3 

Enter a Name for the rule and select or deselect the Enabled checkbox.

Step 4 

Enter a Trigger type for the rule.

Click New or Edit to define the Trigger Type. The choices are:

Event: The rule is invoked when an event matching the defined filter occurs.

Select Event.

Click Edit Filter to define the filter.

Select a Time Schedule for the rule. If the event occurs within the specified schedule, the rule will be invoked. See Configuring Time Schedules to define the schedules.

Periodic (time schedule): The rule is invoked according to a Monthly, Weekly, or Daily schedule. Select the day of week or day of month, if necessary, and the Time of day (in a 24-hour format).

Manual Only: The rule is invoked manually. You can create a Quick Launch button or add the rule to a graphic map.

Step 5 

Define one or more Actions that occur when the rule is triggered. The options are:

Report: Generates a report that can be saved or sent to a user.

Device Command: Executes a command on a specified device.

CSV Import: Imports a comma separated value file containing personnel or organization data. The file must be located on an FTP server or CPAM server.

Group Edit: Edits multiple personnel or badge records.

Sanity Report Action: Provides a snapshot of the system status.

URL Action: performs a pre-defined URL action.

Tip See Understanding Automated Rule Actions for descriptions of the fields and settings for each option.

Step 6 

Specify a Notification option to define where the notification or report file is sent. The options are:

E-mail: Sends the notification or report file to one or more e-mail addresses. To enable e-mail notifications, you must enter the SMTP server settings in the Automation driver. For instructions, see Enabling the Automation Driver.

FTP: Sends the file to the specified FTP server.

Host: The FTP server IP address or name.

Username: Log in username required by the FTP server.

Password: Password to log in to the FTP server.

Path: Path on the FTP server where files should be uploaded.

Syslog: Sends the notification or report to a Syslog.

Host: The Syslog server IP address or name. You must verify that the server is accessible and allows remote hosts to log messages. Cisco PAM does not verify the Host server availability.

Facility: The log facility to use when recording the information to the Syslog.

Step 7 

Select the event options. These events occur when the rule is successfully invoked, or when rule options fail.

Click the check boxes to activate or deactivate the options:

Record event when rule invoked: Each time the rule is invoked, record an event.

Record event when trigger fails: Each time the trigger fails, record an event.

Record event when action fails: Each time the action fails, record an event

Record event when notification fails: Each time the notification fails, record an event.

Step 8 

Click Save and Close.

Understanding Automated Rule Actions

Automated rule actions define what occurs when the rule is triggered. Actions are defined when creating or editing a rule, as described in Step 5 of Configuring Automated Tasks Using Global I/O.

Each automated rule option is described in the following table:

Report: Generates a report that can be saved or sent to a user.

Device Command: Executes a command on a specified device.

CSV Import: Imports a comma separated value file located on an FTP server or CPAM server. The file can contain personnel or organization data.

Group Edit: Edits multiple personnel or badge records.

Sanity Report Action: Provides a snapshot of the specified system status.

URL Action: performs a pre-defined URL action.

Create or edit an automated rule as described in Configuring Automated Tasks Using Global I/O. In the Actions section, click Add to create a new action, or select an existing action and click Edit.

Create or edit an automated rule as described in Configuring Automated Tasks Using Global I/O. In the Actions section, click Add to create a new action, or select an existing action and click Edit.

Report

Generates a report that can be saved or sent to a user. Complete the following settings:

a. Select the Action type Report.

b. Click Choose to select a predefined report template. To create or modify reports, see Defining Reports (Report Manager).

c. Click Settings to define the report:

Title: edit the name of the report, if necessary.

Group by: select the group, if available.

Format: select Record-style or Table-style.

Output type: select an output type from the drop-down menu. For example: PDF document.

Device Command

Executes a command on one or more devices:

a. Select the Action type Device Command.

b. Device(s): Select the Device(s):

Single: click Choose and select a single device or door from the Hardware view.

Multiple (by filter) of type: select a device type from the drop-down menu. For example, select deadbolt to select all deadbolt devices in all doors. To refine the selection, click Filter and select the filter options.

Multiple (by group) of type: select a device group from the drop-down menu. To create door groups, see Configuring Device Groups.

Variable (of type): select a device type from the drop-down menu and then click Variable to select a variable.

For example, select the variable type Door, and then click the Variable button. Select Triggering Event: Device from the drop-down menu and click OK. If a the event Trigger configured in is caused by a door, then the action is initiated.

c. Command: Click Choose to select the Command for the device(s). See Device and Driver Commands and Door Modes and Commands for command descriptions.

d. Parameters: (Optional) Click Choose to select the Parameters for the command, if required.

Note If Choose is shown in black, you must click the button to continue. Select a parameter from the list. If the message "Are you sure you want to continue?" appears, click OK. This message indicates that a parameter is not required.

e. Click OK

f. Click Save and Close.

CSV Import

Imports a comma separated file from a directory located on the CPAM Server or a FTP server.

The properties import file must be named csv.import.properties.

Do not include the header row in CSV import files. Otherwise, the header row is imported as data and results in one record more than the correct count.

To import pictures, the path name in the CSV file should be relative to the Directory path for the CSV properties file. If only the image name is specified in the CSV file, then the images must be located in the same directory as the CSV properties file.

a. Select the Action type CSV Import.

b. Select the data Type: Personnel or Organizations.

c. For CSV import from CPAM server enter the file settings as :

Directory Path: The directory path of the CSV file location in CPAM server.

Configuration file : (read only) the import configuration file having import mapping settings must be named csv.import.properties .

Note Here the CSV file and csv.import.properties should be placed in any of the CPAM server directories like /tmp or /directory that has root level permissions. Ensure that both files are in the same directory path.

d. Click Save and Close.

e. For CSV import from folder/directory located on a FTP server, enter the server and file settings as:

Host: the IP address of the FTP server.

Username: the username required for access to the FTP server.

Password: the FTP server password.

Directory path: the directory path for the file location.

Configuration file : (read only) The import configuration file having import mapping settings, must be named as csv.import.properties.

Note The .csv and csv.import.properties files should be placed in the location specified in the Directory path.

f. Click Save and Close.

For CSV import for personnel records from local client machine desktop, See Importing Personnel Records Using a Comma Separated Value (CSV) File

Group Edit

Edits multiple personnel or badge records.

a. Select the Action type Group Edit.

b. Select the Item Type: for example, Badges.

c. (Optional) Click Edit Filter to apply the changes to a subset of badges or records. Use the filter window to define the filter settings.

d. Click Group Edit to enter the changes that will apply to all specified personnel or badge records.

e. Click Save and Close.

Sanity Report Action

System sanity reports provide information about potential system inconsistencies or issues in the access control system. See Generating a System Sanity Report for more information.

a. Select the Action type Sanity Report Action.

b. Select the Report type:
for example, Devices/Doors - Disabled.

c. Click Save and Close.

URL Action

Performs a pre-defined URL action.

a. Select the Action type URL Action.

b. Select a pre-defined URL Action from the drop-down menu.

c. (Optional) Click New or Edit to create or modify a URL action. See Configuring URL Actions for more information.

d. Click Save and Close.

Tip Static URL actions can be invoked by creating a manual automated rule. Set the Trigger Type to Manual and Action Type as URL Action. Then select a static URL from the list. This rule can be invoked by right clicking on the Automation Driver in the Hardware module and selecting Invoke Automation Rule. You can also create a Quick Launch button to invoke the rule (see Creating Quick Launch Buttons).

Example: Automated Weekly Report

The following sample shows how to configure an automated rule that runs a report on a weekly basis.

 
To do this

Step 1 

Select Global I/O in the Events & Alarms menu.

Step 2 

Create a new rule and enter the General settings:

a. Click Add... to open the Automation Rule window.

b. Name: Enter a descriptive name for the rule. For example: Daily Gateway Report (output).

c. Enabled: Verify that the Enabled checkbox is selected.

Step 3 

Select the periodic Trigger to have the report sent at a regular scheduled time:

a. From the Trigger row, click the New... button.

b. Select Periodic from the drop-down menu.

c. Select OK.

Step 4 

Select the days and times for the periodic Trigger:

a. Interval: Options include: Monthly, Weekly and Daily.

b. Day of Week/Month: If you select Monthly or Weekly, select the day of the month or week.

c. Time of day: Enter a time using a 24-hour notation. For example, 1:00 p.m. in a 12-hour clock is expressed as 13:00 in a 24-hour clock.

d. Select OK.

Step 5 

Select the action to generate a report file:

a. In the Action section, click the Add... button.

b. Select Report from the drop-down menu.

Step 6 

Define the type of report and the format of the output:

a. From the Report window, click Choose.... The Choose Report window displays all reports defined in the system

Select a report from the list.

Click OK to close the Choose Report window.

Tip To create or edit reports, see Defining Reports (Report Manager).

b. From the Report window, click Settings to open the Report Generation window.

Title: Enter a Title for the report.

Format: Select if the report should be in Record-style or Table-style.

Output: Select the type of file to output. For example: PDF document or Excel spreadsheet.

Click OK to close the Report Generation window.

c. Click Save and Close to save the Action settings and close the Report window.

d. Repeat these steps to create additional Actions for the automated rule, if necessary.

Step 7 

Select the Notification method. For example, send the report file by e-mail:

a. From the Notification row, click the New... button. Notification options are: E-mail, FTP or Syslog.

a. Select E-mail from the notification drop-down and configure valid e-mail addresses as displayed in the following step.

b. Click OK.

Step 8 

a. Add e-mail addresses for the To, CC, and or BCC fields. You can enter specific e-mail addresses, or select addresses from the Personnel records configured in Cisco PAM.

b. Click OK to save the changes and close the window.

Step 9 

a. Verify that all configurations are correct.

b. Click Save and Close to save the Automated Rule and close the window.

Step 10 

Add the Automation driver as described in Enabling the Automation Driver.

Note This step is only necessary if the Automation Driver is not already added.

Automation Rules in Cisco PAM 1.4.1

If the profile enhancement feature is set in the system configuration settings(Data Entry/Validation - Login), the following changes are impacted in this module:

The location-restricted users can create automation rules in the Global I/O interface in their set of accessible locations only.The user is allowed to add trigger conditions and actions only on devices within their assigned hierarchical location.See (Figure 12-1)

Figure 13-1

Add Automation Rule

The location-restricted user has to select the Hierarchical Location while adding an `Automation rule' unlike other modules where the hierarchical location of the location-restricted user is auto-populated.

When a location is assigned to a global I/O rule of trigger type periodic and event, the rule is applied only for the location it was created to and its child nodes, if any.

If the trigger type is manual then the rule is applied to the locations that are common between the locations assigned to the location-restricted user and the location(with its child nodes) in which the global I/O was created.

If the location-restricted user wishes to invoke a Global I/O manually, the automation driver has to be present in the Hardware View of the location-restricted user. To achieve this, the cpamadmin can populate the automation driver in the hierarchical location of the location-restricted user by modifying the profile of the user.

To populate automation driver, do the following:


Step 1 Go to Profile > Edit > General > Assign to Login.

Figure 13-2 Assign to Login

Step 2 Select the Ignore hierarchical location restriction for device matching filter checkbox.

Figure 13-3

Ignore Hierarchical Location

Step 3 Click Filter. The Filter Device window appears.

Step 4 Select Automation Driver from the Type drop down list.

Figure 13-4 Select Automation Driver

Step 5 Click OK to save the changes. The automation driver is populated.


Note The drawback of populating the automation driver is that the automation driver events of other locations that are not under the purview of the location-restricted user also become visible.


All automation rules created up to the root of the hierarchy of the location-restricted user is visible to the user. The location restricted user can invoke these rules provided there are any devices (at least one) pertaining to their location in these rules.

All device groups up to the root of the location-restricted user are visible and the user can reuse these device groups provided at least one device is present from the location restricted user's assigned location in these device groups. When these device groups are reused ,the commands are applied to the devices belonging to the location restricted user's location.

When the cpamadmin removes a location from the location restricted user's hierarchy, all devices of that location is removed automatically. However if any automation rules relating to these devices are present, then it requires manual removal, so the cpamadmin should ensure that they remove all associated automation rules (manually) along with the location.


Note These points are applicable only when the Profile enhancement feature is set in the System Configuration of the Cisco PAM. Otherwise the Cisco PAM appliance retains its behavior as in the previous version(1.3).


Defining Reports (Report Manager)

The Report Manager comprises of predefined set of Reports to retrieve data.You can use the Report Manager to view,run,add or modify reports.Further these reports can be used in automated tasks.Report templates include the following:

Filter-based reports

Reports defined using a filter, similar to the Filter toolbar button in many modules. This is the most straightforward way to define a report. In 1.4.1 Release, Filter based reports are generated to an user based on the hierarchical location to which the user belongs to.This is due to the configuration settings For more complex reports, use one of the following SQL-based options.

Object SQL-based reports

Reports defined using explicit SQL which returns the unique IDs of the items to display, which are otherwise presented in a similar fashion as a filter-based report does.

SQL-based reports

Reports defined using explicit SQL.


Tip See Configuring Global I/O Automated Rules for instructions to assign reports to automated tasks.


This section includes the following information:

Report Manager in Cisco PAM 1.4.1

Using the Report Manager

Filter-based Report Template

Object SQL-based Report Template

SQL-Based Report Template

Report Manager in Cisco PAM 1.4.1

If the profile enhancement feature is set in the system configuration settings(Data Entry/Validation - Login), the following changes are impacted in this module:

A location-restricted user can view and reuse default reports up to their root level location.

The cpamadmin should restrict access of SQL based Reports to location-restricted users in the Profiles module. This action prevents the location-restricted users from accessing SQL based reports.


Note These points are applicable only when the profile enhancement feature is set in the System Configuration of the Cisco PAM. Otherwise the Cisco PAM appliance retains its behavior as in the previous version(1.3.2).


Using the Report Manager


Step 1 Select Report Manager from the Reports menu. The main window appears, as shown in Figure 13-5.

Figure 13-5 Report Manager Main Window


Note Some reports are used for internal processes and cannot be used to generate reports. For example: Badges-Unused.


Step 2 Use the toolbar to perform the following actions:

Add: Add a new report or folder. The following options are available:

Add Filter-based Report Template...: See Filter-based Report Template.

Add Object SQL-based Report Template... See Object SQL-based Report Template.

Add SQL-based Report Template...: See SQL-Based Report Template.

Add Folder...: Adds a new folder for report organization.

Import...: Import a previously exported report or set of reports from XML.

Export...: Export all reports to an XML file, which may be later imported on the same or another system.

Edit...: Select a report and click Edit...: to view and modify the details of the report. You can also double-click the report entry.

Delete: Delete the report.

Run: Run the report and open the contents of the report in a new window.

Step 3 Edit the report using the description in the following sections:

Filter-based Report Template

SQL-Based Report Template


Filter-based Report Template

When you add or edit a report, the Report Manager detail window includes properties for the specific type of report.

All report types include the following toolbar buttons:

Save and Close: Save changes and close the report.

Run: Run the report and open the contents of the report in a new window.

Export...: Export the report to an XML file, which may be later imported on the same or another system.

Figure 13-6 shows the detail window for a Filter-based Report Template. Complete the fields according to the descriptions in Table 13-1.

Figure 13-6 Filter-based Report Template

Table 13-1 Filter-based Report Template Settings 

Field
Description

Name

Enter a unique name for the report.

Max results

The number of results displayed in the report. "-1" retrieves unlimited results.

Item type

The type of category to build the filter based report on.

Edit Filter...

Defines the filter, similar to filters available in the toolbar. See Using Filters.

Report Settings...

Report generation options, which are the same as when generating a report from one of the other modules. For more information see Creating Reports.

Variable Parameters...

Lists parameters for the report. The selected parameters will prompt the user to provide values for them when the report is run. Based on the parameter values data will be retrieved.

Edit Columns...

Select the columns used in the report. Use the Up and Down buttons to reorder the columns for the report.



Note In Cisco PAM 1.4.1, the filter based reports have an additional field, Hierarchical Location that allows the user to retrieve reports on the devices or events in the user's assigned location only.See (Figure 13-7). This is based on the system configuration settings. See (Data Entry/Validation - Login)


Figure 13-7 Filter based Report with hierarchical Location

Object SQL-based Report Template

When you add or edit a report, the Report Manager detail window includes properties for the specific type of report.

All report types include the following toolbar buttons:

Save and Close: Save changes and close the report.

Run: Run the report and open the contents of the report in a new window.

Export...: Export the report to an XML file, which may be later imported on the same or another system.

Figure 13-8 shows the detail window for a Object SQL-based Report Template. Complete the fields according to the descriptions in Table 13-2.

Figure 13-8 Object SQL-based Report Template

Table 13-2 Object SQL-based Report Template Settings 

Field
Description

Name

Enter a unique name for the report.

Max results

The number of results displayed in the report. "-1" retrieves unlimited results.

Item type

The type of category to build the object SQL-based report on.

SQL

The SQL query to be executed. The SQL defined should only return a single column, which is the unique id of an object matching the Item type drop-down menu.

Report Settings...

Report generation options. For more information on report settings see Creating Reports).

Variable Parameters...

Parameters the user is prompted to provide when running the report. Variable parameters replace question marks in the SQL query, in order. The number of parameters must match the number of question marks in the query.


SQL-Based Report Template

When you add or edit a report, the Report Manager detail window includes properties for the specific type of report.

All report types include the following toolbar buttons:

Save and Close: Save changes and close the report.

Run: Run the report and open the contents of the report in a new window.

Export...: Export the report to an XML file, which may be later imported on the same or another system.

Figure 13-9 shows the detail window for a SQL-based Report Template. Complete the fields according to the descriptions in Table 13-2.

Figure 13-9 SQL-based Report Template

SQL-Based Report Template Settings 

Field
Description

Name

Enter a unique name for the report.

Max results

The number of results displayed in the report. "-1" retrieves unlimited results.

SQL

The SQL query to be executed. It returns all the column data defined in the SQL.

Report Settings...

Report generation options. For more information on report settings see Creating Reports).

Variable Parameters...

Dynamic parameters can be added through this option with a name and a type to match with any of the field columns defined in the sql query . The previously added parameters could be viewed and edited. Parameters configured will prompt the user to provide values for them when the report is run and based on that data will be retrieved .The parameter values replace question marks in the SQL query, in order. The number of parameters must match the number of question marks in the query.

Tip A sample SQL based report template defined with variable parameters will have the sql query part like "select evt_time from vx_evt where evt_time < (?) ;"

Additional Information

To avoid Non-Admin (other than Administrators profile) users from running and editing the SQL Based Reports to retrieve information beyond their access levels, unselect `Allow execution of SQL-based Reports' option in Users > Profiles > Add Profile/Edit Profile > Modules > Report Manager.

SQL based reports can also be invoked from the Global I/O module through event or periodic trigger.

Default sanity reports returns unprivileged data.

Contact Support Team for any high level ERD of database/assistance in writing complex SQL based queries to meet individual requirements.