Policy profile is a named subset of values from the policy with the associated 'activation condition' and flags. The values defined in the profile override the corresponding values in the policy when the 'activation condition' becomes true on the target host.

The policy profile cannot contain ".KLCONN_ACL_SECTION"and "KLEVP_NF_SECTION".

Policy profile data contains the following attributes:

"EXPRESSION" - Policy profile activation logical expression. The value is (paramArray) with the only element, which is a (paramParams) container that contains the logical expression that must be calculated over host attributes at the Network Agent side (the "data source"). Host attributes are listed in the Network Agent attributes for profile logical expression. The (paramParams) equal to NULL is correct, and means 'no logical expression'. This kind of profile cannot be activated (but the expression may be defined in lower level policies). Empty (paramParams) is incorrect.
"KLSSPOL_PRF_ENABLED" - Policy profile 'enabled' flag (paramBool).
"KLSSPOL_PRF_PROTECTED" - Policy profile 'Protected' flag. The profile is protected from deleting, renaming, and reordering (paramBool).

The data is returned in the policy format. It will look like the following:

      +---"KLSSPOL_PRF_PROTECTED"
      |     +---"KLPRSS_Val"= bProtected
      |     +---"KLPRSS_Mnd"
      |     +---"KLPRSS_ValLck"
      |     +---"KLPRSS_ValLckPolicy"
      |     +---"KLPRSS_ValLckGroup"
      +---"EXPRESSION"
      |     +---"KLPRSS_Val"=value1 the only entry contains parameters with logical expression
                [0]= Logical Expression
      |     +---"KLPRSS_Mnd"
      |     +---"KLPRSS_ValLck"
      |     +---"KLPRSS_ValLckPolicy"
      |     +---"KLPRSS_ValLckGroup"
      +---"KLSSPOL_PRF_ENABLED"
            +---"KLPRSS_Val"=bEnabled
            +---"KLPRSS_Mnd"
            +---"KLPRSS_ValLck"
            +---"KLPRSS_ValLckPolicy"
            +---"KLPRSS_ValLckGroup"

See also: