Compliance Job - General

The General panel lets you provide information that identifies a Compliance Job and provides some options for how the job should execute.

Field definitions

Name

Identifying name.

Description

Optional descriptive text.

Save in

Folder in which to store the object.

Set execution override

Select if this job should always execute as if your current role and user are scheduling the job. After you click this option, the job definition shows the role:user combination under which the job executes.

Clear execution override

Remove an existing execution override.

Number of targets to process in parallel

Choose one of the following options:

Unlimited — Simultaneously runs the job on as many servers as possible. Application Server settings control the number of targets the job can access.
Limited — Specifies the maximum number of targets on which the job can run simultaneously. Limiting the number of targets is useful when a job might temporarily disrupt the functionality of a target server, and you want to limit that disruption to a small fraction of your managed servers.
If you want the job processed serially at the target servers, set this value to 1. Note, however, that although this is the best approach for achieving serial processing, it does not always guarantee full serial processing at all targets; the first two or three targets might still run in parallel.

Continue despite compliance data collection errors

Whether Compliance evaluation should continue on a target server or component even though it encounters required parts that are missing or that throw errors.
If you select this option, the Compliance Job completes with warnings even though individual components might not satisfy some compliance rules because parts are missing, the target is not reachable, or errors were received from extended objects used by the Template. If this option is not selected and an asset collection error is encountered, no compliance evaluation is performed on that particular target, but other targets in the job are evaluated for compliance if they did not encounter any asset collection issues.

Note

If you select this option and the target server is unreachable (for example, the server is down or the RSCD agent is down), the resulting compliance status depends on exact rule structure.

For example, the following two rules are designed to evaluate file permissions:

Rule	Compliance status
The rule first checks for the existence of the file, through a conditional construct (if... then...): if "File:/etc/cron.d/cron.deny" exists then "File:/etc/cron.d/cron.deny"."Permissions (Unix) (Unix)" does not have any flag ["Owner Execute"] end	Compliant
The rule does not perform a pre-check for existence of the file: "File:/etc/cron.d/cron.deny"."Permissions (Unix) (Unix)" does not have any flag ["Owner Execute"]	Non-compliant

Run auto-discovery

Whether to authorize the Compliance Job to perform component discovery for the associated component templates and generate components for use in the Compliance Job. This replaces the need to manually run a Component Discovery Job before running the Compliance Job.

When you use this option, the job logs do not show the compliance run status of the discovered components until discovery of all the components is completed.

Important

With this option, the job might take more time to complete as compared to the time taken collectively by the manually run Compliance Discovery Job and the Compliance Job.
When you use this option in combination with extended objects or a large number of targets, this can either slow your system performance, or the job might fail.
Workaround: Disable the Run auto-discovery option and run a batch job manually where a Component Discovery job is executed before the Compliance job.

See the following video for an example of how to use this option to automatically filter the targets for the job.