Editing security sets
After you have created or copied a security set, you edit it in XML. You can use an external XML editor to create the security set XML, and then copy it into the security set.
Procedure
- Highlight the security set you want to edit, and select Edit > Edit from
the menu bar. The security set is opened in a simple text editing window that allows you to enter XML, or copy it in from an external XML editor.
- Edit the security set using the following example as a
guide.
This example security set hides everything about a configuration except its access control lists (ACLs). As this is a Cisco device example, ACLs can exist in two locations, as a series of base commands in the configuration, and as a series of commands under the IP node of the configuration.- Required base node with VAMD settings
- All VAMD rights are disabled at the base 'configuration' node. This prevents any sub-nodes from automatically inheriting inappropriate view, add, modify or delete permissions.
<configuration add="false" delete="false" modify="false" view="false" xmlns:securityMarkup="http://intelliden.com/securityMarkup">
Note: The closing tag is>
- Example access-list node (nested underneath 'configuration')
- The VAMD rights are enabled for the ACLs.
<access-list securityMarkup:add="true" securityMarkup:delete="true" securityMarkup:modify="true" securityMarkup:view="true"/>
Note: The closing tag is/>
- Example IP node (also nested underneath 'configuration'), with access-list underneath
- The IP node inherits VAMD access rights from its parent 'configuration' node. This prevents users from accessing all the sub-nodes under the IP node. In this Cisco device example, 'access-list' is a child of the IP node To enable VAMD rights for ACLs, you must set the them to 'true'.
<ip > <access-list securityMarkup:add="true" securityMarkup:delete="true" securityMarkup:modify="true" securityMarkup:view="true"/> </ip> </configuration>
Note: The IP closing tag is</ip>
, followed by the configuration closing tag</configuration>
- Once you have edited your security set, click File > Save.