Editing security sets

After you have created or copied a security set, you edit it in XML. You can use an external XML editor to create the security set XML, and then copy it into the security set.

Procedure

  1. Highlight the security set you want to edit, and select Edit > Edit from the menu bar.
    The security set is opened in a simple text editing window that allows you to enter XML, or copy it in from an external XML editor.
  2. Edit the security set using the following example as a guide.
    This example security set hides everything about a configuration except its access control lists (ACLs). As this is a Cisco device example, ACLs can exist in two locations, as a series of base commands in the configuration, and as a series of commands under the IP node of the configuration.

    Required base node with VAMD settings
    All VAMD rights are disabled at the base 'configuration' node. This prevents any sub-nodes from automatically inheriting inappropriate view, add, modify or delete permissions.
    <configuration
    	add="false"
    	delete="false"
    	modify="false"
    	view="false"
    	xmlns:securityMarkup="http://intelliden.com/securityMarkup">
    Note: The closing tag is >
    Example access-list node (nested underneath 'configuration')
    The VAMD rights are enabled for the ACLs.
    	<access-list
    		securityMarkup:add="true"
    		securityMarkup:delete="true"
    		securityMarkup:modify="true"
    		securityMarkup:view="true"/>
    Note: The closing tag is />
    Example IP node (also nested underneath 'configuration'), with access-list underneath
    The IP node inherits VAMD access rights from its parent 'configuration' node. This prevents users from accessing all the sub-nodes under the IP node. In this Cisco device example, 'access-list' is a child of the IP node To enable VAMD rights for ACLs, you must set the them to 'true'.
    	<ip >
    		<access-list
    			securityMarkup:add="true"
    			securityMarkup:delete="true"
    			securityMarkup:modify="true"
    			securityMarkup:view="true"/>
    	</ip>
    </configuration>
    Note: The IP closing tag is </ip>, followed by the configuration closing tag </configuration>
  3. Once you have edited your security set, click File > Save.

What to do next

To use a security set, you apply it to groups and realms.