Overview of security sets
Security sets extend a SmartModel to include view, add, modify, and delete (VAMD) rights to commands inside a configuration. Once defined, you can reuse security sets for different SmartModels.
- You create security sets as resources in the IBM Tivoli Netcool Configuration Manager GUI.
- Security sets are applicable to any SmartModel, meaning that when you create one for one SmartModel, you can use it for any SmartModel.
- Security sets are schema-specific, but you can use them across devices with the same vendor and type.
- A security set must be in a realm where devices can resolve it.
Mapping a native configuration to XML hierarchy
When mapping a native configuration to XML, a hierarchy of data is created consisting of parent-child relationships, which are based on the indentation used by the native configuration. Commands that are indented are sub-commands to their parent. Using this XML configuration format, you can overlay security set metadata onto the XML structure, by for example defining VAMD rights on configuration nodes, which are then inherited down the configuration hierarchy.
However, in subsequent nodes down the tree, the VAMD rights are modified. For example, the 'aaa' node of the configuration has all its VAMD rights set to true. If applied, the users see the 'aaa' node of the configuration.
The same is true for all the SNMP commands. VAMD rights are inherited down the configuration tree. For all other commands not shown in this example, their VAMD rights are all false.
In the 'IP' node of the configuration, the security set is designed so that users can see and modify any access lists under the 'IP' node of the tree. However, anything else under 'IP' is hidden.