Manage Security Zones

The Manage Security Zones task is used to manage all facets of your security zones. Use this task to:
gateway93
The
Manage Security Zones
task is used to manage all facets of your security zones. Use this task to:
  • Create, edit, or remove security zones
  • See the types of entities permitted within a zone
  • See a list of the actual entities assigned to a zone
  • Bulk assign eligible entities to a zone
 
(1) Changes to security zones may not fully take effect until the next session for a user. For example, if you add new entity types to the Test zone, users currently logged in with the "Manage Test Zone" role will not have these entity types available until they log off and back on. (2) The Policy Manager does not prevent simultaneous editing of zones. We recommend that you develop a process for maintaining security zones, to avoid potential collisions caused by simultaneous editing of the same zone.
Contents:
The Manage Security Zones dialog box is divided into these main areas:
  • The Security Zones area is where you add, modify, and delete security zones. If eligible, you can also bulk assign entities into and out of security zones.
  • The [
    Properties
    ] tab displays the complete description of the security zone and lists the entities types that can be added to that zone.
  • The [
    Entities
    ] tab displays the entities that have been added to the zone.
Each area is described in greater detail below.
To manage security zones
:
  • In the Policy Manager, select
    [Tasks] > Users and Authentication > Manage Security Zones
    from the Main Menu (on the browser client, from the Manage menu). The Manage Security Zones dialog appears. 
Working with the Security Zones Area
The Security Zones area displays a table showing the security zones that have been defined, with action buttons for each task. Select a task to perform:
To...
Do this...
Add a new security zone
  1. Click [
    Create
    ].The Create Security Zone dialog appears.
  2. Click [
    Create
    ] to save the zone. The new zone appears in the list.
Modify an existing security zone
  1. Select the security zone to edit from the list and then click [
    Edit
    ].
  2. Modify the Security Zone Properties as required.
  3. Click [
    Update
    ]. The zone is updated.
Delete a security zone
  1. Select the security zone to delete from the list.
  2. Click [
    Remove
    ]. You are prompted to confirm.
  3. Confirm the deletion. All entities in that zone revert to a "no security zone" state and are now eligible to be added to another zone.
Assign entities to or from a security zone
To quickly assign entities in bulk to a security zone, use the [
Manage Assignments
] button if it is available. This button is visible to any user who:
  • Have the Administrator role, or
  • Have two or more "Manage X Zone" roles that both permit at least one shared entity type (a custom role may be created to permit a user to manage at least two security zones)
For detailed information on the different ways you can assign entities to a security zone, including using the Assign Security Zones button, see Assign Security Zones.
About the [Properties] Tab
The [Properties] tab displays more information about the selected security zone. All information here is view only; any changes must be made through the Security Zone properties dialog, accessed through the [Edit] button.
  • Name
    : Name of the security zone.
  • Description
    : Full description of the security zone.
  • Entity types permitted in this zone
    : Lists all the entity types in the system, with a check mark next to the permitted entities.
    If a security zone accepts all entities, you will see "Any entity type is permitted in this zone" instead of a list.
About the [Entities] Tab
The [
Entities
] tab lists the actual entities that have been assigned to the zone.
  • Show entities of type
    : This drop-down lists the permitted entity types from the [Properties] tab.
  • Name
    : This list shows the entities of the selected type in the zone. For example, if "Assertions" was selected, then all the assertions that have been added to the security zone are listed, along with their paths (assertion palettes). To learn about the different ways to add entities to a zone, see Assign Security Zones.
  • Filter on name
    : If the list contains many entities, you can filter the list by typing a few characters. The list updates as you type to display only the entities with a matching character string in their names. This helps you quickly locate a specific entity.