Assign Security Zones

This topic describes about several ways to assign a security zone to an entity:
This topic describes about several ways to assign a security zone to an entity:
  • Assign individually
    : Select an assignable entity and then either right-click or access its properties to set or change the security zone.
  • Assign in bulk
    : Select [
    Assign Security Zones
    ] from the Manage Security Zones dialog to quickly assign entities to a zone.
Each method is described in more detail below.
In order to add or change security zones, your security role must allow update privileges to the entities being changed.
If a security zone accepts the entity "Published Services" it should also accept "Policy", otherwise you will only be able to edit the service properties but not view or edit the policy of the published service.
Assign Zones Individually
Two different methods are used to assign individual entities to zones.
Method 1: Assertions, Internal Identity Provider, aliases, and root node
  1. Right-click the item and then select
    Security Zone
  2. Choose the security zone from the drop-down list. If your permissions allow it, you can remove the item from a security zone by choosing "
    No security zone
    To remove an entity from a security zone, your security role must allow update privileges to that entity. For example, if your only role is "Manage Test Zone" you can modify entities within the Test zone, but you cannot remove entities from the Test zone. If you also had an additional role such as "Manage Widget Service", then you will be able to select "No security zone" for the Widget service because then you have full update privileges on that particular entity, regardless of its zone.
  3. Click [
    ]. The item it added to the selected security zone (or removed from the zone).
Method 2: Set via properties
This method is used for all other entities that do not display a "Security Zone" right-click option (or where right-clicking is not possible, for example: log sinks or listen ports).
Access the properties dialog for the entity. The security zone setting is visible at the bottom of the dialogs. If there are multiple tabs within the properties, this setting is usually on the first tab (for example "General" or "Base Settings" tabs).  
Choose the security zone from the drop-down list. The security zone is changed when you close the properties.
The Security Zone drop-down is visible only when at least one security zone is defined, otherwise it is hidden.
Assign Entities in Bulk
To quickly assign a large number of entities to a security zone, use the Assign Security Zones dialog.
The bulk entry method is only available to Administrators or users who have two or more "Manage X Zone" roles that both permit at least one shared entity type (for example "Zone A" and "Zone B" roles that both include assertions). It is also available via custom roles.
To assign entities in bulk
  1. Run the Manage Security Zones task. The Manage Security Zones dialog box appears.
  2. Click [
    Assign Security Zones
    ]. The Assign Security Zone dialog appears.
  3.  From the drop-down list, choose the entity type you wish to added to a security zone (for example "Folder"). If the entity type you want is not listed, then it cannot be controlled via a security zone.
  4. The list updates to show all the entities of that type available to be added to a zone. The name of the entity, its current zone, and path (location of entity) are displayed.
  5. Select the check box next to the entities to be added to a zone. You can use the "select all" and "clear all" links to quickly select or clear all the check boxes.
    If the list is long, enter a search string in the "Filter on name" field to help you find the appropriate entities to add. The list is updated as you type based on your search string. The string is matched anywhere within the entity name.
  6. Choose the security zone to be applied to your selected entries. If you choose "No security zone" then the selected entries will be removed from whatever security zone they happen to be in.
  7. Click [
    ] to add the selected entities to the zone.
  8. Repeat steps 3 to 7 if you need to add different entities to security zones.
  9. Click [
    ] when finished.