Organize Services and Policies into Folders

In the Services and Policies list, you can create folders to help you organize your services and policies, and to control access to them. Only users with a role of Administrator or Manage Web Services can create and manipulate folders. For more information on these roles, see .
gateway83
In the Services and Policies list, you can create folders to help you organize your services and policies, and to control access to them. Only users with a role of Administrator or Manage Web Services can create and manipulate folders. For more information on these roles, see Predefined Roles and Permissions.
Controlling Access Using Folders
In addition to the organizational benefits provided by folders, controlling access to your services and policies is simplified too. Each time a folder is created, the Policy Manager automatically creates two corresponding folder roles:
  • Manage
    <folderName>
    Folder
    : This role allows a user to create, read, update, and delete services or policies within the folder, including nested sub folders. If aliases are present in the folder, permission to read, update, or delete an alias is granted only if:
    • the user is assigned to a role that has access to the original entity, AND
    • the user has the "Manage Folder" role
  • View
    <folderName>
    Folder
    : This role only allows a user to view entities within the folder, including the contents of nested sub folders. If aliases are present in the folder, the original entity may be modified but not deleted only if:
    • the user is assigned to a role that has access to the original entity, AND
    • the user has the "View Folder" role
Folder roles let you grant access to many policies to a user via a single role assignment. Once a folder role is assigned, the user is granted access to all services/policies in the folder, including services/policies contained in sub folders.
If a user has not been granted any folder roles, yet has permission to a service or policy nested within several sub folders, that user will be able to see all folder names between the root and the service's parent folder. However, all other folder content will not be visible.
For more information, see Manage Roles.
Refining Access with Security Zones
In addition to the two folder-based security roles mentioned above, you can also place folders into security zones to further refine access. Users with either the corresponding "Manage X Zone" or "View X Zone" roles will be able to view the items in the folders that are also in the X zone. Users without either of these roles but who have a "Manage X Folder" or "View X Folder" folder will be able to view the folder's content. User with none of these roles will not have access to the folder at all.
For more information, see Understanding Security Zones.
To create a folder:
  1. Right-click any folder or the root node and then select
    Create New Folder
    .
  2. Enter a name for the new folder. The new folder is created as a subfolder within the chosen folder. You can create up to 8 levels of folders.
    Ensure that all your folders have unique names, to avoid potential problems with roles and permissions.
  3. Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone". For more information about security zones, see Understanding Security Zones
    This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).
  4. Click [
    OK
    ] when done.
To delete a folder:
  1. Ensure that no services or policies in the folder being deleted are still in use. You can delete a non-empty folder containing items that are no longer referenced elsewhere.
  2. Right-click the folder and then select
    Delete Folder
    .
To change a folder's name or security zone:
  1. Right-click the folder and then select
    Folder Properties
    .
  2. Modify the name, if necessary
  3. Choose another security zone, if necessary.
  4. Click [
    OK
    ].
 
Renaming a folder or changing its security zone automatically updates its associated folder role. For more information, see Predefined Roles and Permissions.
To move a service, policy, or folder:
  • Drag and drop the item from one folder to another.
Or:
  1. Right-click the item to move and then select
    Cut ...
  2. Right-click the destination folder and then select
    Paste ...
 
(1) You can move multiple items at once by holding down the [Ctrl] key to select the items before performing a drag and drop or cut and paste. (2) When moving services or policies between two folders (regardless of security zones), you must have Update permission on the entity (i.e., service or policy) and Update permission for the source and destination folders.
 
To search for a service or policy:
  • See "Quick Search" in Services and Policies.