Applies To:

Show Versions Show Versions

Manual Chapter: Merging Security Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Merging security policies

Application Security Manager has a policy merge option to combine two security policies. In the merge process, the system compares, and then merges, specific features from one security policy to another.

The merge mechanism is lenient when merging security policies. The system resolves any conflicts that occur by using the more open settings in the target security policy. When the merge is complete, the system shows the results of the merge process.

You can perform the merge in two ways:

  • Automatically merge missing entities changing one policy or both policies.
  • Manually merge specific differing entities from one security policy to another.

Task summary

Merging security policies

Only users with a role of Administrator, Application Security Administrator, or Application Security Editor can use Policy Diff to merge security policies.
If you have two security policies with entities and attributes that you want to combine into one policy, you can merge the two policies. For example, you can merge a security policy that you built offline into a security policy that is on a production system. You can merge two security policies automatically, or by reviewing the specific differences between them. You can perform the merge in two ways:
  • Automatically merge missing entities changing one policy or both policies.
  • Manually merge specific differing entities from one security policy to another.
  1. On the Main tab, expand Security and click Application Security. The Active Policies screen opens.
  2. In the Security Policies area, click the Merge button. The Policy Diff screen opens.
  3. From the First Policy and Second Policy lists, select the security policies you want to compare or merge, or click Browse to search your computer for an exported security policy. The two security policies you are comparing can be active, inactive, policies imported in binary or XML format, or a combination of both.
  4. If you plan to merge security policy attributes, it is a good idea to safeguard the original security policy. In the Working Mode field, select how you want to work.
    Option Description
    Work on Original Incorporate changes to one (or both) of the original security policies depending on the merge options you select without making a copy of it.
    Make a Copy Make a copy of the security policy into which you are incorporating changes.
    Work on Copy Work on a copy of the original security policy. First, a copy is made, then incorporate possible changes on the original policies. If comparing one or more policies with Policy Builder enabled, this option is automatically selected (and the other options become unavailable).
  5. Click the Calculate Differences button to compare the two security policies.
    Note: The system does not compare navigation parameters. They are ignored and do not appear in the results.
    The Policy Differences Summary lists the number of differences for each entity type.
  6. Decide whether you want to examine each difference in detail, or have the system resolve the differences.
    • To merge the security policies automatically, skip to step 9.
    • To examine the differences before merging, proceed to step 7.
  7. Click any row in the Policy Differences Summary to view the differing entities with details about the conflicting attributes. The system displays a list of the differing entities and shows details about each entity's conflicting attributes.
  8. To merge the two security policies manually, address each difference.
    1. For each differing entity and attribute, move the ones you want into the merged security policy, or click Ignore to leave them different.
      Tip: Click the Details link to see very specific information about the entity in each security policy.
    2. Click Save to save the changes you make.
    When you click Save, the changed section is removed from the screen because it was resolved. Other differing entities that still need to be resolved are still shown.
  9. To automatically merge the differences between the two security policies, click Auto Merge. An Auto Merge popup screen opens.
  10. In the Handle missing entities setting, specify how you want the system to treat entities that exist in one security policy but not the other. By default, both check boxes are selected; the auto-merge process adds unique entities from each policy into the policy from which they are missing.
    • To move missing entities from the second policy to the first, select Add all unique entities from second policy to first policy.
    • To move missing entities from the first policy to the second, select Add all unique entities from first policy to second policy.
    • If you do not want to merge missing entities, leave both check boxes blank.
  11. In the Handle common entities for first policy and second policy, specify how you want the system to treat entities that have conflicting attributes.
    • To make no changes to either policy when entities are different, select Leave unchanged.
    • To use the differing entities from the first policy and move them to the second, select Accept all from first policy to second policy.
    • To use the differing entities from the second policy and move them to the first, select Accept all from second policy to first policy.
  12. Click Merge. The system merges the two security policies.
  13. On the right of First or Second Policy (for active policies only), click the Apply Policy button to put into effect the changes made to the merged security policy.
The system logs all changes made either manually or automatically in the policy log, for auditing purposes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)