Create a Post
Showing results for 
Search instead for 
Did you mean: 

Access Control - Dealing with hidings (UID instead of No. descriptor)


Just a small thing that came into my mind during the last weeks and also today. I currently have to manage some real big rule bases (1000+ rules in each policy) and work with several people in the team. Every now and then we have hidings - sometimes lots of them. That means, up to 10+ entries in the policy verification info slide. I realized, that the formatting of this info is not optimal, as it reads like this:

"Error: Layer xyz: Rule xyz hides rule xyz for Services & Applications xyz

Rule xyz1 hides rule xyz1 for Services & Applications xyz1

Rule xyz2 hides rule xyz2 for Services & Applications xyz2

Rule xyz3 hides rule xyz3 for Services & Applications xyz3

Rule xyz4 hides rule xyz4 for Services & Applications xyz4"

The first thing that came into my mind is; why does the formatting look that strange - shouldn't the first entry also be in a new line after the colon? But that is just a very small cosmetic thing, not a real problem. The main issue I have is, that the rule description is based on the actual number of the rule (No. column) instead of the rule id (UID) or the name (considering it was named in a unique way). I often end oft cleaning the hidings and need to verify the policy again and again after each mentioned point, just because the rule numbers change when I delete a specific rule if it's been fully hidden and not necessary anymore. Is there a way to change the details section of policy verification and other errors to show the rule id (UID) instead of the rule number (No.)?

If not - are there other people here who think that feature would make sense to maybe include in a future release?



3 Replies

As far as I know this can't be changed.

That said, using the rule name/UID would be better than using a number.

The UID might not be as easy to find visually, though.

0 Kudos

Well, it should be enough to use Strg+G in order to jump to the related rules - tbh. I'm doing this also now with the no. of the specific rules. Should not change much by using the uid instead.

But if that option should not be applicable maybe a new editing mode just for clearing hidings could be added. The only change in that mode is, that the number column freezes, even when rules are being deleted. After an admin publishes the sessions all the "gaps" that were created are being closed again by moving all the rules together.

But maybe I am the only one for whom that really is an issue as nearly nobody seems to be interesed in this thread.

0 Kudos

There are definitely ways the experience can be improved here.

We had some different concepts floating around internally in the early days of R80.

Not sure what the current plan to improve this is but appreciate the feedback.