Deployment of the Security Rules in Production
The VG WinConsole provides a Deployment module.
Developers use this module to deploy the Permissions and Roles related to their application. When new versions of the application are released, the deployment module automates the update of the permissions in the target repositories (testing, QA, production…).
Fig 1 - Deploying a Repository
Visual Guard Deployment - Application Lifecycle
Visual Guard Automates the deployment of Security Data managed by developers during the application lifecycle. These data are merged with data created by administrators.
Initial DeploymentDevelopers define Roles, Permission Sets and Permissions in the development repository.
They deploy them in the empty Production Repository.
Local Administrators create and manage user accounts and grant them with roles.
Developers update the security data.
How to organize and deploy the security data of an application?
This schema describes several possible combinations for an application deployed on a site where local Roles, Permissions and Permissions Sets are required.
Developers define Roles, Permissions Sets and Permissions in the development repository and deploy them in the production Repository
Local Admin may grant the Role “Operator1” to users, as defined by default in dev.repository.
They may also create Local Roles, Permissions Sets and Permissions.
A Local Role can contain a Global Permission Set.
A Local Permission Set can contain a Global Permission.
When Permission B is added/edited, included in Permission Set 1 and deployed, both Roles “Operator1” and “Operator2” have this new permission in production.
When the repository is deployed, Local Roles, Permission Sets and Permissions remain unchanged, as well as the relationship Permission Set 3 <containing> Permission Set 1.