Deployment of the Security Rules in Production

The VG WinConsole provides a Deployment module.
Developers use this module to deploy the Permissions and Roles related to their application. When new versions of the application are released, the deployment module automates the update of the permissions in the target repositories (testing, QA, production…).

Fig 1 - Deploying a Repository

Visual Guard Deployment - Application Lifecycle

Visual Guard Automates the deployment of Security Data managed by developers during the application lifecycle. These data are merged with data created by administrators.

  1. Initial Deployment
    Developers define Roles, Permission Sets and Permissions in the development repository.
    They deploy them in the empty Production Repository.

  2. Daily IAM Management
    Local Administrators create and manage user accounts and grant them with roles.

  3. Subsequent Deployments
    Developers update the security data.
    The updated data is merged to the data existing in the Production Repository.
Initial Security Data Deployement
Daily IAM Management
Subsequent Security Data Deployments

How to organize and deploy the security data of an application?

This schema describes several possible combinations for an application deployed on a site where local Roles, Permissions and Permissions Sets are required.

Organize and deploy the security data

More Information

  1. Developers define Roles, Permissions Sets and Permissions in the development repository and deploy them in the production Repository
  2. Local Admin may grant the Role “Operator1” to users, as defined by default in dev.repository.
    They may also create Local Roles, Permissions  Sets and Permissions.
    A Local Role can contain a Global Permission Set.
    A Local Permission Set can contain a Global Permission.
  3. When Permission B is added/edited, included in Permission Set 1 and deployed, both Roles “Operator1” and  “Operator2” have this new permission in production.
  4. When the repository is deployed, Local Roles, Permission Sets and Permissions remain unchanged, as well as the relationship Permission Set 3 <containing> Permission Set 1.