Reviewing changes in securable objects

Select Security Administration > Administration > Security Reports > Security Policy Change Detection Report then click the Run Parameters tab.

Click Create and specify this information:

Release Date: Specify the release date, or specify both the start and end dates to define a release range.

Click Submit.

A Run Parameter is created.

In the Start column, click Start. This action starts the report. It is disabled if the status is not blank or if analysis records are associated with the run parameter.

These are the available actions after starting the report:

Delete - deletes the selected run parameter.
Purge Analysis - removes all analysis records associated with the run parameter.
Reset Status - resets the status to blank.

On the Analysis tab, in the Security Class Update Analysis section, select a security class update to compare.

On the Compare tab, a comparison of the current LPL and the LPL before the release date is shown. On the Security Class Update Detail tab, the policies changed on the run parameter’s release date are displayed.

Note: Reordering rules within a policy does not affect their evaluation; the rules are still considered equal. However, the compare UI may not accurately reflect this due to limitations in comparing the LPL when policies are reordered.

Optionally, you can click Purge Analysis to remove all analysis records associated with this run parameter.

On the Monitoring tab, click Generate Configured Security Class.

This action loads all configured Security Classes. It reads each configured Security Class and creates an entry for Monitoring. Every time a user runs the Generate Configured Security Class function, it adds any newly configured Security Classes that are not already present in the Monitoring system.

Click Generate All Analysis.

The configured Security Classes are compared with the Analysis Class. Results appear in the Analysis table.

Optionally, these actions are available in the Security Class section:

Generate Analysis for Security Class - Functions similarly to Generate All Analysis, but processes only the selected record in the list.
Purge All - Removes all monitored Security Classes and their corresponding Analysis records.
Purge Analysis for Security Class - Removes all Analysis records for the selected Security Class.

Click Analyze All Configuration, select a run parameter, and then click Submit.

The Analysis table is compared with the Results table.

Optionally, these actions are available in the Analysis section:

Analyze Configuration - Performs the same comparison as Analyze All Configurations, but only processes the selected record in the list.
Purge All - Removes all Analysis records.
Purge - Removes the selected record.

Select the Results tab to view a summary of all Security Classes and their associated Policies that were changed based on the reports that were run.

On the Security Design tab, click Generate Configured Security Class.

Optionally, these actions are available in the Security Class section:

Generate Analysis for Security Design - Functions similarly to Generate All Analysis, but processes only the selected record in the list.
Purge Analysis for Security Design - Removes all Analysis records for the selected Security Design.

Click Generate All Analysis.

Click the Compare tab to view a comparison between the current LPL and the LPL before the release date is shown. Use this view to compare the LPL between Security Class and Analysis Class.

Optionally, these actions are available in the Security Class Design Analysis tab:

Purge All - Removes all Analysis records.
Purge - Removes the selected record.

Select the Role Security Class Changes tab to view a summary of all Security Roles and their associated securable objects that were changed based on the reports that were run.

Changes made to Role Security Class assignments based on the Run Parameter are shown, including whether a Security Class was assigned or unassigned from a role according to the specified date.