Modify Group Field

Workflow Owner This topic is intended for SecureChange workflow owners, who are responsible for creating and maintaining workflows.

Overview

When you configure workflow steps, the Modify Group field lets you select a group of network objects from a device and select objects to add or remove from the group, or the ability to create new groups. You can add multiple Modify Group fields in a ticket in order to change multiple groups in the same ticket.

If the selected group is from a supported device, you can also implement the changes directly to the policy. When you implement the changes, SecureChange sends the changes to SecureTrack and SecureTrack changes the group in the policy on the device.

To design a change or apply a change to a group object, add the Modify Group field to each step where you want it to appear. For example, you can include the field in:

  • Request steps - the requester or handler can use this field to select a group to change and the objects to add to or remove from the group.
  • Approval steps - the approver can graphically see the requested change.
  • Implementation steps - the handler can implement the changes directly from SecureChange.
  • Design and provision steps - the handler can review recommended changes as provided by Designer. These recommendations can be automatically implemented for devices where Provisioning is supported.

    The Modify Group field can be added to any step of a workflow within the Designer tool. The Provisioning tool is available from the second step of the workflow and onwards.

What Can I Do Here?

Adding the Modify Group field

  1. Click Workflows and either:

    • Click New Workflow, and in the Workflow Properties window enter the name and workflow type you require.
    • Click an existing workflow (which contains the workflow type you require) and edit it. 
  2. Click a step in the workflow.
  3. Click Fields to see the fields for the selected step.
  4. Click Add field.
  5. In the field type, select Modify group.
  6. Enter a Field display name and Tooltip text (optional), that will be shown in the request. These are the same for all steps that use the Modify Group field.

  7. Select the options for the field:

    • Mandatory - the handler must enter the group information. This is the same for all steps that use the Modify Group field.

    • Multiple - the handler can enter multiple values for this field. This is the same for all steps that use the Modify Group field. For best performance, Tufin recommends limiting groups in this field to 50.

    • Read-only - The handler of this step can view the contents but not edit values of the field.

    • Show Designer tool - the handler can view recommended changes and implement them. For each step that you enable the Designer tool, you can allow handler to:

      • Allow all: Allow all Designer capabilities supported by this workflow.

      • Allow design only: View the Designer recommendations for policy updates.

      • Allow update only: Provision the Designer recommendations by saving the policy updates to devices. (For devices where Provisioning is supported)

      • Allow commit only: Commit the current policy from the management device onto associated child firewall devices. (For management devices where Committing Changes is supported)

      • Allow design and update only: Perform both design and update processes.

      • Allow update and commit only: Perform both update and commit processes.

  8. Click OK.
  9. Add the field to other steps in the workflow, if necessary, and Save the workflow.