Decommission Network Object Field

Workflow Owner This topic is intended for SecureChange workflow owners, who are responsible for creating and maintaining workflows.

When you configure workflow steps, in the Decommission Network Object field (formerly Server Decommission field) in a workflow step, the Display name and Tooltip text are the same for every step that the field is added to. All other settings apply only to the current step:

In a Decommission Network Object workflow, when multiple tasks are opened on the same step by Dynamic Assignment, no changes can be made to the rules or objects within the rules, and all tools (such as Designer and provisioning) are disabled for the handlers, even if the same handler is configured for all the tasks in the step.

General

  • Read-only - The handler of this step can view the contents but not edit values of the field.

Show

  • Impact Analysis tool - Lets the handler open the impact analysis tool, which shows where the server is used in the firewall rules of all monitored devices.

  • Designer tool - Lets the handler open the Designer, which gives precise recommendations for how to change the firewall rules in order to remove the specified servers.

    For each step that you enable the Designer tool, you can allow the handler to:

    • Allow all: Allow all Designer capabilities supported by this workflow.

    • Allow design only: View the Designer recommendations for policy updates.

    • Allow update only: Provision the Designer recommendations by saving the policy updates to devices. (For devices where Provisioning is supported)

    • Allow commit only: Commit the current policy from the management device onto associated child firewall devices. (For management devices where Committing Changes is supported)

    • Allow design and update only: Perform both design and update processes.

    • Allow update and commit only: Perform both update and commit processes.

  • Verifier tool - Lets the handler open the Verification tool, which verifies that the specified servers were removed based on the latest revision received by SecureTrack.

Decommission Network Object workflows do not support Auto steps. Instead, you can run the workflow tools through the Server Decommission Rest APIs.