How to Work with RLM

Who can use Rule Lifecycle Management App?

Tufin’s Rule Lifecycle Management App (RLM) automates the work of contacting stakeholders across your organization to request they certify firewall rules. It provides a simple and streamlined portal for collaborating on these certification decisions and documenting the justifications. The following roles are relevant for different users of this application.

Who Am I and What Can I Do?

There are several types of users who are involved in the rule recertification process.

Rule Owner

• Receives email notifications from RLM when there are rules that require their attention.

• Reviews the rules for which they are responsible.

• Makes the certification decision - either to certify the rule or decertify the rule. Implementation of the certification decision can be automatic or manual, depending on the settings defined by the App Administrator.

• Rejects ownership if they feel that they were assigned an asset in error. The App Administrator can reassign the asset to another Rule Owner.

Are you a Rule Owner? Click here for more information.

App Administrator

• Creates users in SecureChange so that they can be added as Rule Owners in RLM.

• Creates rule-related workflows in SecureChange, and configures RLM to use these workflows. RLM uses these workflows to create tickets in SecureChange.

• Manages and configures RLM to retrieve rules that are not used or will expire soon.

• Maps Rule Owners to the rules for which they are responsible.

• Resolves conflicting certification decisions when Rule Owners disagree.

Are you an App Administrator? Click here for more information.

Auditor

• Identify rules by policy, device, and person who certified the rule.

• Retrieve documented business justification for the rules.

Are you an Auditor? Click here for more information.

Handler

• SecureChange user who implements the certification decision, when manual intervention is required

Are you a Handler? Click here for more information.