Managing Certification Decision Conflicts

Multiple Rule Owners could disagree about the certification decision for a rule. For example, one Rule Owner wants to certify their network objects in the rule and another Rule Owner wants to decertify their network objects in the rule.

The Rule Lifecycle Management App (RLM) identifies these rules, marks them with the PARTIAL status in the Pending menu, and automatically adds the Default Owner group to the rule. This group of administrative users is responsible for mediating tickets for which Rule Owners disagree about the certification decision.

There may be Rule Owners, in the Waiting for Owners list, who have not made a certification decision. The App Administrator (or member of the Default Owner group) repeats the procedure described in this topic until either all of the Rule Owners decide to certify the rule or the App Administrator removes networks in the rule that belong to Rule Owners who want to decertify the rule. Each time the App Administrator selects the rule for modification, RLM opens a new rule modification ticket in SecureChange and updates the rule in the Pending menu with the new ticket number.

Prerequisites

A Rule Modification workflow is required for this procedure. For more information about creating this workflow, see Creating Workflows for the App.

Resolve Certification Conflicts

The App Administrator resolves certification conflicts for these rules as follows:

  1. Select () one or more rules with a PARTIAL status.

  2. From the Actions () list, select Change rule by Rule Modification workflow.

  3. RLM opens a new rule modification ticket in SecureChange, passes the rule details to the Rule Modification field.

    When this ticket opens, RLM also updates the rule status in RLM to MODIFY and adds the ticket ID in the rule.

  4. In SecureChange, the App Administrator, or an administrator from the Default Owner group, resolves the conflict and changes the rule as required.

    RLM updates the rule status to MODIFIED.

Certify Rules Without Conflicts

RLM automatically opens a rule recertification ticket to certify the rule with the remaining networks when all of these conditions are true:

  • All networks, which were marked as decertify by their Rule Owners, are removed from the rule.
  • There are no Rule Owners waiting to make a certification decision.
  • There are Rule Owners who want to certify the rule.

RLM monitors this rule until the ticket closes and the changes are provisioned on the device. RLM retrieves updated rule information during subsequent syncs with SecureTrack and updates the Pending menu.