Using SMPolicyReader to Correct Differences Between Tiers

Introduction
I am currently using the SMPolicyReader to try to resolve differences between ACO settings in the various tiers [we use DEV/TST/STG/PRD].

Installation
Download from the community site. Unzip. Run the .bat file–there is video on youtube with more instructions.

Creating Exports
I generally use something simple like:

xpsexport e:\david\TST-Policy.xml -xb -npass -vT

Comparing

There are a lot of issues–the first is naming standards. For the difference engine to work either the OID’s need to be the same [which is hard to control even with mature import/export strategies] or the names must exactly match. I am trying to use name match–going back and renaming ACO’s, updating WebAgent.conf, & then restarting is not that difficult–make a copy and clean up later is safest. In any event, even with the names exactly the same you can still see challenges:
nameClash

This is because I did not select Options > Compare uses ObjectXID. Turing that off improves the comparison by only using name…

tbpDifferences

Trouble Shooting
Here is an example where a manual admin error was made on a rule which in most cases would be very difficult to track down–generally involving the need to troubleshoot with the app team. Here we can see that there is an obvious difference in the OnAccessReject rule:

issueULRFindHardOnes

Looks like it was a configuration issue in which the wrong Action was selected

issueURLWrongRepose

Easy to fix–but stuff like that can be very hard to find sometimes, APP teams often don’t test it until it is too late, and human error is always a possibility.

Issues
There are still some challenges with the tool–it would be nice if there was a setting to ignore certain fields on certain objects.

I run into challanges on some objects with attribute values I do not understand or don’t show up on the admin console, for example here is an ACO setting for IgnoreURL=2 or =0–the value of the attribute in the console for both is the same.

issueIgnoreUrl=2Compare

Advertisements

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s