4-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 4 Managing Activities
Understanding Activities
Note Workflow mode works in the same manner whether Ticket Management is enabled or not.
Enabling Ticket Management in Workflow mode simply enables the Ticket field for use with
Activities. Entering a ticket ID is not required, but if one is used, the Ticket field can be
configured to link to an external change management system. For more information, see
Ticket Management.
When you create an activity, or one is created for you, you open a virtual copy of the Security Manager
policy database. You define and assign policies within this copy. Changes that you made within this copy
are only available within the copy. Other users in different activities cannot see these changes. After the
activity is submitted and, in Workflow mode, approved, the changes within this copy are committed to
the database so that all other users can view the changes. Then, you can create a deployment job to
generate the relevant CLI commands and deploy them to the devices.
How you submit your activity changes differs depending on Workflow mode:
Non-Workflow mode with Ticket Management (default)—Select Tickets > Submit Ticket to
submit your changes to the policy database.
Non-Workflow mode without Ticket Management—Select File > Submit to submit your changes to
the policy database.
Workflow mode—Select Activities > Submit Activity if you are working with an activity approver,
or Activities > Approve Activity if you do not have a separate activity approver.
The following topics describe why activities are important and how they operate in Workflow mode:
Benefits of Activities, page 4-2
Activity Approval, page 4-3
Activities and Locking, page 4-3
Activities and Multiple Users, page 4-4
Understanding Activity/Ticket States, page4-4
Benefits of Activities
You use activities to control changes made to policies and policy assignments. Although how activities
are implemented depends on the workflow settings you choose, all activities provide the following
benefits:
Audit trail—Activities track changes that are made in Security Manager. You can use this
information to determine what changes were made and who made the changes as described in
Viewing Activity/Ticket Status and History, page 4-23. For both Workflow and non-Workflow
mode, there is also an audit report that provides visibility into activities and other actions, as
described in Working with Audit Reports, page10-19.
Safety mechanism—Activities provide a means for experimenting with changes. Because you are
making the changes to a private database view, if you do not want to implement the changes, you
can easily discard the activity or configuration session. For more information, see Discarding an
Activity/Ticket, page4-22.
Task isolation—The policies that are modified within an activity (or configuration session) are
locked from being modified within other activities. This prevents conflicting changes that could
make a policy unstable. For more information, see Activities and Locking, page 4-3.