Cisco Cisco Security Manager 4.0 仕様ガイド
Cisco Security Manager 4.4 API Specification (Version 1.1)
OL- 29074-01
Page 41
3.1.2 BasePolicyObject
This is the base class for all Policy Objects which are reusable object definitions. Policy data like AAA policy,
Firewall policy etc. maintain references to policy objects. There are multiple “types” of Policy Objects. Also a
policy object can be “Global” or “Local”. A global Policy object indicates that the object is a global definition that is
referenced by policies on any device. A Policy Object “override” indicates a global policy object that is
“overridden” for a specific device.
Firewall policy etc. maintain references to policy objects. There are multiple “types” of Policy Objects. Also a
policy object can be “Global” or “Local”. A global Policy object indicates that the object is a global definition that is
referenced by policies on any device. A Policy Object “override” indicates a global policy object that is
“overridden” for a specific device.
A set of policy objects may be “grouped” under a single policy object of the same “type”. In some cases, a policy
object could also reference a policy object of a totally different type (this is different from a “grouped” policy object
which groups’ policy objects of the same type).
object could also reference a policy object of a totally different type (this is different from a “grouped” policy object
which groups’ policy objects of the same type).
The BasePolicyObject class inherits from BaseObject including all attributes.
Attribute
Type
Comment
type
String
It's a mandatory attribute of any policy object that describes the
type of the policy object. Example – “Network” or “Service”.
type of the policy object. Example – “Network” or “Service”.
comment
String
Associated comment/description of this policy object (optional).
nodeGID
Object Identifier
The device ID if this is a “override” policy object. Set to -1 for
Globals
Globals
isProperty
Boolean
A true value indicates that “overrides” for this Global Policy
Object are allowed. A false indicates this global is not allowed to
be “overridden”
Object are allowed. A false indicates this global is not allowed to
be “overridden”
subType
String
Sub-types applicable for “Network” and “Service” Policy
Objects. For example “Host”, “Address Range” are sub-types for
a “Network” Policy object.
Objects. For example “Host”, “Address Range” are sub-types for
a “Network” Policy object.
isGroup
Boolean
If true, this indicates whether this policy object is a “grouping” of
other policy objects of the same type.
other policy objects of the same type.
refGIDs
ObjectIdentifierList Only applicable if “isGroup” is true. The list has the policy
objects Id’s this refers to.
configState
Enumeration
The current state of the policy object taken from { committed,
deployed }
deployed }
Table 20: BasePolicyObject Class Definition
Name override behavior - This is the name associated with the object. If the name is empty (“”) then this refers to a
internal policy object. All user defined policy objects must have a name. Internal policy objects are automatically
created by the system in some cases. For example if a user provides a literal IP address in a rule (instead of a Policy
Object), then a ‘nameless’ policy object is automatically created for the rule.
internal policy object. All user defined policy objects must have a name. Internal policy objects are automatically
created by the system in some cases. For example if a user provides a literal IP address in a rule (instead of a Policy
Object), then a ‘nameless’ policy object is automatically created for the rule.
parentId = The parent Global Policy Object ID for which this Policy Object is an “override”. For non-overrides, this
is set to -1.
is set to -1.