This request came to me in the spring of 2017 and we did not complete it because of time constrains. I want to leave this documented here because i think it is logic.
Situation:
1/ you create a sec. service
2/ create two policies, policy #a and policy #b
3/ edit the sec. service and attach this two policies
4/ you edit a compliance item and you select the sec. service, the two policies are automatically “suggested” (you may leave both them, remove one or remove both)
Scenarios:
a/ you decide to eliminate one or both policies
→ eramba now will remove the policies from the sec. service
→ will remove them from the compliance item
b/ you add or remove policies to the sec. service
→ eramba now updates the sec policy
What you are suggesting is that in scenario “b” , the compliance item will:
- If you added / removed policies to the sec service: will ask you “do you want this policies you added included on all items where this sec. service is in use” ?
if that is the requirement, then it wont be done quickly (even tough i agree %100 this makes sense) because we depend on the user interface and that is to be changed in two months or so (the whole user interface changes).
The quickets way to fix that is using “mass edits” on compliance analysis. You search with filters “what controls use this sec. service” , then you select them all and add or remove policies. Does it make sense? is not great, is manual and could lead to mistakes, but since is not possible to do it now…