There are a bunch of reports on the forums that allow you to visualize rules by entry. You can then pull these into Excel and make a very handy pivot table. This is great for better visualization, but it does not address the export and load aspect. In 10.1 there is no way to export site or organization rules. The rules within a particular application container can be exported by exporting the product as template for example then stripping out the rule section.
In addition you can export rules using winDU or ACL Export Utility, but again neither of these address the load issue.
To generate an XML load file for rules exported from any domain you could make a report in the format required by the CSV2XML load utility. However this does not support the loading of dynamic roles. The CSV XML format is not the same as the XML format used within the container templates. Only the container template format supports dynamic roles.
We are currently creating a report and custom parsing tool to generate XML load files in the format that supports dynamic rules. Not finished yet.
Something else to be aware of is the difference in how the qml report displays rules compared to how they are displayed in the policy admin tool. The qml reports have one line per entry. The policy admin utility has neither one line per rule or one line per entry. It is actually a list of entries grouped by rule and principal reference. For the policy admin utility this means:
- A WTRule can span one or more lines.
- One line can contain 1 – 3 WTEntries (grant, deny, absolute deny)
The format of the ACL XML used by the container templates, is grouped according to how they are displayed in the UI not in the .qml report of entries.