ACL configuration watcher The ACL configuration watcher lets you know what related ACLs exist on a table when you insert, update, or delete an ACL on the same table. The ACL configuration watcher is an interceptor window that displays every time you make important changes on the Access Control [sys_security_acl] table. It displays a security rules summary window where you can view ACLs related to the one you are modifying. You cannot modify any ACLs from the security rules window. To make any modifications, close the watcher window and go to those ACLs. The ACL configuration watcher is available with the Geneva release. The ACL configuration watcher does not appear in the following situations: If you save or update an ACL record without actually making any changes. If you make minor updates (not an insert or delete), such as updating scripts, conditions, and the admin-overrides option. If the ACL record is not active. ACL Security Rules window The configuration watcher shows the ACL execution plan. The execution plan is displayed in the security rules pop-up window. You can view this kind of information: Table 1. ACL configuration window elements Item Description red highlight An ACL that is deleted or deactivated. blue highlight An ACL that is modified. green highlight An ACL that is added or becomes active. Masked An ACL that was effective until you made a change. Unmasked An ACL that was just made effective when you made a change. Figure 1. Configuration watcher example Show ACL execution planAdministrators can view how ACLs relate to each other by viewing an execution plan for any ACL in the instance.Use the ACL configuration watcherUse the ACL configuration watcher after you elevate to security administrator.