How to Create, Edit, & Update Security Trees

As a Vault Admin, you can configure security trees in the Vault UI. Learn more about how to configure security trees in Vault Help.

As a developer, you can create, update, or delete a security tree with Vault API’s Execute MDL Script endpoint. You can also execute MDL commands with Vault Toolbox.

For example, the following request will create a security tree:

CREATE Object my_security_tree_mdl__c (
   label('My Security Tree'),
   label_plural('My Security Trees'),
   active(true),
   object_class('securitytree'),
   user_tree_assignment_object_name('user_tree_assignment'),
   audit(true),
   in_menu(true)
);

Learn more about security tree-specific attributes in Understanding Tree Security. You can also learn more about Object component fields, such as audit and in_menu, in the Component Reference.