Using the Policy Tree's tree view

The tree view displays the management trees and their associated objects.

Trees available in classic policy tree
Tree	Description
Credentials	Credential objects are created and managed in the Credentials tree. Credential objects store the credentials Trust Protection Platform uses to authenticate with devices, applications, and CAs. NOTE Credentials can also be created and managed in the Policy tree. In the Policy tree hierarchy, Credential objects may be contained by Policy, Device, or Application objects. The ability to create Credential objects under different objects in the Policy tree facilitates the distribution of Credential object permissions assignments. For example, if you assign permissions at the policy level, then create the Credential objects under the same policy where their associated applications or certificates are located, the credentials automatically inherit the same permissions as their associated objects. In this way, you can ensure that administrators have permissions to only those credentials required to manage the applications or certificates for which they are responsible. For more information on managing your system credentials, see Working with system credentials.
Discovery	The Discovery tree lists the configured Discovery and Discovery Exclusion objects for network and agent-based discovery. In Policy Tree, you can do a CA Import Discovery only. All other discovery work is done in Aperture. For more information on configuring and managing discoveries in the Discovery tree, see Discovering certificates and keys.
Encryption	The Encryption tree contains your system’s Encryption drivers. Encryption drivers provide access to the keys used to secure your system’s encryption assets—that is, certificates, private keys, SSH keys, Credential objects, administrator usernames and passwords, and all other information stored in the Secret Store database. Trust Protection Platform uses either the Venafi Platform software key, or a hardware key on a supported HSM device (or both) to secure encryption assets within the Secret Store. For more information on managing system encryption, see Managing system encryption keys.
Identity	In Trust Protection Platform, all users, groups, and user datastores are managed in the Identity tree. For more information on managing objects in the Identity tree, see Working with identities, permissions, and teams.
Logging	The Logging tree provides a comprehensive view of the Trust Protection Platform notification system and is the control center for all system logging and notification activities. The Logging tree lists every application that can log events in Trust Protection Platform. Each Logging Application object, in turn, stores the definitions for its associated events. This is a valuable reference when you are configuring your system notifications. The Logging tree also provides a view of all configured Notification and Channel objects. Notification objects define which types of events you want to monitor and under what conditions. Channel objects define the event output target. For more information on managing logging and system notifications, see Understanding system logging and notifications.
Platforms	The Platforms tree displays the Trust Protection Platform servers and modules. For example, if you have your central Trust Protection Platform server and a dedicated Discovery Server, this tree displays the two Server objects and their associated modules. From this tree, you can define global module settings like Certificate Renewal and Notification monitoring cycles, the time the Trust Protection Platform server runs its daily tasks, and the Discovery schedule.
Policy	The Policy tree provides a hierarchical view of your encryption deployment model. Policy, Jump Server, Device, Application, CA Template, Credential, Certificate, SSH Key, and Workflow objects display in context of other system objects so you can intuitively design your object hierarchy and policy inheritance paths. For information on managing folder, see Using policies to manage encryption assets.
Reports	The Reports tree allows you to create and manage system reports. The individual Report objects—Licensing, Entitlement, Expiration and SSH Key reports—determine report format, how often the report is generated, and report delivery options. For more information, see Managing system reports.
Roots	The Roots tree lists all archived root and intermediate root certificates in context of their signature chain. From this tree, you can download root certificates to other servers. For more information on managing objects in the Roots tree, see Managing root certificates.
Workflow	Allows you to manage approval requests. The current user can manage and monitor pending Approval Requests or view a history of approved and rejected Approval Requests. For more information on implementing and managing your corporate workflow procedures, see About workflows.