In the Sentry version 9.1, a Locking Feature has been implemented for both Task List Groups and User ACLs. The feature is straight forward and allows Sentry Admins and Developers to Lock the policies to prevent them from being overwritten or otherwise updated during import of an FSG. The option is presented as a checkbox on the main page of the policy. The Task List Group or User ACL is not locked by default, but can be locked during the creation stage or any point thereafter.
Task List Group shown below:
User ACL Shown below:
To test the feature, you can build a Task List Group or User ACL and modify the policy after you export it. From there, ensure the Lock checkbox is checked, click Save, and perform an import of the FSG. You should be able to see within the Audit Logs where the policy is locked and will not be modified.
See Log example below: