Currently in the Horizon UI, after adding a security rule you can only delete it. If you mess up one of the fields, there's no edit option available where you could see the create dialog again, flip it from TCP to UDP or whatever you forgot to do, and then update the rule. You've got to remember everything you need to fill out, delete it, and then create it properly.
It'd be much simpler if users could edit a security rule group, instead of having to delete and recreate.
If there's nothing in nova that lets us edit a rule, could we fake it in the UI and when they "edit" a rule, we just pull out all the configured info, populate a create dialog with it, and then when they click save, it deletes the old rule and creates the updated one?
As someone who has entered lots of security rules, I can tell you firsthand that it's really demoralizing when you realize you forgot to change TCP to UDP on your otherwise correct rule after creating it, and have to delete it and try again, remembering which position you were in on your port table so you don't start entering a different rule...
From past experience (...editing flavours comes to mind), it's generally unwise for Horizon to try to work around limitations in the other services and attempt to provide additional features not supported by the APIs. This tends to cause bugs and confusion. I think the right way to go about this would be to convince the other services to add an API that lets you do this first.
There is additional complexity in managing security groups in that the functionality can be provided by either Nova or Neutron (Horizon supports both). Looking at the respective clients' help, currently neither appears to provide a way to edit rules... I'll add a task on Nova and Neutron to see what they think about this.
I suppose one of the main issue with editing flavours was that the id matters one way or the other, so perhaps we could work around the API limitations somewhat more transparently here...