USER AND SERVER CONFIGURATION
Organizational policies
An organizational policy automatically applies to all users registered in a particular organizational unit. For example, to distribute default settings to all users registered in Sales/Acme, create an organizational policy named */Sales/Acme. Then when you use the Sales/Acme certifier ID to register a user, that user automatically receives the settings in the corresponding organizational policy.
If you move a user within the hierarchical structure -- for example, because the user transfers from the Sales department to the Marketing department -- the organizational policy for the corresponding certifier ID is automatically assigned to the user. For example, if you move the user from Sales/Acme to Marketing/Acme, all settings defined in the desktop, archiving, and security policy settings documents associated with the */Marketing/Acme organizational policy are assigned to the user. The new policy settings become effective the first time users authenticate with their home server.
Explicit policies
An explicit policy assigns default settings to individual users or groups. For example, to set a six-month certification period for contract workers in all departments, create an explicit policy and then assign it to each contract employee or to the group that includes all contract employees.
A dynamic policy is an explicit policy that is created by using the Policy Assignment tab on the Policy document to assign the policy to users and groups. If the policy is a dynamic policy, then as the organization changes, you only need to update the Group document. If a user changes jobs or organizations, you do not need to determine which policies need updating. The updated group information is applied the next time the effective policy is calculated for any users in that group.
Assign explicit policies in one of these ways:
You can assign an exception attribute to either an organizational or explicit policy. You use an exception to allow the user to override a policy setting that is otherwise enforced throughout an organization. When you create an exception policy, you specify only the settings that will not be enforced. Then when you assign the exception policy, it exempts users from enforcement of those settings only.
Exception policies are a way to give someone in an organization special treatment, possibly because of their position or job requirements. For example, the */Acme policy includes a Registration policy setting that enforces a mail database quota of 60 MB. However, a small group of employees in Acme need to exceed this quota. The solution is to create an "exception" policy that includes only a Registration policy settings document, that does not set a quota limitation on the mail database. When this exception policy is assigned to users, they can override the database quota setting. Because exception policies defeat the enforcement of policy settings, use them sparingly.
Related topics