A Policy is a collection of Site Groupings that can be assigned to Users or User Teams. By allowing Administrators to aggregate permissions for all Sites into a single object, Policies provide a very convenient way of assigning large sets of permissions to Users and User Teams. For more details about the main concepts and terminology used for Policies, see Permissions - Concepts & Terminology and Permissions Model.
Important: It is vital to properly understand the IRM permissions model, by reading the overview sections listed above, before attempting to define Policies.
The central place for Administrators managing Policies is the Policies page in the Global Console. The following screenshot image below displays an example of the Policies Global Console menu page, while the following text explains the feature in more detail, focusing on creating and editing Policies.
When the Policies Global Console menu item is selected, only the top data grid is displayed by default. By selecting one of the Policies from the grid two additional data grids are displayed below - Users and Teams, listing all Users and all User Teams currently existing in IRM. These grids have a checkbox column at the beginning, which enables the chosen Policy to be assigned to those Users and/or User Teams.
Click on the following topics for more details about the Users and User Teams Global Console menus.
Creating / Editing Site Policy
The screenshot image below displays the Edit Policy dialog, which enables editing a Policy and is opened by clicking on the Pencil Action button in the top grid. A very similar dialog is displayed by clicking on the + Action button, which enables creating a new Policy:
The dialog enables specifying the following properties for each Policy:
Policy Name
The Descriptive name given to the Policy
Notes
Full description of the purpose and restrictions provided by the policy
Writable Objects by Category
Allows object write privileges to be granted based upon the Objects Super Category and is a quick solution to give access to an entire class of objects.
Allows Groupings to be assigned to the Policy, meaning users will be granted access to all objects which are members within the Groupings assigned to the Policy.
The software does not allow creation of an object unless the user has either the applicable Super Category shortcut write permission, or the Lifecycle Super Stage shortcut permission. This means the user cannot create objects without having one of those permissions, even if the created object would fall into a Grouping that he has permission for.
The UI enforces this object creation policy as follows:
If there is a dialog that is part of the creation operation, other than the object editor dialog, and the object itself is not actually created until the user presses the OK / Save button in that dialog, the policy is enforced by deactivating the OK / Save button.
For cases where the object is created immediately after a context menu item or other UI option is selected, the context menu or other UI option is disabled.
Disabled OK / Save buttons or context menu items show a tooltip indicating the reason(s) why the control is disabled, such as "No write permission." or "Object frozen" or "Library object" or whatever.
