Hi Dilan, Ideally if there are policies in all the assign resources such as users, roles and platforms intersection or union needs to be calculated based on the policy. Lets say for an example admin might have blocked camera for a role but specifically enable it for a certain set of users. In that case the most appropriate would be the user level policy and hence it needs more weight in that scenario. When it comes to other operations like VPN, LDAP, APN settings we could consider the union hence it represent the entire operation stack that the user needs to focus.
Hence conceptually I would say that the current functionality to have multiple policies based on the assign resources could be present in normal usecases but the way we need to handle the compliance/monitoring needs to be defined based on the corresponding operation/policy. Regards, Dilshan On Thu, Jan 22, 2015 at 12:05 PM, Dilan Udara Ariyaratne <[email protected]> wrote: > Hi All, > > While going through the following documentation > https://docs.wso2.com/display/EMM110/Working+with+Policies > on managing policies, I came across the idea that a policy can be defined > on various levels. > > Namely user level (L1), platform level (L2) and role level (L3). L3 > policies have the lowest priority. L2 policies override L3 policies, while > L1 policies override both L2 and L3 policies. > > Although it is not clearly defined, I guess that > [1] a user level policy is a policy to have only a set of users attached, > [2] a role level policy is a policy to have only a set of roles attached > and > [3] a platform level policy is a policy to have only a set of platforms > attached. > > However the question is that if we look into the EMM Web Console Admin UI > web page > on assigning resources, (i.e. users/roles/platforms) to a policy (see the > image attached), it is possible to > assign more than one resource type in a mix for a policy which is totally > against the documented way of defining policies. > > Is this a problem in the UI or have I misunderstood this concept totally? > > Appreciate your feedback on this. > > Thanks. > > *Dilan U. Ariyaratne* > Software Engineer > WSO2 Inc. <http://wso2.com/> > Mobile: +94775149066 > lean . enterprise . middleware > -- Dilshan Edirisuriya Senior Software Engineer - WSO2 Mob: + 94 777878905 http://wso2.com/ https://www.linkedin.com/profile/view?id=50486426
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
