Important! When you use CA DataMinder for the first time after installation, we strongly recommend you choose a new default group and define a restrictive policy for this group. This prevents new users from defining their own policy in order to dodge the rules in your organization governing acceptable Web and e-mail usage.
Why is this necessary?
The default group can be any existing user group. It is effectively a holding group until you can move new users into more appropriate groups. But when you use CA DataMinder for the first time, there is only one existing group. This is the 'Users' group and so it is automatically set to be the default group.
Is this a problem? Yes, it is. Of necessity, 'Users' has a non-restrictive policy: no settings are disabled, enforced or hidden. This means any new user who inherits this policy has complete freedom to change any setting in their policy.
To eliminate this problem, you must choose a default group that does have a restrictive policy. That is, key policy settings are enforced, hidden or disabled. This ensures that new users adhere to the rules governing acceptable Web and e-mail usage.
Why does 'Users' have a non-restrictive user policy?
'Users' is always the top level user group in the User Administration tree. By default, it has a non-restrictive user policy. That is, settings are not enforced, disabled, or hidden. This gives you maximum flexibility to selectively restrict policies in child groups lower down the tree.
If you were to redefine the 'Users' policy in order to accommodate new users, for example by enforcing or hiding key settings, these restrictions would cascade down the User Administration tree to affect every user in your organization. This is because you cannot unenforce or unhide settings in the child policy if these restrictive attributes were inherited from its parent policy.
|
Copyright © 2014 CA.
All rights reserved.
|
|