Previous Topic: Exclude a User or Group from a PolicyNext Topic: AND Users/Groups Check Box


Allow Nested Groups in Policies

LDAP user directories can contain groups that contain other groups. In very complex directories, a hierarchy of nested groups is one way to organize tremendous amounts of user information.

For each LDAP user directory, you can specify that the policy allow nested groups. When nested groups are allowed in an LDAP directory, each user group in the directory and all sub-groups are searched when the policy is processed. When nested groups are not allowed, each user group in the directory is searched, but no sub-groups can be searched, when the policy is processed.

To allow nested groups in a policy that contains an LDAP user directory

  1. Click the Users tab on the Policy pane.

    The User Directories pane opens and contains group boxes that correspond to the user directories associated with the policy domain.

  2. Select the Allow Nested Groups check box for each user directory that contains nested groups, and click Submit.

    The Modify Policy Task is submitted for processing, and nested groups are allowed for the specified LDAP user directories.