A Group Policy is a set of rules that are used by all members of an Organisational Unit (OU). Each rule may be Enabled, Disabled or Not Set. Example rules are “Allow Create Databases” and “Allow Manage Users”.
To keep things simple, we suggest using the same security settings for all Local Administrators. That is, Hong Kong Local Administrators should be able to do the same things in their databases as Singapore Local Administrators can do in theirs.
There is the flexibility within IFP 3.1 to take a more individual approach to the security set-up if required. Please note the following:
- As Regional Administrators are members of the Administrators Role, they use a built-in Group Policy that allows them access to everything. As such, you do not need to create a separate Group Policy for them.
- Local Administrators need a Group Policy as you need to specify exactly which tasks they are allowed to perform. Refer to Local Administrator Group Policy Rule Settings for our recommendations.
- Normal Users do not require a Group Policy as they do not need to perform any administrative tasks. They use the built-in Default Group Policy.
How to Create a Group Policy for Local Administrators
You must have the Allow Manage Group Policies rule enabled to do this
- From IFP Home, select Databases/Files > Database Manager.
- Select Group Policies under Security in the left navigation. All existing users in that OU will be displayed in the right pane.
- Click Add on the toolbar to show the Group Policy dialog.
- Complete the required fields e.g. Name = Local Administrators Policy.
- Select the Policy Rules tab. This lists all of the rules that can be set for the Group Policy and whether or not they are enabled.
- Double-click a rule to view more details and to enable or disable it. Note that “not set” is the same as “disabled”.
- Click OK to create the Group Policy.
- By default, all rules are "not set" i.e. disabled.
- You can only enable rules that are enabled for you e.g. if you have Allow Edit Data Files enabled, you may enable that rule. You will not see any rules that are not enabled for you.
- Be aware that Group Policies may be used by several OUs (see This Group Policy is used by...). Changing the rules will affect the security settings of all OUs that use it. If required, create a separate Group Policy.
Please sign in to leave a comment.