Updating delegated administration roles
Policies and managed clients are typically added to a role when the role is created.
- Delegated administrators with policy permissions can edit existing policies and create new policies within the role that they manage.
- As new members join the organization, a Super Administrator can add them to existing roles (see Editing roles).
Super Administrators can also move clients (see Moving clients to roles) and policies (Copying filters and policies to roles) from the Super Administrator role to an existing delegated administration role at any time.
- When a client is moved to a delegated administration role, the policy applied in the Super Administrator role is also copied. During this copy process, the filters are updated to enforce the
restrictions of the Filter Lock, if any.
In the target role, the tag “(Copied)” is added to the end of the filter or policy name. Administrators for that role can readily identify the new item and update it appropriately.
Encourage administrators in the role to rename the filters and policies, and to edit them as needed, to clarify their settings and to minimize duplicates. These changes can simplify future maintenance efforts.
After the client is moved to the new role, only an administrator in that role can modify the client’s policy or the filters it enforces. Changes in the original policy or filters in the Super Administrator role do not affect copies of the policy or filters in delegated administration roles.
- When policies and filters are copied to a delegated administration role directly, the same constraints are enforced that apply when filters and policies are copied as part of moving a client.
- Filter Lock restrictions are implemented during the copy.
- Permit All category and protocol filters are renamed, and become editable filters subject to the Filter Lock.
- Copied filters and policies are identified in the role by the (Copied) tag in the name.
Consider editing policy descriptions before starting the copy, to assure that they are meaningful to the administrators in the target roles.