Managing role conflicts

Directory services allow the same user to belong to multiple groups. As a result, a single user may exist in groups that are managed by different delegated administration roles. The same situation exists with domains (OUs).

Additionally, it is possible for a user to be managed by one role, and belong to a group or domain (OU) that is managed by a different role. If the administrators for both of these roles are logged on simultaneously, the administrator responsible for the user could apply policy to that user at the same time as the administrator responsible for the group applies policy to the individual members of the group.

Use the Delegated Administration > Manage Role Priority page to tell web protection software what to do if different policies apply to the same user because of an overlap (that is, if two group-based policies apply to the same user). When a conflict occurs, web protection software applies the policy from the role that appears highest on this list.

Steps

  1. Select any role on the list, except Super Administrator.
    Note: The Super Administrator role is always first on this list. It cannot be moved.
  2. Click Move Up or Move Down to change its position in the list.
  3. Repeat steps 1 and 2 until all roles have the desired priority.
  4. When you are finished making changes, click OK to cache the changes and return to the Delegated Administration page. Changes are not implemented until you click Save and Deploy.