73
Layered Policies
under review
Allen
We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
Activity
Newest
Oldest
Aliese
under review
Mikey Pruitt
Mikey Pruitt
Merged in a post:
Assign multiple policies to one user
Pau
We would like to create a layered structure of policies where you can groups of users (like in DC groups).
Imagine that we have two group of users i.e. A and B as well as two policies “block social-media” and “block bad-webs”. We may want to have the policy “block bad-webs” for both group A,B but “block social-media” just for the group A. This is important because otherwise, every small change has to be made for every single policy. For example, if you want to enable a website, if you don't use the proposed structure, you would need to create the rule in both policies. (What if we have 15 policies?? = nightmare).
Cheers!
Andrew
I know this is an old one but any updates? Ordered policy layering/inheritance seems like a pretty common thing among our MSP tools so when I'm trying to make a global exclusion or block for all of our customers I can't do that with DNSFilter if we also want specific organization policy modifications. The problem gets worse the more customer policies you have to edit.
Clint
Yes we need to be able to apply multiple policies to a single site.
Lee's example is perfect. Need to be able have a Global Policy that covers all sites plus then layer on a 2nd policy that is specific to a site.
Lee
Josh Lamb That would work also, i was thinking more on the lines of assigning more than one policy to one site allowing us to create a policy called "Anti Spam Sites or Master Block Lists" and apply that to more than one site. This will still give the site the ability to have their own but we can add a site such as youtube.com to a single policy and all sites block it instantly. What you say below also sounds just like this, just wanted to explain the ideas or thoughts i had. Sorry for the delay.
Josh Lamb
Merged in a post:
Inherited Parent Policies
Nick
Having inheritable parent policies would be really useful. That way we can create sub-policies for specific user groups. That way, we can enable/disable the sales/marketing filter category in the Sales Sub Group for the Acme Parts Co. or maybe we can add facebook.com to the whitelist for that group without having to create a whole new standalone group like we're having to do now.
Josh Lamb
Hello Lee. It looks like what you are describing is policy layering. In other words, for each site you would choose several policies that would be applied together. For example "basic security" "adult content" and "streaming media" would be separately created policies and you would choose which ones to apply to specific sites. Is that correct?