# Policies
# Preamble
The EE server supports policies, that can be used to specify certain restrictions on a user or group level.
These can be used to overwrite certain compliance settings so that individual users or groups have less restrictions.
We assume that your webclient is running on https://example.com, the portal is reachable with
https://example.com/portal/
TIP
This feature is only available in the Enterprise Edition.
# Create Policy
In the portal go to Policies
Click on the plus to create a new policy
Enter a title for your policy and click "Create Policy"
Adjust Priority
Once created, the system should directly open the new policy so you can fine-tune the settings. Adjust the priority as necessary. Settings specified in policies with higher priorities will override those with lower priorities.
Configure settings
Under the
Settings
tab, chose the parameters that you'd like to overwrite and configure the value accordingly.Configure users
You can now apply this policy to users and/or groups. To apply this policy to users, choose the
Users
tab, use the search function to find the user, and then check the checkbox in theMapped
column.Configure groups
To apply this policy to groups, choose the
Groups
tab, use the search function to find the group, and then check the checkbox in theMapped
column.WARNING
Users in general are allowed to leave groups. As such policies should eather only grant permissions, so that a user cannot bypass restrictions by leaving a group. An alternative approach would be to configure "Forced Membership" on the group, which will prevent that a user can leave the group.
(Optional) Configure Forced Membership
Go to
Users
->Groups
and click thepencil
button next to the group to edit the group. Afterwards checkForced Membership
and click on Save. That way a user cannot leave the group nor deny the request to join the group. Policies for these groups are also applied before a user accepts the group membership.
← OIDC Extras SCIM →