Naming convention policy applied to one ActiveView is affecting other ActiveViews as well. (NETIQKB13053)

  • 7713053
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

symptom
Naming convention policy applied to one ActiveView is affecting other ActiveViews as well.

cause
This is the correct behavior and arises when the 'ActiveView' that is not tied to the policy, contains rules that include the same objects in the ActiveView where the policy is applied.  

fix

In reference to the naming convention policy dialog box Specify which actions this policy affects, the choice for specific ActiveViews reads Apply to actions on objects included in.  When a specific ActiveView is defined, then the policy applies to any object defined in that ActiveView and is not limited to actions performed in the ActiveView itself.    In other words if the ActiveView contains a rule to include all users in the domain, then the Policy will be applied when an action is performed on any user in the domain.  It does not matter which Assistant Admin performs the operation.   Even a Built-in Admin will have the policy applied to them.

One potential workaround is to also define an Assistant Admin Group under the section Apply to actions performed by.  If a specific ActiveView is defined for Apply to actions on objects included in and a specific Assistant Admin Group is defined for Apply to actions performed by, then both must be true for the policy to be applied.  This provides a method to limit the scope on when the policy is applied.



Additional Information

Formerly known as NETIQKB13053