On the Relationships tab, you can link one object to another one for the purpose of acquiring policy inheritance from the linked object. For example, you may want a subscriber to inherit the policy assigned to an organizational unit (OU) in Active Directory although the subscriber is not a child of that OU. To do this, add a policy relationship to the device linking it to the OU and thereby inheriting the policies entitled to the OU. If a device is linked to a group by a policy relationship, the device will inherit the policies entitled to the group even if it is not a member. One typical use of policy relationships is to link entire OUs to one or more groups where policies are assigned. This type of linkage is only possible using a policy relationship since an OU cannot be a member of a group in LDAP.
This feature should be used sparingly in the directory model. Its primary goal is to represent policy relationships between two objects, that are not otherwise present in the form of parent-child or “memberOf” relationships; or when such a relationship is conditional on some dynamic criteria.
In the following example, we will add a policy relationship to a single device by linking it to another directory object.
To create relationships between objects:
Click Close in the Execution Status pop-up window to close the window. All the policy entitlements of the related objects will be inherited by the originally selected device.
The newly selected directory objects will appear in the Policy Relationships table for the originally selected device. Also, the entitlements page for the selected device will now display the policies of the directory objects to which it has been linked.