How policy assignment rules work

Policy assignment rules enable you to create system-specific and user-specific policy assignments.

These assignments are enforced on the target system when a user logs on. The agent on the managed system keeps a record of the users who log on to the network. The policy assignments you create for each user are pushed down to the system they log on to, and are cached during each agent-server communication. The agent applies the policies that you have assigned to each user.

Note: When a user logs on to a managed system for the first time, there can be a slight delay while the agent contacts its assigned server for the policy assignments specific to this user. During this time, the user has access only to that functionality allowed by the default machine policy, which typically is your most secure policy.

Policy assignment rules reduce the overhead of managing numerous policies for individual users, while maintaining generic policies across your System Tree. For example, you can create a policy assignment rule that is enforced for all users in your engineering group. You can then create another policy assignment rule for members of your IT department so they can log on to any computer in the engineering network with the access rights they need to troubleshoot problems on a specific system in that network. This level of granularity in policy assignment limits the instances of broken inheritance in the System Tree.

For FRP OS X clients, policy assignment rules can be used only for system-specific assignments. User-Based policies are not supported on FRP OS X 5.0 clients.