How policies are determined for a remote control session
When a remote control session is requested, a number of factors must be considered when the permissions and policies are determined for the session. The policies and permissions for the various entities that are involved in the session are considered. These entities are user, user groups to which the user belongs, target, and target groups to which the target belongs. The different sets of policies must be resolved following rules of precedence. The result is a single set of policies and permissions for each session.
Users and targets are assigned to groups that have policies and permissions defined. The permissions that are defined in these groups are known as their standard or normal set of permissions.
Due to the group hierarchy that can be set up, users and targets can be members of groups. User
groups and target groups can also be members of other groups. Therefore, when a remote control
session is requested, the following permissions are considered when the policies are determined for
the session.
- The permission sets that are defined for immediate user to target group relationships.
- The permission sets that are defined for relationships between parent and grandparent groups.
When all required user and target groups are created and their membership is defined, you must
create relationships between the user and target groups. The relationships determine the policies
and permissions that are applied during a remote control session. Use the Manage
Permissions function to create these links between the groups.
Note: It is important to
set up the groups and relationships in a way that does not lead to unexpected policy values.
.