Option 1: Applying one IT policy to each user account,
50
Option 2: Applying multiple IT policies to each user account,
51
Option 1: Applying one IT policy to each user account
You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a
member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT
policy that you ranked the highest in the BlackBerry Administration Service.
If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server,
this is the default method for resolving IT policy conflicts. If you install BlackBerry Enterprise Server 5.0 SP2 or later, the
default method for resolving IT policy conflicts is to apply multiple IT policies to each user account and create a combined
IT policy that has a unique ID for the user account.
Reconciliation rules for conflicting IT policies when you apply one IT
policy to the user account
The BlackBerry Enterprise Server can apply only one IT policy to a user account. Since you can assign IT policies to user
accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to determine
which IT policy it can apply to a user account.
The BlackBerry Administration Service might have to reconcile conflicting IT policies if you perform any of the following
actions:
• add an IT policy to or remove an IT policy from a user account or group
• change an IT policy
• change the ranking of IT policies
• delete an IT policy
Scenario
Rule
You add a new user account to a BlackBerry Enterprise
Server. You do not assign an IT policy directly to the user
account and you do not add the user to a group.
The IT policy that you assigned to the BlackBerry Domain,
or the Default IT policy that is assigned to the BlackBerry
Domain, is assigned to the user account.
You assign an IT policy to a user account and a different IT
policy to a group that the user account belongs to.
The IT policy that you assign to a user account takes
precedence over an IT policy that you assign to a group. An
IT policy that you assign to a group takes precedence over
the IT policy that you assign to the BlackBerry Domain (or
the Default IT policy).
A user account belongs to multiple groups. You assign
multiple IT policies to the groups but do not assign an IT
policy to the user account.
The BlackBerry Enterprise Server applies the IT policy that
you ranked the highest in the BlackBerry Administration
Service to the user account.
Administration Guide
Using an IT policy to manage BlackBerry Enterprise Solution security
50