If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default method for resolving IT policy conflicts. If you
upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, the
default method for resolving IT policy conflicts is to assign one IT policy to each user account according to the rankings of
the IT policies that you specify in the BlackBerry Administration Service.
Reconciliation rules for conflicting IT policies when you apply multiple IT
policies to a user account
The BlackBerry Enterprise Server can apply multiple IT policies to a user account if the user account is a member of
multiple groups that have different IT policies. Since you can assign IT policies to user accounts, groups, or the BlackBerry
Domain, the BlackBerry Administration Service uses predefined rules to apply an IT policy to a user account.
The BlackBerry Administration Service might have to reconcile conflicting IT policies if you perform any of the following
actions:
• add an IT policy to or remove an IT policy from a user account or group
• change an IT policy
• change the ranking of IT policies
• delete an IT policy
Scenario
Rule
You add a new user account to a
BlackBerry Enterprise Server. You do
not assign an IT policy directly to the
user account and you do not add the
user account to a group.
The Default IT policy (applied at the BlackBerry Domain level) is assigned to the
user account.
You assign an IT policy to a user
account and different IT policies to the
groups that the user account belongs
to.
The IT policy that you assign to a user account takes precedence over the IT
policies that you assign to the groups that the user belongs to. An IT policy that
you assign to a group takes precedence over the Default IT policy (applied at the
BlackBerry Domain level).
A user account belongs to multiple
groups. You assign multiple IT policies
to the groups but you do not assign an
IT policy to the user account.
If you assign multiple IT policies to the groups that the user account belongs to,
the BlackBerry Enterprise Server resolves the IT policy rule settings in the
multiple IT policies and assigns a combined IT policy that has a unique ID to the
user account. The BlackBerry Enterprise Server resolves conflicting settings for
IT policy rules by applying the rule setting from the IT policy that you ranked the
highest in the BlackBerry Administration Service.
For example, you configure the Disable Photo Camera IT policy rule to Yes in IT
policy A and to No in IT policy B. If you rank IT policy A higher than IT policy B,
the Yes setting is applied for this rule.
A user account belongs to two groups.
You assign the first group IT policy A,
which has the Allow Browser IT policy
rule as blank (which means that it uses
When the BlackBerry Enterprise Server resolves conflicting rule settings, any
rule settings that have been explicitly configured to a value take precedence
over IT policy rule settings that are blank (these rules revert to the default value).
Administration Guide
Using an IT policy to manage BlackBerry Enterprise Solution security
52