Types and scopes of policies

Each iSeries Access for Windows policy varies in scope and provides either a restriction or a configuration.

Restriction policies

Restriction policies can usually be set to any scope and may have the following uses:

• Restrict or allow use of an function or action.

• Include restrictions for installing or uninstalling components, service packs, upgrades, or the entire product.

• Include several other restrictions. For example, you can restrict a certain type of data transfer upload, or you can restrict all types of data transfer uploads at once using the Prevent All Data Transfer policy.

• Cause controls or options normally selectable to be hidden or "greyed-out".

• Notify the user when a restriction policy prevents a function they attempt from completing, usually by a message displayed in a console or a window.

Configuration policies

Configuration policies can only be set to a user scope, and may have the following uses:

• Pre-configure settings that the end user could normally configure themselves.

• Configure values, features that the user may normally enable or disable, lists of environments and connections.

• "Grey-out" a mandated value. When a configuration policy mandates a value, the input field for that value will not accept changes.

Configuration policies may be either suggested or mandated.

• Suggested: The value provided is used unless explicitly configured by the user or set by an application program. This effectively overrides the normal iSeries Access for Windows default value, but does not force use of the value -- a new value may be specified, overriding the suggested value.

• Mandated: The value provided will be used -- neither the user nor application programs may change it.

Policy scopes

There are three scopes at which each policy is set: machine scope, user scope and iSeries connection scope. Some policies are set at more than one scope, while others are not.