SECURITY Administrator or Super Administrator privileges in Workplace
NAVIGATION Workplace Online > Configuration > Team Settings > Policy Profiles
Administrators define how Workplace will behave for all users on their team, and determine which users will have access to available Workplace functions. This is accomplished in part by setting Policy Defaults, which are applied to all users by default. The Policy Profiles page, however, allows administrators to create and manage additional policy profiles, comprised of individual policies that control configurable behaviors and features in Workplace, then assign those profiles to users or groups of users.
Policy profiles allow you to control the behavior of Workplace on as broad or as granular a level as you require. Once you've created your policy profiles, you'll apply them to groups or users in whatever way best supports your company's internal collaboration workflows and processes, as well as your security needs.
How policies are applied
Policies are applied to individual users in the following order of precedence:
- Policy defaults are your baseline
If you don’t apply any other policies, these defaults will apply to everyone. Refer to Policy Defaults for more information. - Policies applied to groups override policy defaults
Policies applied are additive. When policies applied at the same level (for example, if a user belongs to two groups with conflicting policies) are in conflict, the more secure option will take precedence. - Policies applied to users are absolute
Default policies and policies applied to groups will be superseded by policies applied to individual users.
Overriding policies
If you want to override a policy in a profile with a different setting for that policy in a different profile, you must add that policy to both profiles. In essence, you must intentionally create a policy setting conflict, and let Workplace figure it out.
For example, if you want to disallow remote access for the majority of your employees, but allow it for users who work from home, you would:
- Enable the Disable Remote Access policy in your Policy Defaults.
- Create a policy profile for remote users.
- Add the Disable Remote Access policy to it your remote user policy profile.
- Save your remote user policy profile.
- Disable the Disable Remote Access policy
- Assign the new policy profile to your remote users.
The users who only have Policy Defaults applied will not have remote access, but your remote users will.
How to...
Open the detail view of a policy profile
Click the policy profile you want to open.
Create a new policy profile
- Click the + New Policy Profile button. This will open the Create Policy Profile popup:
- Enter a name and description for the new policy profile.
- Click Save. This will open the Policy Profile Detail page, where you can:
- Add individual policies to the new profile.
- Assign the policy profile to individual users or to groups.
Edit a policy profile name or description
- Hover over the profile record and click the
icon, or right-click the profile record. - Select Edit from the menu. This will open the Edit Profile popup window:
- Edit the name and description of the policy profile as necessary.
- Click Save.
Add or edit policies in a profile
- Hover over the profile record and click the icon, or right-click the profile record.
- Select Add Policies from the menu. This will open the Policy Profile Detail page:
- Here, you can modify the individual policy settings, remove a policy from the profile, or click the + Add Policies link to add or edit the individual policies in the profile. You can also assign the profile to users or groups. Policies that govern backup functionality are only available to metered plan Workplace teams.
Refer to Policy Profile Detail and Select Policies for more details.
Assign a policy profile to users
NOTE Policy Defaults are automatically assigned to all users and can only be overridden by applying a different policy profile to users or to groups.
- Hover over the profile record and click the icon, or right-click the profile record.
- Select Assign from the menu. This will open the Policy Profile Detail page on the Assigned to tab:
NOTE This page displays the users or groups to which the profile is already assigned.
- Type the name or email address of a user, or the name of a group, or click the
icon or the Pick From Team link to select users or groups from a data selector. - Click Assign.
NOTE Policies drive a great deal of the security of Workplace, so we want to make it as easy as possible to see which policy profiles (and individual policies) are applied to all your users and groups of users. For details, refer to User details and Group details.
Remove a user or group from the policy profile
- Hover over the profile record and click the icon, or right-click the profile record.
- Select Assign from the menu. This will open the Policy Profile Detail page on the Assigned To tab:
NOTE This page displays the users or groups to which the profile is already assigned.
- Locate the user of group from which you wish to remove this profile.
- Click the
icon next to that user or group. This will open the Remove User/Group From Policy Profile page:
NOTE This page displays a "before and after" snapshot of the policy changes that will be applied if you proceed.
- Review the changes the user or group will experience if you remove them from the profile.
- Click the Remove button.
Delete a policy profile
- Hover over the profile record and click the icon, or right-click the profile record.
- Select Delete from the menu. This will open the Delete Policy Profile page:
NOTE This page displays any users or groups to which the profile is currently assigned.
- Click Delete to confirm your action.
