Security policies have several rules of association which
affect their behavior.
Here are the rules of association for security policies:
- A security policy can contain both versioning and application
templates.
- A security policy can contain zero or more application security
templates and from zero to four versioning security templates. Although
it is permissible for security policies to have no templates, it is
effectively only a placeholder until you add one or more templates.
- A security template can have zero or many permissions assigned
to it. A template containing no permissions is allowed programmatically.
- The security policy wizard provided
by Workplace and Workplace XT require that you add at
least one permission to a template.
- A security policy can be assigned to zero or many folders, zero
or many documents, or zero or many custom objects, or any combination
of the three object types.
- Documents, folders, and custom objects can have zero or one security
policy.
- The class definitions for documents, folders, custom objects,
and their sub-classes can each have zero or one default security policy
associated with them. When instances of the class are initially created,
the instance will take the default security policy if there is one.
In the case of documents, the default security policy will be passed
to subsequent versions, unless a different security policy is explicitly
provided. In this case, the new security policy is passed to subsequent
versions; it will not automatically revert to the class default.
- A single security policy can be associated with many document,
folder, and custom object classes.
- A single security template cannot be shared between security policies.
Each security template belongs uniquely to the security policy it
is associated with.
- The versioning security templates in one security policy have
no relationship with those in another security policy, even though
they have the same default names (Released, In Process, Reservation,
Superseded). These default names can be changed.
Changes to an existing security policy do not propagate to existing
documents until the version state changes or the next version is created.
If, however, you change the document's current policy to some other
security policy by directly changing the document version's property
sheet, then these changes are immediately applied to the version and
the permissions applied by the former security policy are immediately
removed.