Support for Layering/Inheriting Policy Settings across Orgs/Sites
later
Allen Bolderoff
We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
Minetta Gould
Merged in a post:
Allow a user to have multiple policies assigned
J
Jeremy Grossman
Would be nice to be able to have a single user be assigned multiple policies. This is to prevent having to place an allow for everyone when only one person needs it. To help minimize the risk of over allowing a site for risk and or business need.
J
Jared Roy
Universal block and allow lists have made this less needed for single domain entries; that said, a change of categories is a huge pain if we change a standard. A Parent/Child configuration would be amazing.
Most my platforms allow this, and its super handy.
A global policy for all org as a baseline, then a sub policy for the organization at the org level, then policies branching off that for different branches within the org. Then I can override at each level as needed.
Lennart Friberg
This exact feature just got requested from our client. They have this feature with ZScaler and now moving to DNSFilter, but missing their restricted policies with cross allow rules between policies.
Joe Howard
As an alternative, perhaps allow for policy settings to inherit. So a specific override can be applied to a user or group, but also inherit from the global level. This would remove the need to edit every policy if a common change is required across all policies - we could just edit the top level global and know it's updating through all other policies
Jerry Ketterling
I want the same thing. Id be even happy with SIMPLE program logic that most computer languages support. The Concept of GLOBAL should automatically be visible and ASSIGNED to all lower leaf nodes unless the lower leaf node overrides and or redefines it.
Jerry Ketterling
I agree .. Things at the GLOBAL level should inherit downward automatically until over-ridden by specialization at the Organization or Site level. Speaking of which- the ORGANIZATION should also have its own "pseudo global level" that applies to all their SITES until it is overridden by a specific SITE policy or block page. GLOBAL BLOCK pages should also inherit downward. It would be helpful if the concept of GLOBAL was more akin to PROGRAMING languages. Variable declared GLOBAL are in force at every lower layer and automatically inherited until they are declared as STATIC or overridden at a lower layer. I think this would solve a lot of requests if we let the PROGRAMERS use programatic logic to defined DNSFilter inheritance and application within the MSP platform.
A
Ahamed
Does this still not have a definitive date?
Derek Wells
Ran this one by DNSF support today, unfortunately still not possible, I would need to add to universal list, allowing for all clients. :(
Kevin Hammond
Derek Wells In the same boat and spoke to support today and still no go on this. Really hoping this comes out soon as its been a huge downfall to the product.
S
Steve Staden
Merged in a post:
Weight Based Policies
Josh
It would be great if we could have the ability to give weight to policies. Such that a computer policy with a weight of 1 would take precedence over a user policy with a weight of 5. This would allow us to make sure policies apply as we see fit instead of only relying on proper scoping and assignment of policies.
This should just fall back on the defaults when not in use.
Seán O'Halloran
I think this is a very critical feature that should be implemented ASAP
Load More
→