Examples of Admin policy rules

Edit online

These examples show how you can use admin policy rules.

The admin policy allows you to specify more than one user, group, or application in their respective fields. For instance, if you wanted Frank, Bob, and John to be given the same attributes, you would specify the following syntax: 
User1,User2,User3:-:-:Project List::Comments

The preceding syntax shows that User1, User2, and User3 will be treated the same way for this rule. The dashes in the group name and application fields are wildcards. You can also use an asterisk ('*'). As previously mentioned, you can also use wildcards to include all the values of a certain attribute. For example, if you wanted to include every user name beginning with B, you would type B* in the User Name field. Full Korn shell pattern matching syntax is allowed in all of the fields of the rule.

You can also set up your admin policy is to include certain users, but exclude others: 
User1,!User2,User3:-:-:Project List::Comments

The preceding syntax shows that User1 and User3 will have the same attributes, but the policy will exclude User2.

Note:
  1. The kernel only reads numeric values. In the above example, the user names User1, User2, and User3 are converted to numeric values after they are loaded into the kernel.
  2. If any changes are made to the policy, it must be reloaded into the kernel using the projctl command.