In the Global Admin Console, select an organization to edit, then navigate to the Policies tab.
Zadnja posodobitev
25. jul. 2024
- Adobe za podjetja in skupine: vodnik za skrbništvo
- Načrtovanje uvedbe
- Osnovni pojmi
- Vodniki za uvedbo
- Uvedba storitve Creative Cloud za izobraževalne ustanove
- Začetna stran za uvajanje
- Čarovnik za uvajanja za osnovno- in srednješolsko izobraževanje
- Preprosta nastavitev
- Sinhronizacija uporabnikov
- Roster Sync K-12 (ZDA)
- Najpomembnejši pojmi glede licenciranja
- Možnosti uvajanja
- Hitri nasveti
- Odobritev programov Adobe v storitvi Admin Console v Googlu
- Omogočanje programa Adobe Express v Učilnici Google
- Integracija s storitvijo Canvas LMS
- Integracija s storitvijo Blackboard Learn
- Konfiguriranje enkratne prijave za okrožne portale in storitve LMS
- Dodajanje uporabnikov s storitvijo Roster Sync
- Pogosta vprašanja o storitvi Kivuto
- Smernice za upravičenost glavnih in pomožnih ustanov
- Nastavitev organizacije
- Vrste identitet | Pregled
- Nastavitev identitete | Pregled
- Nastavitev organizacije z Enterprise ID-jem
- Nastavitev združevanja in sinhronizacije storitve Azure AD
- Nastavitev združevanja in sinhronizacije Google
- Nastavitev organizacije s storitvijo Microsoft ADFS
- Nastavitev organizacije za okrožne portale in LMS
- Nastavitev organizacije z drugimi ponudniki identitet
- Pogosta vprašanja o enkratni prijavi in odpravljanju težav
- Upravljanje nastavitve organizacije
- Upravljanje obstoječih domen in imenikov
- Omogočanje samodejnega ustvarjanja računa
- Nastavitev organizacije prek zaupanja imenika
- Selitev na novega ponudnika preverjanja pristnosti
- Nastavitve sredstev
- Nastavitve preverjanja pristnosti
- Stiki za zasebnost in varnost
- Nastavitve konzole
- Upravljanje šifriranja
- Upravljanje obstoječih domen in imenikov
- Upravljanje uporabnikov
- Pregled
- Skrbniške vloge
- Strategije upravljanja uporabnikov
- Dodelitev licenc uporabniku računa za skupine
- Upravljanje uporabnikov v programu za skupine
- Dodajanje uporabnikov z ustreznimi e-poštnimi domenami
- Sprememba vrste identitete uporabnika
- Upravljanje uporabniških skupin
- Upravljanje uporabnikov imenika
- Upravljanje razvijalcev
- Selitev obstoječih uporabnikov v storitev Adobe Admin Console
- Selitev upravljanja uporabnikov v storitev Adobe Admin Console
- Pregled
- Upravljanje izdelkov in pravic
- Upravljanje izdelkov in profilov izdelkov
- Upravljanje izdelkov
- Nakup izdelkov in licenc
- Upravljanje profilov izdelkov za poslovne uporabnike
- Upravljanje pravil samodejnega dodeljevanja
- Omogočite uporabnikom učenje modelov Firefly po meri
- Pregled zahtev za izdelke
- Upravljanje samopostrežnih pravilnikov
- Upravljanje integracij programov
- Upravljanje dovoljenj za izdelke v storitvi Admin Console
- Omogočanje/onemogočanje storitev za profil izdelka
- En program | Creative Cloud za podjetja
- Izbirne storitve
- Upravljanje licenc za naprave v skupni rabi
- Upravljanje izdelkov in profilov izdelkov
- Predstavitev konzole Global Admin Console
- Uvedba globalnega skrbništva
- Izbira organizacije
- Upravljanje hierarhije organizacije
- Upravljanje profilov izdelkov
- Upravljanje skrbnikov
- Upravljanje skupin uporabnikov
- Posodobitev pravilnikov organizacije
- Upravljanje predlog pravilnikov
- Dodelitev izdelkov podrejenim organizacijam
- Izvajanje čakajočih opravil
- Raziskovanje vpogledov
- Izvoz ali uvoz strukture organizacije
- Upravljanje prostora za shranjevanje in sredstev
- Prostor za shranjevanje
- Selitev sredstev
- Povrnitev sredstev od uporabnika
- Selitev sredstev študentov | Samo za izobraževanje
- Upravljanje storitev
- Adobe Stock
- Pisave po meri
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud za podjetja – brezplačno članstvo
- Uvedba programov in posodobitev
- Pregled
- Ustvarjanje paketov
- Prilagoditev paketov
- Uvedba paketov
- Upravljanje posodobitev
- Nastavitveno orodje strežnika za posodabljanje Adobe (AUSST)
- Adobe Remote Update Manager (RUM)
- Odpravljanje težav
- Upravljanje računa za skupine
- Podaljšanje
- Upravljanje pogodb
- Poročila in dnevniki
- Pomoč
Learn how a global administrator can set and modify policies for an organization and its children.
In the Global Admin Console, select an organization from the hierarchy, and navigate to the Policies tab to allow or disallow, or lock the policies.
Policies are associated with an organization and restrict operations that can be performed on that organization. When a policy value is set, it restricts or enables actions from that point forward. For example, if Claim Domains policy is set to not allowed, no additional domains can be claimed but any domains claimed before setting the policy value are not affected. To modify the policies of an organization, do the following:
Configure policies
-
-
Select the toggle for the relevant policy to allow or disallow it.
You can also lock a policy so no one except a global administrator of the organization selected in the organization picker or its parent organization can change or unlock it.
-
To lock a policy, select the Lock
icon. Hovering on the lock now displays the name of the selected organization. Learn more about policy locks. -
Select Review Pending Changes after you are done editing the organizations. After reviewing, select Submit Changes to execute them.
Policy locks
When a policy is locked, its value cannot be changed until the policy is unlocked. The Global Admin Console remembers the selected organizataion in the organization picker as being the organization from which the policy was locked. Any global administrator of that selected organization or of any organization higher in the tree has the permission to unlock the policy. Global administrators whose scope is lower than that organization do not have the permission to unlock and change policy values.
To create a locked-down environment, set desired policy values on your child organizations and then lock them. global administrators of those child organizations will not be able to edit the policy values.
For example, if Elissa, the global administrator of Acme Division creates child orgs, Marketing and Engineering. Then, adds Robert as a global admin of Marketing and Sarah as global admin of Engineering. Next, she sets several policies to Not Allowed and locks them. Elissa can later unlock and change the policy values when she chooses Acme Division as the selected organization, but Robert and Sarah cannot unlock the policies on the organizations they are global admins of because the policies are locked by the organization Acme Division.
Policy details
Policy Category |
Policy Name |
Description |
Organization Management |
Create Child Orgs |
Allows global admin(s) to create child orgs. If off, no child orgs can be created. |
Rename Org |
If allowed, a global or system admin can rename the org. It also controls changing the country/region of the org. The pathname of an organization can also be changed independently of this policy setting if a parent organization is renamed, or the organization or an ancestor of the organization is reparented. Allows global admin(s) to delete child organizations. This becomes more important when organizations with Enterprise Storage are enabled due to the risk of deleting user assets. |
|
Delete Orgs |
||
Administrator Management |
Add or Delete Admins |
Allows global admin(s) to add new admins to an organization. If off, new admins cannot be added. |
Inherit System Admins from Parent when Child Org is Created |
When global admin(s) create new child organizations, systems admins of the parent become system admins of the new organization automatically. This policy is default off. |
|
Manage Admins |
Allows global admin(s) to change or remove/edit admin permissions. |
|
User Management |
Inherit Users from Directories Managed by the Parent Org |
This policy must be toggled on and active prior to creating the new child org. When a child organization is created, users in the parent organization are made available as users in the child org. In other words, this policy automatically sets up a trust relationship between the parent and the child when the new child is created within GAC. For existing orgs, any trust relationships prior to being added to GAC will remain once brought into GAC. If there were no trust relationships in place, the usual trust request process must be followed. For this policy to be successful, the global admin who creates the new organization must also be a system admin of the parent organization with the claimed domain. If not, the domain trust relationship will not be inherited into the newly created org. |
Add Adobe ID Users |
If set, the organization cannot add Adobe ID type users via the Admin Console, User Management API (UMAPI), or sync mechanism. |
|
Manage User Groups |
If allowed, Global, System, and user group admins can create, edit, and delete User Groups. |
|
Directory and Domain Enforcement |
Claim Domains Change Identity Configuration |
If set, system admins can claim domains on the Admin Console. |
If set, system admins can change the setup of user identity configuration on the Admin Console. |
||
Product Allocation |
Manage Products |
Allows global admin(s) to add or remove products and change product resource grants. |
Asset Sharing |
System or Storage admin can change asset sharing settings |
If allowed, storage and system admins can change asset sharing settings, including security contacts, password policy, and storage policy. If allowed, asset sharing settings are inherited from the parent when a child organization is created. Asset sharing settings include security contacts, password policy, and storage policy. This only applies to newly created orgs at the time of creation. It is set on a parent and affects the creation of child orgs under that parent. |
Inherit sharing policy from a parent when an organization is created |
