Ordering Groups

Policies can be assigned to Groups, and are applied in a specific order.

When ordering Groups into the list, several rules are applied:

1.Static Groups are traversed from the root Static Group - All.

2.On every level, the Static Groups of that level are traversed first in the order they appear in the tree - this is also called Breadth-first search.

3.After all the Static Groups at a certain level are in the list, Dynamic Groups are traversed.

4.In every Dynamic Group, all its children are traversed in the order that they appear in the list.

5.At any level of Dynamic Groups, if there is a child, it is listed and searched for its children. When there are no more children, the next Dynamic Groups at the parent level are listed - this is also called Depth-first search.

6.Traversal ends at a Computer.

In practice, the traversal would look as follows:

Admin_policies_and_groups

As shown above, the root (Static Group called All) is listed as Rule 1. Since there are no more groups at the same level as the All group, policies from groups at the next level are evaluated next.

The Lost & Found, SG 1 and SG 2 Static Groups are evaluated next. The computer is actually only a member of the All/SG 2/SG 3 Static Groups and therefore there is no need to traverse the Lost & Found and SG 1 groups. SG 2 is the only group at this level that will be evaluated, so it goes into the list and traversal goes deeper.

At the third level, the algorithm finds SG 3, DG 1 and DG 2. According to Rule 2, Static Groups are listed first. Traversal adds SG 3 and, since it is the last Static Group at level 3, moves to DG 1. Before moving on to DG 2 at level 3, the children of DG 1 must be listed.

DG 3 is added. It has no children, so traversal steps up.

DG 2 is listed. It has no children. At level 3, there are no more groups left. Traversal steps to level 4.

Only Dynamic Group DG 4 and the computer itself are on level 4. Rule 6 says that the computer goes last, hence DG 4 is picked up. DG 4 has two children that must be processed before going any further.

DG 5 and DG 6 are added to the list. They both lack children and traversal has nothing more to process. It adds Computer and ends.

We ended up with the list:

1.All

2.SG 2

3.SG 3

4.DG 1

5.DG 3

6.DG 2

7.DG 4

8.DG 5

9.DG 6

10.Computer

This is the order in which the Policies are applied.