Policies have an Access Control List (ACL) for each controlled VOB metatype (such as element, VOB object, policy, and rolemap).

The access control entries (ACEs) in a policy list a principal and its granted permissions. Principals in a policy are usually roles, with the name of the role defined by the administrator. You can also put in specific users or groups as well, but most administrators prefer to put them into the rolemaps implementing the policy.

You create new policies in the VersionVault Explorer by expanding the VOB node in the VersionVault Navigator expanding the ACLs node, right-clicking on Policies and selecting Create a Policy from the context menu. Permission to create policies is controlled by the VOB object's effective ACL.

Note: VersionVault does not support negative (deny) permissions in access control entries, only positive (grant) access control entries.

You modify policies by expanding the VOB node in the VersionVault Navigator, expanding the ACLs node, selecting Policies, right-clicking the policy in the VersionVault Details view and selecting Open Policy from the context menu. Permission to modify a policy is controlled by the policy's rolemap (just like any other controlled object).

Policy modifications affect containers on the disk for all elements that are using a rolemap implementing the specified policy for ACL information. This may take a long time to execute if many elements are protected by such rolemaps. In a replicated environment with preserving replicas, importing an oplog with a policy modification modifies the containers on disk, and may also take a long time to execute.