Default Settings Permissions Priority

For device permissions assigned to a user or user group, priority settings govern whether a Machine-specific Settings permission rule can override a Default Settings permission rule.

You can change the priority for Default Settings and Machine-specific Settings permission rules from High to Low. All permissions are automatically assigned High priority by default. Permissions can be assigned as:

  • Read
  • Read/Write
  • None

  • When a Default Settings permission rule is set as None and the permission priority is set as High priority, a Machine-specific Settings permission rule cannot override the Default Settings permission rule.
  • When a Default Settings permission rule is set as None and the permission priority is set a Low priority, a Machine-specific Settings permission rule set as High priority can override the Default Settings permission rule.
  • When a Machine-specific Settings permission rule is set as None and the permission priority is set as High priority, a Machine-specific Settings permission rule can override the Default Settings permission rule.

The following table illustrates how permission are applied for combinations Default Settings and Machine-specific Settings, depending upon priority settings.

Configuring permissions in Default Settings is optional. If no permission is defined at any level, the default behavior enforced is to block access to the device.

Default Setting

Default Settings Permission Priority

Computer Specific (or Device) Permission

Computer Specific (or Device) Permission Priority

Resulting Permission

Read

High

Read/Write

High

Read/Write

Low

Read/Write

None

High

None

Low

Read

Read

High

Read

Low

Read

Low

Read/Write

High

Read/Write

Low

Read/Write

None

High

None

Low

None

Read

High

Read

Low

Read

Read/Write

High

Read/Write

High

Read/Write

Low

Read/Write

None

High

None

Low

Read/Write

Read

High

Read/Write

Low

Read/Write

Low

Read/Write

High

Read/Write

Low

Read/Write

None

High

None

Low

None

Read

High

Read/Write

Low

Read/Write

None

High

Read/Write

High

None

Low

None

None

High

None

Low

None

Read

High

None

Low

None

Low

Read/Write

High

Read/Write

Low

None

None

High

None

Low

None

Read

High

Read

Low

None

The following diagram can be used to determine the resultant policy permission when two policies that contain different permissions merge:

Related Information:

Related Tasks: