Scope Control determines which objects and settings in the Workspace Control Console can be viewed or changed by the Administrative Role, based on the Access Control and Workspace Control criteria of these objects. For applications and printers, Scope Control can also use Tags.
Scope Control can be accessed in Administration > Administrative Roles > Administrative Role edit window.
With the Scope Control > Access Control set to a specific Organizational Unit, for example, the administrator can only modify opjects and settings that are assigned to users in that Organizational Unit. Objects and settings that are assigned to users in a different Organizational Unit, or that also have additional different Access Control criteria, cannot be modified.
This makes it possible to give an administrator in a regional office control over the objects assigned to users from that office, but not over objects that are also used in other parts of the Workspace Control site.
- Global settings for which no Access Control applies, such as Shell exceptions, are always shown, irrespective of the scope of an Administrative Role.
- If an object is not exclusive to the scope of the Administrative Role, it is shown as read-only.
- If an administrator has several Administrative Roles with different scopes, the scopes are added up.
- If an administrator has several Administrative Roles with and without Scope Control, the scoped role overrides the role without a scope.
- When a scope is set to a specific Workspace Container, only Workspace Model exceptions are visible that apply to that Workspace Container. It is not possible to add or edit any exception data, even if they are within that scope.