You can associate each task, or administration operation, with one or more policies. When you perform an operation associated with a policy, the Administration server runs the policy and enforces the specified rules. If the server detects a policy violation, it returns an error message. If the server does not detect a policy violation, it completes the operation. You can limit the scope of a policy by associating it with particular ActiveViews or Assistant Admin groups.
If an operation is associated with more than one policy, the Administration server enforces the policies in alphabetical order. That is, Policy A will be enforced before Policy B, regardless of the specified rules.
To ensure that your policies do not conflict with each other, use the following guidelines:
Name the policies so that they execute in the proper order
Verify that each policy does not interfere with validations or actions performed by other policies
Thoroughly test custom policies before implementing them in your production environment
The Administration server enters the policy status in the audit log each time a policy runs. These log entries record the return code, associated operations, objects acted on, and whether the custom policy succeeded.
WARNING:Policies are run using the Administration service account. Since the service account has administrator permissions, policies have full access to all enterprise data. Thus, assistant administrators associated with the built-in Manage Policies and Automation Triggers role could obtain more power than you intended.