To create and apply a Policy Enforcer profile, we start off in DocAve administrator and expand the scope tree down to the level at which you want to apply your profile. For the purposes of this demonstration, we’re going to apply the profile at the site collection level.
Next, go to the Policy Enforcer tab at the top and click ‘create or apply profile.’ Then give the profile a name and optional description and scroll down to ‘add rules.’ Rules are things that you can monitor for or prevent through Policy Enforcer.
For this example, we’re creating a Policy Enforcer profile that will prevent users – even those with owner-level permission — from breaking inheritance throughout the site collection. You do this by going to the security tab and select ‘event-driven break inheritance prevention.’ Then click okay.
Next, we need to configure the rule. Begin by clicking on its name and selecting on which level you’re concerned about permission inheritance being broken — for this example we’ll select ‘all.’
Then, scroll down and you’ll see where you can set up notifications for people to receive an email in case anyone does attempt to violate the rule, including the site collection administrators (or anyone you choose to target). Then click ‘okay.’
Then, if you scroll down, you can specify the source collection policy. This is where we go out and actually review the information necessary to verify whether or not someone is attempting to break the rule. We give the collection policy a name and an optional description.
If you recall, we did event-driven inheritance breaking so that’s the one we need to target here. Click save.
Now that we have the rule and have it configured, and we have told Policy Enforcer how it’s going to get the information — in this case it will monitor real time — we can generate a report if we choose to and have that sent on a specific schedule and down at the bottom we can apply the rule, which means it will begin monitoring or you can apply and immediately run now.
The reason why you have that choice is because right now it doesn’t know that we are setting up a real time rule. If we were setting up something to be scanned, ‘run now’ would tell it to go scan right now.
Next, we’ll simply click ‘apply,’ and Policy Enforcer is now monitoring that site collection, and since we are doing a real time rule, it will prevent anyone within that scope from being able to perform that action and you’re good to go!