Create a Security Fencing Policy

There might be some high-value targets on which you might not want to place the same level of restrictions as a Security Lockdown policy, but might nevertheless want to secure the access to only authorized users or roles.

Security Fencing policies let you set limits on how access permissions might change over time. Using a set of rules by creating inclusion and exclusion lists to define a “fence,” the policy specifies Active Directory containers, groups, users, and Security Identifiers (SIDs) that might be given permissions to a high-value target in the future without an issue or should never be given rights in the future.

Security Fencing policies work by creating a set of rules that create a boundary around your storage against which any security will be evaluated. The security changes are then preserved or reverted based on the rules created. You should therefore create your rules carefully, potentially using tools like OpenText File Reporter to verify the permissions granted to subfolders of your target path.

There is currently no path overlap protection between policies. While this is ideal for flexibility, it is not so when you have conflicting policies.