Every policy has an owning role. This is initially set to the role of the user who created the policy, but anyone who has the Change policy owner right can change the policy owning role.
A user can only see the policies whose owning role is their role, unless they have the View others policies right, in which case they can see all policies.
The ADMINISTRATOR role has both of these rights. An administrator can typically:
- Create a Supervisor role (based on the SUPERVISOR TEMPLATE role).
- Configure that role to see only policies it owns and cannot change the owners of roles (these are already set for the SUPERVISOR TEMPLATE role).
- Configure the mailbox list for the role which limits what mailboxes the role can search into.
- Grant that role to a member of the ArchiveOne Users group.
- Create some policies and select the owning role for the policies to be the Supervisor role.
When that user logs in, they can only see policies to which they have been granted access, and can create their own policies (if they have the right to do so). The user can only search mailboxes in the roles mailbox list.