Symantec Messaging Gateway installs with pre-configured administration policies. These policies are enabled by default and can be applied to a policy group. You can disable or modify the policy actions and the policy groups to which the policies apply. The policy name and the administrator rights cannot be modified for the pre-configured administrator policies that are labeled as default. However, you can copy the default policies and modify them, and then apply them to policy groups.
For a particular administrator who is a member of more than one policy group, only the group with the highest group precedence applies. Policy group precedence is determined by the order of groups on the Policy Groups page.
Policy group precedence can lead to undesired results in cases where the administrator rights (that would often allow other rights to be modified) are not the highest in the list. For example, consider the following scenario. An administrator is a member of two policy groups, with rights as follows:
Content Filtering: delete
Administrator rights: none
Symantec Messaging Gateway Admins
Spam: add header
Content Filtering: deliver normally
Administrator rights: Full view and modify
An administrator who belongs to both of these groups (if they are listed in this order) would not be able to log into Symantec Messaging Gateway, because the policy group that grants that right is listed below the one that denies the right.
The Default policy group is always the last group in the list. You cannot change the precedence of the Default policy group.