Policy parameters
Policies can be modified during runtime. However, such modifications are not enforced for data that already existed at save time. The policy modifications are only enforced the next time the policy needs to be applied. Take, for instance, a password policy with its security parameters, e.g., maxLength, minLength, etc. Changing these parameters will not affect already existing passwords but will be applied when they will be changed/reset the next time. Therefore, as long as not all passwords have been reset, there may still be passwords that do not comply with the modified policy.
The very same behavior occurs when a different policy is assigned to an existing object, e.g., a credential. Policy parameters for credentials are located in the chapter Credentials.
Component level policy parameters
- Client policy parameters: can be applied as client-specific runtime configuration
- Unit policy parameters: can be applied as unit level runtime configuration
- Profile policy parameters: can be applied as profile level runtime configuration
- Login policy parameters: this category is deprecated, the only one parameter moved to client policy
Credential level policy parameters
Policies are used to adjust the behavior of credentials.
There are parameters that can be applied all credential types, of course, only if it makes sense.
Policy modifications
The same behavior occurs when a different policy is assigned to an existing object, e.g., a credential.