Parameters of policies

Policies can be modified during runtime. However, such modifications are not enforced for data that already existed at save time. The policy modifications are only enforced the next time the policy needs to be applied. Take, for instance, a password policy with its security parameters, e.g., maxLength, minLength, etc. Changing these parameters will not affect already existing passwords but will be applied when they will be changed/reset the next time. Therefore, as long as not all passwords have been reset, there may still be passwords that do not comply with the modified policy. The very same behavior occurs when a different policy is assigned to an existing object, e.g., a credential. Policy parameters for credentials are located in the chapter Credentials.