Scope of an Agreement
|
|
The scope of an agreement only applies to standard agreements. Context-based agreements only authorize objects within the same context as the agreement.
|
Even though any security-labeled object can be associated with a standard agreement, some objects will not be authorized by the agreement because they are not in the scope of the agreement. To be in the scope of an agreement, an object must reside in the same context as the agreement or in a descendent context. For an agreement to clear a participant for a given security label value set on an object,
• The agreement must be active
• The agreement must be the appropriate type as configured for the security label value
• The security label value must be one of the selected authorized security label values for this agreement (this is only applicable if the Select Authorized Security Label Values step is enabled)
• The object must be within the scope of an agreement
If the object or agreement is moved so that it resides in another context, the object may no longer be subject to the agreement because it may no longer be in scope. In the example below, Project A and Project B exist in Org 1. If an agreement is created from the Agreements page in Project A, the agreement could clear the appropriate security-labeled objects within that project, but objects in Project B would not be authorized by the agreement.
To extend the scope of your agreement to objects in all contexts within an organization, you need to create the agreement in the organization context, or move the existing agreement to the organization context using the Cut and Paste actions.
For agreements to provide clearance for security labels on objects in multiple organizations, the agreement needs to be created in or moved to the site context.
