Basic Administration > Managing Data > Site Administration > Understanding the Site > Typical Duties of Site Administrators > Creating and Managing Access Control Policy Rules
  
Creating and Managing Access Control Policy Rules
The Policy Administration utility is used to create access control policy rules that control the level of access to information in the system. To establish site-level policies, create those policies that apply to all organizations in the system from Site > Utilities. For example, as site administrator, you may want to give an engineering group read access to all documents of type Engineering Specification. You need to first define an Engineering Group and populate it with the appropriate members, then define a document type of Engineering Specification at the site level, and then use the Policy Administration utility at the site level to define the access policy based on the document type, the group or groups provided access and the access level.
Another way to centralize the administration of access control policy rules is to use the dynamic roles that are available from the Roles tab in the Policy Administration utility. By using dynamic roles, you can create access control policy rules in the root domain from the site context that apply to the members of roles in the local and shared teams that inherit the rules. For additional information, see Using Dynamic Roles.
In the root domain (/), you should create only those site-level policies that apply to the types of information that is available in all contexts. In some cases (such as with administrative items like document templates), the rules in place grant broad access. In other cases, you may want to grant more restrictive access.
For more information about access control, see Access Control.