Basic Administration > Managing Data > Organization Administration > Understanding Organizations > Typical Duties of Organization Administrators > Creating and Managing Access Control Policy Rules
  
Creating and Managing Access Control Policy Rules
The Policy Administration utility is used to create access control policy rules. You can create organization-level policies that apply to the entire organization from Organizations > Utilities. To establish site-level policies, create those policies that apply to all organizations in the system from Site > Utilities.
You can define policies that control the level of access to information by organization members. For example, you may want to provide read access to all documents of type Engineering Specification to an engineering group in your organization. In this case, you need to first define an Engineering user-defined group and populate it with the appropriate members, then define a document type of Engineering Specification in your organization. Finally, you need to use the Policy Administration utility to define the access policy based on the document type, the group or groups provided access, and the access level.
Another way to centralize the administration of access control policy rules is to use the dynamic roles that are available from the Roles tab in the Policy Administration utility. By using dynamic roles, you can create access control policy rules using a domain established in the organization context that apply to the members of roles in the local and shared teams that inherit the rules. For additional information, see Using Dynamic Roles.
For more information about access control, see Access Control.