TDGSS follows certain rules when determining security policy for a session. When a user logs on to Vantage:
- If the authentication mechanism is TD2, TDGSS first looks for a global policy and enforces any policies that apply to the user. Local policies do not apply to TD2 users.
- If the authentication mechanism is not TD2, TDGSS searches each <service> element for a <policy> element (local policy).
- If TDGSS finds a local policy that applies to the user, it enforces the policy.
- If TDGSS does not find a local policy structure in the authenticating service, it searches for a global policy and enforces any global policy that applies to the user.
- If the TdgssUserConfigFile.xml contains neither a local nor a global policy, the policy enforcement feature is disabled regardless of what may be configured in the directory.