Add an option in the Policies panel which will allow specifying a list of admins authorized to modify this particular shared policy.
- The option which prevents the modification of Shared Policies is turned on for a given admin.
- However there is one policy in which mentioned admin is present as Editor …
This admin should be then able to modify this policy regardless the option mentioned in point a)
Note: Such policy cannot be replaced by another limited admin, unless one of the admins authorized in this policy performs such action.
Once the option “Manage policies” is enabled in “Access rights” menu for a Limited Administrator and the option “Manage groups” allows only 1 particular group to be managed …. such admin can still modify ALL policies !
Remark: There is an option to prevent the modification of all Shared Policies, but such admin can still create a Non-Shared policy and replace the Shared Policies with Non-Shared ones.
The management would be much easier and thanks to that policy we could force some settings into the groups managed by Limited Administrators.