How Domain elements work

Elements belong to one or more Domains. Administrator permissions in the Domain determine which elements administrators can manage.

When Domains are used, each element automatically belongs to a Domain. An element can only belong to one Domain at a time. By default, all elements belong to the Domain in which they are created. The Shared Domain is meant for elements that are used in several Domains, for example, high-level policy templates. All predefined system elements also automatically belong to the Shared Domain.

When administrators log on to a Domain, they can manage the elements in the Domain according to the permissions granted for that specific Domain. Administrators can also view most elements that belong to the Shared Domain even when they are not allowed to log on to the Shared Domain. However, the contents of the elements are only displayed to administrators who have permission to view those elements’ contents. Elements in the Shared Domain can only be edited from within the Shared Domain.

If there are existing elements when you first start using Domains, all existing elements belong to the Shared Domain. You can move the elements to other Domains as necessary. In an environment with more than one Management Server, you can also change the active Management Server that controls all Domains.