Preferences / Policy Management
OpenManage will gain the ability to directly control the desktop client's policy to a much greater extent than before. We will be able to create policies and apply them to groups or the entire enterprise.
General Structure & Implementation
The AccountsApi will be extended to provide an interface for policy, keeping the policy in the SpiderOak users DB. Policy can consist of several subobjects:
- Client preferences
- Backup selection
- Data management policy (ShareLink TTL, data retention policy)
Policies exist on their own outside of groups or the global enterprise within the DB. They are ''owned'' by an enterprise, but just creating a policy does not immediately push it on everyone.
Groups and the whole enterprise reference a policy set that will apply to them. For ease of implementation, let us specify that there is one and only one policy set to be applied to each group, and one set of policy to be applied to the global enterprise. In the event of conflict settings for the group will override global enterprise settings.
Preferences and data management policy will be merged (see example below), however backup selection at this time will be a raw override; a defined backup selection for a group will just outright replace that of a higher-level policy.
''Aside:'' this looks like a perfect use case for Postgresql's hstore
type. To investigate.
Preferences will be pushed to the client at three points: during initial syndication / setup, at client reconnect, and whenever the policy is updated on the server side. Policy pushed to the client will override any combination of locally-set configuration. It is '''incorrect''' for policy pushed from the StorageBackend to the DesktopClient to be overridden by any other method.
Example for Preferences Override
If policy for an EndUser's group is defined as:
LaunchMinimzedAtStartup: True
And policy for the global enterprise is defined as:
ShowSplashScreenAtStartup: True
Then the resulting policy will be:
LaunchMinimzedAtStartup: True
ShowSplashScreenAtStartup: True
However, if the policy for an EndUser's group is defined as:
LaunchMinimizedAtStartup: True
And the policy for the global enterprise is defined as:
LaunchMinimizedAtStartup: False
Then the resulting value for LaunchMinimizedAtStartup
will be True
due to the group configuration.
Policy Definition
Policy will be discussed and defined via JSON-formatted objects. Each policy object will contain at least one of the following objects:
preferences
:: Client preferences (contents of which are same as in https://spideroak.com/business/blue/docs/remote_prefs.html)
backup
:: Client backup selection (contents of which are same as in https://spideroak.com/business/blue/docs/backup_policy.html)
data_management
:: Data management policy that the client enforces. See below.
Preferences
Preferences simply mirror that of https://spideroak.com/business/blue/docs/remote_prefs.html . Specifically, see the section on [https://spideroak.com/business/blue/docs/remote_prefs.html#macos-x-and-linux-json-preferences Mac and Linux JSON preferences].
The concept of ''Defaults'' in preferences are at this time unsupported in Blue 2.0.
Data Management
Data management right now consists of the following options:
ShareLink TTL:: Time-to-live of single-file ShareLinks. Expressed in days. Must be at least 1 day.
Historical Versions TTL:: Time-to-live for historical versions. Expressed in days. A value of '0' implies no limit. Historical versions older than this are automatically purged by the client.
Deleted Items TTL:: Time-to-live for deleted items. Expressed in days. A value of '0' implies no limit. Deleted items older than this are automatically purged by the client.
Backup
The backup policy mirrors that of https://spideroak.com/business/blue/docs/remote_prefs.html . Specifically, see the section on Mac and Linux JSON implementation.
In order to safely abstract out policy, the client '''will''' implement [http://docs.python.org/2/library/os.path.html#os.path.expanduser os.path.expanduser
] so that admins can define policy using ~
to represent the user's home directory regardless of OS.
UI on the Management Console
The Management Console will provide an interface to be able to manipulate policy. Policy in the interface, like in implementation, exists alongside and not directly slaved to groups or global configuration. Each group will be defined by a name and have a button for editing the policy.
'''Implementation note:''' Need to figure out a clean way to express all manner of options that we have in the client.
Groups configuration will include an additional field to specify which policy they will be subjected to. In addition, global enterprise settings will allow an admin to select the global policy that will apply to all [[EndUser]]s on the account.
Issues
#49
#50
#51