The following set of rules is used to define the default security settings for a new database:
- Default settings are restricted. If you want to define a more open system, you must add more permissions.
- Avoid using "Deny".
- Avoid stopping inheritance. This removes security control from the administrators.
- Avoid using "ALL: Allow". This causes the use of either `stop inheriting' or `deny' down the hierarchy.
- Only one administrator's group is initially assumed.
- Managers do not get any permissions in a categories policy.
- Inheritance is stopped in modules/server tools and add-ons for better control.