Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Collaborator

How does Identity awareness match user groups

When I define a  Identity Awareness access role with users --> specific users/groups and I define several AD groups there, how is the decision for the access rule been made. Must a specific user be member of just ONE of these groups or ALL of these groups?

0 Kudos
Reply
2 Replies
Champion
Champion

Just one group/user will cause a match on the "Users" tab of the Access Role, but the other two tabs (Network, Machines) must match as well.  So within the context of a specific Access Role tab (Network, Users, Machines) it is an OR, but it is an AND between all three tabs of the Access Role to be considered a match.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Collaborator

Our observations are the opposite way around.

If I define an access role with specific user groups and I put User Group A, B and C in there, then a user MUST be member of all 3 groups in order for the rule to match.

If I define an access role with just one user group A, then the user needs to be just member of group A in order for the rule to match.

0 Kudos
Reply