Create a Post
Showing results for 
Search instead for 
Did you mean: 

How does Identity awareness match user groups

When I define a  Identity Awareness access role with users --> specific users/groups and I define several AD groups there, how is the decision for the access rule been made. Must a specific user be member of just ONE of these groups or ALL of these groups?

0 Kudos
2 Replies
Champion Champion

Just one group/user will cause a match on the "Users" tab of the Access Role, but the other two tabs (Network, Machines) must match as well.  So within the context of a specific Access Role tab (Network, Users, Machines) it is an OR, but it is an AND between all three tabs of the Access Role to be considered a match.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

Our observations are the opposite way around.

If I define an access role with specific user groups and I put User Group A, B and C in there, then a user MUST be member of all 3 groups in order for the rule to match.

If I define an access role with just one user group A, then the user needs to be just member of group A in order for the rule to match.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events