Symantec Privileged Access Management

Expand all | Collapse all

policy with user group

Jump to Best Answer
  • 1.  policy with user group

    Posted 09-08-2019 10:20 PM
    In customer environment, there are 2 policies, one for each user group (User GroupA and User GroupB) pointing to the same target server(Linux),command filter policy are also associate with these policies.

    So it looks like

    Policy A---User Group A------Command Filter A--------Server1
    Policy B---User Group B------Command Filter B--------Server1

    When A user join User Group A and run policy A all works good and command filter A is working as well. Same when user join User Group B.

    Problem is when a user join both User Group A and User Group B. It seems under this circumstance user will have a policy that combined both Policy A and Policy B and Command Filter A and B both applies.

    Is it expected behavior or there is a way we can select specific policy under this condition?


  • 2.  RE: policy with user group
    Best Answer

    Posted 09-09-2019 04:33 AM
    Hello Jerry,

    As far as I know, this is the expected behavior when a user is part of multiple groups, all the policies take effect. This is the same for Devices that are part of Device Groups as well.

    Currently, we do not have the option if negating any of the policies nor the ability to select which group policy should be applied to the users, if the user is part of multiple groups.

    I think, this would be a product enhancement.


    Principal Support Engineer

  • 3.  RE: policy with user group

    Posted 09-09-2019 08:41 PM
    Hello Reatesh,

    Thanks for the information, I thought this is how policy works under current design and should go with enhancement, but just need confirm my assumption.