I'd like to know how Policy Server searches the membership of a userto determine if a specific policy applies or not. You're interested toknow the order of the group search done when multiple groups are boundto a policy ?
Out of the box, at authorization phase the user is searched in all thegroup memberships which are added in policy, Policy Server won'tfollow any order while searching for user. User searching in groups isthus random. Once the user is found in one group then Policy Serverstops search. The User search doesn't follow the as per the ordergiven in the AdminUI.
This behavior will be seen in both ldap and odbc stores.
KB : KB000120651