Skip to content
  • There are no suggestions because the search field is empty.

If multiple cipherscale access policies apply to an access request, which policy is enforced?

The access policy applied will depend on the type of destination resource: private resource, SaaS application, or the internet. It will be based on the order of policies arranged for that access type. The first access policy, applicable to the destination resource, that contains as its Source any of the requestor’s devices, Groups, or User identity will be enforced. For example, for access to a private resource called ‘timecard’ from user Bob, who has two devices, Android and macOS, is a user in Group ‘Contractor,' and the access policies are ordered as below:

No. 1, Source= Contractor, Action = Deny, Access to destination resource = timecard

No. 2, Source= Bob, Action = Allow, Access to destination resource = timecard

No. 3, Source= Android, Action = Allow, Access to destination resource = timecard

Bob will be denied access to ‘timecard’ because the ‘Contractor’ Group he belongs to has been denied access and is ordered higher than the access policy that allows him access.