It is possible for users to have "User Security Profiles" applied at many different levels:
- Directly on a user
- By group membership
- By container membership
- By domain membership
Is it possible to prioritize the order in which these policies are applied?
Which setting would "win" in the case of a conflict?
By default the policy applied directly to the user account will always "win". This can be changed.
It is also possible to define a hierarchy or priorities on all policies ("user security" and "access point").
Please refer to document "Enterprise SSO Console Administrator's Guide" at chapter 5.7 : "Managing User and Access Point Security Profiles Priorities" for more details and information