-
Title
How do rules take precedence in a channel policy? -
Description
Which rule takes precedence in a Channel policy if there are multiple rules with the same channel type?
For example:
Channel policy [Test] has two rules for the same channel type of [Session Shell]
- First rule for [Session Shell] has a Remote Group defined and enabled Four Eyes check box
- Second rule is also for [Session Shell] but does not restrict any Remote Groups and no Four Eyes required.
if a user connects and is a member of Remote Group, the first channel will apply with four eyes, and if the person connecting is not a member of the Remote Group defined, the second entry will apply?
-
Resolution
RESOLUTION:
if first rule is restrictive and:
- the user belongs to a defined restricted group then this would be the first match and therefore this rule will take precedence and apply to the connection.
- the user does *not* belong to the restricted group then the next rule with the same channel type will be checked further until a match is applicable.
if first rule is non-restrictive (No group defined) and therefore matches all users then it will win and no check will be made on remaining rules of the same channel type.