We are using SAE 3.5 in our environment, and are tying to incorporate user based policies rather than system based. These policies are based on AD group inclusion. To accomplish this, we have set up Policy Assignment Rules that apply particular Content Actions policies, and we have them set up by Priority in the PAR page of the ePO console. With our Allow and Prohibit lists, we have it set up so that if there is something in both Allow and Prohibit, Allow takes precedence. However, we have run into an issue, and it seems to be with Content Actions.
As an example, say we have a Streaming Media Exception that allows streaming media (but blocks File Sharing) and a File Sharing Exception that allows file sharing (but blocks streaming media), and we have the Streaming Media group higher up on the priority list. If a person happens to be a member of both groups and logs into a system, we expected to see the higher priority group take precedence where allows are concerned, but that doesn't seem to be the case. If a person is a member of both groups, with the Streaming Media allow group higher in priority, they are still getting streaming media blocked because of the File Sharing group inclusion, which blocks streaming media.
Has anyone run into this? Does anyone have any information on a workaround? Would that workaround be to create a ton of different policies in SiteAdvisor (which would not be good)? Something along the lines of Streaming Media, File Sharing, Streaming Media AND File Sharing, etc. etc.?