User access policy conflict

I would like to ask, if a user is under the jurisdiction of multiple administrators, and the policies set by each administrator are different, then the user has a policy conflict. How should this be resolved?

Policies have a Rule Order number and they are enforced in that order. The lower the rule number, the earlier it is evaluated. You can also enable Admin Ranking, to create a hierarchy among admins and ensure that policies and settings configured by admins with higher rank cannot be overridden by admins with lower rank.

1 Like

Is there also an evaluation between the application segment more specific with the IP@/FQDN rather than a wildcard FQDN or subnet one?


Fatih, are you referring to ZIA or ZPA?

sorry for the late reply, it’s ofr ZPA
In the mean time I received the answer from your colleagues
So I understand that there is an additional policy rule evaluation in case of wildcard usage on App Segment

If I’m understanding your question properly, if there is an application segment for an FQDN, the user will never hit the wildcard as there is a more specific application segment. Based upon this, the access policies tied to the more specific application segment with the FQDN are evaluated.

That’s right. In the meantime we’ve checked by testing an applciation by this way