Cisco ISE - What does "Multiple Matched Rule Applies" mean?

Hi,
In Cisco ISE authroiztion policy configuration, what does the option "multiple matched rule applies" mean? I can understand the "first matched rule", but in "multiple matched rule" how is the "permissions picked if multiple rules match? Or, what is the logic involved in picking up the permissions, if multiple rules are matched in authorization policy.
No where in cisco document I see any explaination for this.
Would appreciate if any one can point me to  a document or explain me the login in selecting the persmissions if multiple rules are matched. Also, what would the use-case for this?
Thanks and Regards,
Mohan

I agree with tarik & also this might be helpful for you:
An authorization policy can  consist of a single rule or a set of rules that are user-defined. These  rules act to create a specific policy. For example, a standard policy  can include the rule name using an If-Then convention that links a value  entered for identity groups with specific condition(s) or attributes to  produce a specific set of permissions that create a unique  authorization profile. There are two authorization policy options you  can set:
•First Matched Rules Apply
•Multiple Matched Rule Applies
These two options direct Cisco ISE  to use either the first matched or the multiple matched rule type  listed in the standard policy table when it matches the user's set of  permissions. These are the two types of authorization policies that you  can configure:
•Standard
•Exception
Standard policies are policies  created to remain in effect for long periods of time, to apply to a  larger group of users or devices or groups, and allow access to specific  or all network endpoints. Standard policies are intended to be stable  and apply to a large groups of users, devices, and groups that share a  common set of privileges.
Standard policies can be used as  templates in which you modify the original values to serve the needs of a  specific identity group, using specific conditions or permissions to  create another type of standard policy to meet the needs of new  divisions, or groups of users, devices, or groups in your network.
By contrast, exception policies  are appropriately named because this type of policy acts as an exception  to the standard policies. Exception polices are intended for  authorizing limited access that is based on a variety of factors  (short-term policy duration, specific types of network devices, network  endpoints or groups, or the need to meet special conditions or  permissions or an immediate requirement).
Exception policies are created to  meet an immediate or short-term need such as authorizing a limited  number of users, devices, or groups to access network resources. An  exception policy lets you create a specific set of customized values for  an identity group, condition, or permission that are tailored for one  user or a subset of users. This allows you to create different or  customized policies to meet your corporate, group, or network needs.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html

Similar Messages

  • HT1491 Why do i keep getting the message 'Cannot connect to iTunes Store' when I have done every connection I can find? What does the error message (-1202) mean when I am on the iTunes site on my computer?

    Why do i keep getting the message 'Cannot connect to iTunes Store' when I have done every connection I can find? What does the error message (-1202) mean when I am on the iTunes site on my computer?

    Hi Velvalee,
    While there may not be specific information about that error, here is an article of steps for troubleshooting connectivity issues with the iTunes store:
    Can't connect to the iTunes Store
    http://support.apple.com/kb/ts1368
    If that article does not help, there is a link near the bottom for an additional article of advanced troubleshooting.
    Cheers!
    - Ari

  • On opening some pdfs in new tab, get a box labeled Adobe Acrobat with a ? in it. Right click on the link gets the pdf. What does the box and ? mean. Running W7, FF 10.0.2, Adobe Standard 9. Thanks

    On opening some pdfs in new tab, get a box labeled Adobe Acrobat with a ? in it. Go back to the original link, right click on the link gets the pdf. What does the box and ? mean and why do I get it when trying to open some pdfs? Running W7, FF 10.0.2, Adobe Standard 9. Thanks.

    Assuming that you are using IE10 / IE11 on Windows: http://support.microsoft.com/kb/2716529

  • What does error code 150:30 mean and why can i not access my elements site

    what does error code 150:30 mean I cannot access my element equipment

    ok then so what is the problem I have with this error code

  • What does the arrow looking symbol mean next to the battery top right?

    What does the arrow looking symbol mean next to the battery at the top right of my iphone mean?

    Covered in the manual:
    iPhone User Guide (For iOS 4.2 and 4.3 Software)

  • What does the error code 0x80090318 mean connecting to IStore?

    What does the error code 0x80090318 mean connecting to IStore?

    I think the problem was using a WPA2 network rather than a WPA network. When I tried connecting to a WPA network, everything went fine.

  • HT201210 what does 'firmware is not compatible' mean? What do I do to solve it?

    what does 'firmware is not compatible' mean? What do I do to solve it?

    Exactly what it says.
    How are you trying to update the device, step by step?

  • HT201210 what does firmware file not compatible mean when updating iphone software?

    what does firmware file not compatible mean when updating software on iphone?

    Make sure your iTunes is up to date
    Help > Check for updates

  • What does "unknown error has occurred mean when trying to login to the app store

    what does "unknown error has occurred" mean when trying to login to the app store

    Welcome to the Apple forums.
    Good idea to fill out your profile so people can see what machine you are writing about.    
    Also a good idea to do a little research through the 'More like this' panel to the right of your initial post.    Each of the threads also contains more leads so it is amazing how much you can learn from them.
    Good hunting.

  • HT1338 What does a medium write error mean, when trying to burn a cd?

    What does a medium write error mean, when trying to burn a cd?

    nwalls wrote:
    What does a medium write error mean, when trying to burn a cd?
    It's an error message returned by the burner. You can see the full list of these error messages here
    <http://en.wikipedia.org/wiki/Key_Code_Qualifier>
    It's not specific enough to pinpoint what caused it—it could be anything from a bad optical medium (CD-R) to a dusty or dying laser diode. You have to isolate the problem—use a different CD-R brand, try a different speed, use a different burn engine (eg, Burn), etc. If it occurs once or twice, randomly, it's more likely to be a bad disc. If it occurs consistently, and at the same stage of the burn process, it's more likely to be a drive or software issue.

  • What does the flashing yellow light mean on my airport express?

    what does the flashing yellow light mean on my airport express?

    Open AirPort Utility, the application that you used to configure the AirPort Express and click Manual Setup.
    Click directly on the word "Status" (2nd line) and a window will open to tell you why the Express is complaining. What is the message?
    It might be a notification that an update is available for your Express.

  • WHAT DOES ERROR CODE 103:103 MEAN IN ADOBE READER

    WHAT DOES 103:103 ERROR CODE MEAN IN ADOBE READER I HAVE WINDOWS XP AND IE 8

    Try if this solution helps: http://www.brain-cluster.com/adobe-2/acrobat-reader/there-problem-adobe-acrobatreader-if-i t-running-please-exit-and-try-again/

  • What does "Only DRM free/unprotected" mean when trying to transfer pictures and videos to my laptop?

    What does "Only DRM free/unprotected" mean when trying to transfer pictures and videos to my laptop?

    Only Digital Rights Management music and video which you do not own rights to copy or use cannot be placed on your device.
    songs you have paid for or own outright will not have those restrictions.
    hope that helped?
    Good Luck

  • What does "[C", "[B" "[J" classnames mean in

    Hi,
    I ran the jrcmd tool to get some memroy diagnostics and "[c" class name occupies the most.
    --------- Detailed Heap Statistics: ---------
                          51.5%     98k      890    +98k[b] [C[/b]
    15.3% 29k 21 +29k[b] [B[/b]
    8.2% 15k 672 +15k java/lang/String
    3.9% 7k 1 +7k [S
    2.2% 4k 178 +4k java/util/HashMap$Entry
    2.0% 3k 84 +3k [Ljava/util/HashMap$Entry
    Here is the reference, see memory leak tool
    http://dev2dev.bea.com/pub/a/2004/04/jrockit142_hirt.html
    What does "[C", "[B" "[J" classnames mean in Detailed Heap Statistics? How can I find them in my code ?                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

    Generally speaking, the allocation traces from JRMC would show where objects are allocated. However, objects such as String, char[], byte[] etc are so ubiquitous that they are very hard to trace.
    Your best bet could be to focus on application specific packages and look for unusual object counts.
    Regards,
    /Raj

  • What does error -50303 and -50016 mean ?

    Does anyone know what does error -50016 and -50303 mean ? Can you tell me how to solve it ? I am using scxi 1161 for my application and i am getting these error codes.

    Hi Anku
    You can find explanations to error codes in labVIEW by going to the Help menu and selecting Explain Error and then inputing the error codey you get. You can also right-click in the error node in you program that presents this error and choose "Explain error". The two error codes you have posted have the following explanations:
    -50016:
    "NI Platform Services:  The specified window type is not valid or is inappropriate in the context of the current device configuration. The operation could not be completed as specified."
     -50303:  
    "NI Platform Services:  The specified device could not be initialized. The operation could not be completed as specified"
    Does both of these error occur in the same attempt to run or at different attemps to run the code? In which order are you getting these errors if they appear at the same time? The second error code indicates that you either don't have a connection to your instrument, that it's not configured correctly (such as the first error indicates) or that the instrument is not functioning as it should. The first error is a configuration error and could also be a result of the second error (i.e. no connection or broken instrument). So as both error codes you are getting could be a result of the other it is important to note which occurs first.
    Best Regards
    David
    NISW 

Maybe you are looking for

  • [SOLVED] WARNING: bad format of line 333654 of /etc/fstab

    Hi everyone, I know that there are couple of topics concerning my problem but non of them  was helpful, because my computer doesn't even boot. Here's how it started: I was trying to mount a game for the first time and something went wrong. I got mess

  • %@ include file="invoiceFtpPush.xhtml" % in jsp

    Hi All, I want to include my xhtml page into my jsp page like : <%@ include file="invoiceFtpPush.xhtml" %>I want to know is it possible or not? if not possible then any alternative or if possible then how can i do it? Right now it is not working. Any

  • Working with local SQL databases in AIR

    This question was posted in response to the following article: http://help.adobe.com/en_US/as3/dev/WS5b3ccc516d4fbf351e63e3d118676a5497-7fb4.html

  • Photoshop CC wont crashes after loading screen

    Hello, I have been a Photoshop user for a long time. I have wiped my computer and re-installed the trial under a new email I use. After the program loads, after about 5 seconds it stops working. I have a toshiba qosmio 64 bit windows 8

  • HT201210 i can't activate my iPhone, and i can't restore it ?

    hi last night i was working in my iphone, Suddenly resart and show me some masseg say that you have to ACTIVATE you'r iphon, i tried to activating but i can't, it's show that:could not activate iphone becuse the activation server cannot be reached,tr