Using Prioritized Rules in an Authorization Policy

You can create an Authorization policy for the Sales Department and set up a list of rules that evaluates whether a user has been assigned to one of the roles associated with the department, and then deny access if the user has not been assigned to any of them.

The following image illustrates this scenario:

In this example, specify a first-priority rule with a condition that allows access if a user has been assigned to the role of Sales Representative.

Add rules for users assigned to the a role of Sales Manager, Sales Vice President, and so on. You then create a lowest-priority rule that contains no conditions, and an action of Deny. This policy denies any user who has not been assigned a Sales department role. When the conditions of the rule are not met, the user is denied access by the lowest-priority rule.

For more information about using roles in Authorization policies, see Authorization Policies.