Thank you for your answer. So, with the below scenario, it seems since the ASA process all DAP policies, then Rule 3 would break Rule 2...correct?
user = ('BP*' or 'NON*' OR 'bp*' OR 'non*') gets one training bookmark regardless of background flag. Basically, you just need a valid RSA token.
userAttr.backgroundcheck = 'no' AND userAttr.ou = 'buspartner' stop rule
userAttr.backgroundcheck = 'no' AND userAttr.ou = 'contractor' stop rule
userAttr.backgroundcheck = 'no' AND userAttr.ou = 'JV' stop rule
username is "*" Everyone gets directory service pages
Without a stop rule ability, would the Rule 3 break Rule 2 and give everyone the directory service pages? Or, would you be able to keep the integrity of Rule 2 and not allow these users access by giving the DAP policy higher priority?