C
HAPTER
1: I
NTRODUCTION
F
ILTERING
E
LEMENTS
22
M86 S
ECURITY
U
SER
G
UIDE
6. For LDAP users, if a user is authenticated, settings for
the user’s group or individual profile from the LDAP
domain are applied and take precedence over any IP
profile.
a. If the user belongs to more than one group in an
authentication domain, the profile for the user is deter-
mined by the order in which the groups are listed in the
Group Priority list set by the global administrator. The
user is assigned the profile for the group highest in the
Group Priority list.
NOTE
: In an LDAP domain, if a user belongs to a container, that
profile takes precedence over the group profile for that user.
b. If a user has an individual profile set up, that profile
supercedes all other profile levels for that user. The
user can have only one individual profile in each
domain.
c. A profile for a workstation takes precedence over a
user’s individual profile.
d. If the user has a time profile, that profile takes prece-
dence over other profiles. A group time profile takes
precedence over a domain time profile, and a
container time profile takes precedence over a group
time profile. An individual time profile takes prece-
dence over a container time profile, and a workstation
time profile takes precedence over an individual time
profile.
NOTE
: A Radius profile is another type of authentication profile
and is weighted the same as LDAP authentication profiles in the
precedence hierarchy.
7. A Threat Analysis Reporter (TAR) profile is a type of
lockout profile. If using TAR with a Web Filter, the TAR
low level lockout profile takes precedence over an
authentication profile or a time profile, locking out the end
user from library categories specified in the lockout
profile in TAR.