Can APM be used to combine ACLs for a single session

Question

Hi all,&nbsp;I can't find the answer after a few hours of searching but can't believe that there's no solution to this.&nbsp;Is it possible to combine multiple ACLs in a single APM session. This would ideally be done using AD Group membership or similar. If user is member of group 1 then then get ACL1, however if they are in group 1&amp;2 they get the combined result of ACL1&amp;2.&nbsp;I know that it's possible to use advanced resource assign to check group membership and apply a single ACL to the session but I can't see a way to combine multiple ACLs in that use case.&nbsp;CheersSpence&nbsp;

dave_w · Answer

Hello Spence,&nbsp;Yes, should be able to do this with the AD Group Resource Assign. I tested this and when the user is in 2 groups with 2 different ACLs both ACLs will be assigned. You can verify this by looking at the session variable "session.assigned.acls." Keep in mind you with need and AD Query in the VPE for AD Group Resource Assign to function correctly.&nbsp;https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-assignment-items/about-ad-group-resource-assign.html

Forum Discussion

Can APM be used to combine ACLs for a single session

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

MCP Session Affinity With F5 NGINX Plus

Single Node Persistence

Single Boot Volume

Brute Force protection for single parameter like OTP

Introducing the single Installation script for F5 NGINX Instance Manager

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS