Can APM be used to combine ACLs for a single session

Question

Hi all,&nbsp;I can't find the answer after a few hours of searching but can't believe that there's no solution to this.&nbsp;Is it possible to combine multiple ACLs in a single APM session. This would ideally be done using AD Group membership or similar. If user is member of group 1 then then get ACL1, however if they are in group 1&amp;2 they get the combined result of ACL1&amp;2.&nbsp;I know that it's possible to use advanced resource assign to check group membership and apply a single ACL to the session but I can't see a way to combine multiple ACLs in that use case.&nbsp;CheersSpence&nbsp;

dave_w · Answer

Hello Spence,&nbsp;Yes, should be able to do this with the AD Group Resource Assign. I tested this and when the user is in 2 groups with 2 different ACLs both ACLs will be assigned. You can verify this by looking at the session variable "session.assigned.acls." Keep in mind you with need and AD Query in the VPE for AD Group Resource Assign to function correctly.&nbsp;https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-assignment-items/about-ad-group-resource-assign.html

Forum Discussion

Can APM be used to combine ACLs for a single session

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Introducing the single Installation script for F5 NGINX Instance Manager

Single Node Persistence

Brute Force protection for single parameter like OTP

X Forwarded For Single Header Insert

5 Technical Sessions That Should Be Great: F5 AppWorld 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS