Access Policies

The Basics

Access Policies to enable the network administrator to define Who / What / When network devices may access the Internet. They tie Device Groups, Action Groups, Time Groups and Application Groups together. Until an Access Policy is created all the the Device, Action and Time Groups are dormant.

To establish the Who / What / When of user access, the network admin needs to create up to 4 kinds of policies, which will make up the Access Policy.

  1. Who - Device Groups
  2. What - Action Groups
  3. When - Time Groups
  4. How - Application Groups

Before creating an Access Policy, the network administrator should have at least approximate answers for the groups above.


An Access Policy will match If and ONLY If all its member groups = True.

If one or more of these checks is False, the next Access Policy is checked in order of Precedence.


Access Policies fire in descending order of precedence. Access Policies may be grouped in three Levels to achieve a hierarchy. The Levels, in descending match order are:

Within each Level, the individual Access Policies are sorted the numerical Sequence.

Access Policy Groups

The Basics

Access Policy Groups are Access Policies that can be assigned to multiple companies simultaneously. This provides 2 advantages:

  1. Editing the Access Policy Group will update all Companies that are members of that Group
  2. Access Policy Groups can be changed on a Scheduled basis

For example, an Accountability Policy might have the following Access Policy Groups:

  1. Email / Updates Only
  2. Supervisors
  3. Researchers

Those Access Policy Groups are then available to assign on an company that's a member of the relevant Accountability Policy.


To activate the Policy Group's Access Policy on a company:

  1. Go the Filter Console / Access Policy Dashboard.
  2. Select a company in the select field.
  3. Find the Hamburger Menu on the right, inside the green title panel.
  4. Click Assign Access Policy Group
  5. Select the desired Access Policy Group and click Save.
  6. Enter a value in the duration field to have the assignment expire.

Swapping Access Policy Groups

Access Policy Groups may be swappped after a period of time. For example, company can have the Email / Updates Only applied by default, but require Researchers access infrequently.

To do this (assuming Email / Updates Only and Researchers have been created:

  1. Go the Filter Console / Access Policy Dashboard.
  2. Find the Email / Updates Only line. Find circular icon button at the end of the line.
  3. Select the Researchers Access Policy Group for New Access Policy.
  4. In the Revert field, enter number of hours Researchers will be active.