Because of the flexibility in assigning security policies (see How User, Device, and Zone Policy Assignments Operate), it is possible for multiple security policies of the same type to be applied to a device through different sources. For example, one Firewall policy might be assigned to a workstation device, a second Firewall policy to the device’s user, and a third Firewall policy to a device group in which the device is a member. Because of multiple assignments, the ZENworks system must determine the effective policy for the device. The Endpoint Security Agent can then enforce the one effective policy on the device.
Determination of the effective policy is based on ordering and merging rules.