Cisco Cisco Web Security Appliance S670 Betriebsanweisung

You can create as many user defined policy groups as required to enforce the 
proper access control. The Web Security appliance displays policy groups 
together in a policies table.

All policies have a default, global policy group that applies to a transaction if none 
of the user defined policy groups apply. A global policy group maintains default 
settings and rules that apply to web transactions not covered by another policy. 
This group appears in the last row of a policies table, and the Web Proxy applies 
its rules last if no other matching occurs.

You can create policy groups based on combinations of several criteria, such as 
client subnet or the URL category of the destination site. You must define at least 
one criterion for policy group membership. When you define multiple criteria, the 
client request must meet all criteria to match the policy group.

Options used to configure policy groups allow you to specify exceptions to global 
policy settings and control access to services for groups of users.

For more information about creating policy groups for the different policy types, 
see the following locations:

The policies table is an ordered list of policy groups and the settings you configure 
for each filtering component. It displays policy groups by row and control settings 
by column. The control settings you can define vary by policy type.

 shows the Access Policies table.