Dell SonicWALL Secure Mobile Access 8.5Administration Guide 340clicking the Logout icon at the right of the user row. The Active User Session table includes the followinginformation:Access Policies ConceptsThe Secure Mobile Access web-based management interface provides granular control of access to the SMA/SRAappliance. Access policies provide different levels of access to the various network resources that are accessibleusing the SMA/SRA appliance. There are three levels of access policies: global, groups, and users. You can blockand permit access by creating access policies for an IP address, an IP address range, all addresses, or a networkobject.Access Policy HierarchyAn administrator can define user, group and global policies to predefined network objects, IP addresses, addressranges, or all IP addresses and to different Secure Mobile Access services. Certain policies take precedence.The Secure Mobile Access policy hierarchy is:• User policies take precedence over group policies• Group policies take precedence over global policies• If two or more user, group or global policies are configured, the most specific policy takes precedenceFor example, a policy configured for a single IP address takes precedence over a policy configured for a range ofaddresses. A policy that applies to a range of IP addresses takes precedence over a policy applied to all IPaddresses. If two or more IP address ranges are configured, then the smallest address range takes precedence.Host names are treated the same as individual IP addresses.Network objects are prioritized just like other address ranges. However, the prioritization is based on theindividual address or address range, not the entire network object.For example:• Policy 1: A Deny rule has been configured to block all services to the IP address range 10.0.0.0 -10.0.0.255• Policy 2: A Deny rule has been configured to block FTP access to 10.0.1.2 - 10.0.1.10• Policy 3: A Permit rule has been configured to allow FTP access to the predefined network object, FTPServers. The FTP Servers network object includes the following addresses: 10.0.0.5 - 10.0.0.20. andftp.company.com that resolves to 10.0.1.3.Table 37. Active User InformationColumn DescriptionName A text string that indicates the ID of the user.Group The group to which the user belongs.Portal The name of the portal that the user is logged into.IP Address The IP address of the workstation which the user is logged into.Location The geographical location of the source IP for each user.Login Time The time when the user first established connection with the SMA/SRA applianceexpressed as day, date, and time (HH:MM:SS).Logged In The amount of time since the user first established a connection with the SMA/SRAappliance expressed as number of days and time (HH:MM:SS).Idle Time The amount of time the user has been in an inactive or idle state with the SMA/SRAappliance.Logout Displays an icon that enables the administrator to log the user out of the appliance.