Hi All, I've setup a Brokering Group and Brokering Rule and when the user is of certain role, the SP deny is set. https://www.netiq.com/documentation/access-manager-44/admin/data/b1ax7qoc.html says: If the authorization policy is configured to deny execution…