Exceptions

Exceptions allow the default action for a category to be overridden for specified users, groups, and roaming users, and for defined time periods.

Note that Require user authentication is not available for category exceptions, because for an exception to be applied, the cloud service must be aware of the users - they must already be authenticated. If a user has not been authenticated, but wants to access a category that has an exception for a user or a group, the cloud service automatically asks the user to authenticate.


	Note If you set up an Allow exception, note that this overrides only the Block action on URL categories. It does not bypass any other actions, including user authentication and antivirus analysis.

When you select a category, the Category Exceptions section at the bottom of the page shows the number of exceptions applied to that category. If no category is selected, the list shows all category exceptions that have been defined.

On occasion you may want to add users to exceptions for policies they are not yet using or leave users in an exception list for a policy they no longer use. This allows you to set rules for users before they are moved between policies—for example, when policy assignment has been changed in an LDAP directory. If you add an unknown user or if the user belongs to another policy, you receive a message to this effect. You can save rules that include users in other policies as well. These users are shown in the exception list with a red asterisk.

The exceptions table provides the following summary information about each rule:

The name assigned to the rule.

The category or categories to which the rule applies. If there are multiple categories in the exception, click the link to see the category list.

The users and groups to which the rule applies. If none are shown, it applies to all users of the policy.

The time period to which the rule applies.

The action for the rule, and whether it applies only to roaming users.

The state of the exception rule - on or off. You can change the rule's state in this table by clicking the State switch.

To create an exception rule:

On the Web Categories tab, click a category name.

Click Add exception.

The rule State is set to ON by default, meaning the rule will be enabled for the users and groups you select. If you want to set up a rule but not enable it immediately, click the State switch to set it to OFF.

Enter a Name and Description for the rule.

Select the Action to apply from the drop-down list.

For the Confirm action, enter the time period for which a user who clicks Continue can access sites in the selected category or categories.

For Use Quota, any further options depend on the quota time configured on the policy's General tab. If the policy has an overall daily quota set, that quota applies to the exception and cannot be changed. If the policy is using the per-category daily quota, enter the total quota time and session length available to users and groups in the rule.

Select the Time period during which the rule is active.

For an exception that should be applicable to roaming users only, mark Apply only when user is roaming.

Select the category or categories to which the rule applies. To select multiple categories, use the Shift and/or Ctrl keys.

Enter or select the users and groups that will use the rule. You can also specify that the rule applies to all users and groups in the policy except the group you select.

10.

Click Submit.