Solved! Go to Solution.
Any chance the role is assigned to a web policy which allows all access? I think there is a default policy set up to allow that.
When I create a Resource Profile > Web such as:
I've used both a manual entry and the autopolicy for Web Access and SSO.
When I log on and access the intranet all is fine except I'm able to browse beyond this web server. I want to restrict users only to this web server and/or confine them even further to only some directories.