Hi I'm currently struggling with some weird behaviour regarding the role mapping. I'm running a cluster of two SA-4500 6.5 R6 and have the following role mapping configured in one of the realms: First rule matches for all users beginning with let's say abcxyz*, no stop flag set providing SharePoint access. Afterwards there are user-specific rules with stop flag. And at the bottom I have a rule which matches all users beginning with abc* providing Citrix access. So if a user, say abcxyz_1 connects he should get SharePoint and Citrix. This also gets confirmed by the troubleshooting simulation. However if a user that has no specific rule matching for him, he won't get the Citrix access if he already received SharePoint. If there's a rule configured for this account it will however match and the user will get both permissions. This seems strange to me as the simulation states otherwise. Any ideas? Thanks in advance.