Currently, the product does not account for having assets or users match more than 1 smart group for Powerbroker central policy application. If multiple groups match it is random on which policies apply.
We would like to use smart groups to apply Powerbroker policies in a layered way but currently, we can't layer as only 1 smart group will apply powerbroker policy at a time.
We have 6 policy templates and there can be a different mix for any asset/user depending on what they are authorized for. It is not practical to try to have an Ad query/smart group for every possible mix while ensuring one 1 smart group with policies match. We not only would have to make a group for each mix but would have Not logic in each to ensure that in no case multiple smart groups would match that would cause random or unexpected policy mix to apply.