https://live.paloaltonetworks.com/t5/general-topics/trust-untrust-common-apps-block-user/m-p/405675#M92030 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/44240">@PA200-1</a>,</P> <P>Simply create another rulebase entry at the top of your above any of your existing untrust entries that blocks the one named user from any applications you wish to block for them. You actually can't negate the source-user in a security entry, so you have to do it via a specific policy or by stripping the user out of the user group you are using to grant untrust access.&nbsp;</P> Sun, 09 May 2021 05:02:09 GMT BPry 2021-05-09T05:02:09Z https://live.paloaltonetworks.com/t5/general-topics/trust-untrust-common-apps-block-user/m-p/405616#M92026 <P>Without giving any low level info</P><P>how would a person go about a blocking a single user, via policy, get blocked from trust-untrust common apps w/o affecting other users?</P><P>Create a policy above it? Or negate the user?</P> Sat, 08 May 2021 03:38:55 GMT https://live.paloaltonetworks.com/t5/general-topics/trust-untrust-common-apps-block-user/m-p/405616#M92026 PA200-1 2021-05-08T03:38:55Z https://live.paloaltonetworks.com/t5/general-topics/trust-untrust-common-apps-block-user/m-p/405675#M92030 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/44240">@PA200-1</a>,</P> <P>Simply create another rulebase entry at the top of your above any of your existing untrust entries that blocks the one named user from any applications you wish to block for them. You actually can't negate the source-user in a security entry, so you have to do it via a specific policy or by stripping the user out of the user group you are using to grant untrust access.&nbsp;</P> Sun, 09 May 2021 05:02:09 GMT https://live.paloaltonetworks.com/t5/general-topics/trust-untrust-common-apps-block-user/m-p/405675#M92030 BPry 2021-05-09T05:02:09Z