Hi - I wanted to confirm whether or not there is any significance to the order of the rules within a v.4 (2016) Access Control Policy? Or does the service essentially step through every rule until a condition can result in a token being built?
And if no such condition exists, then a token is not authorized.
Thanks,
DaveC
