Analyze Security Policy Blocking the User Access

1. Start a query for users whose access you’re interested in. For example, the following query allows admins to determine whether a user has hindered or blocked access for a particular application.

   Can mobile user <name> access <application> from prisma access location <location-name> using device <device name>

   Click Analyze to view query results.
2. Analyze the access issue and take appropriate action.

   1. Your query result shows a historical sequence of events related to the user's access over time. Click the query name from Query Log to view the results.
   2. Under Results, click Security Policy (Based on Logs) to view logs that matched the rule. Access Analyzer displays traffic logs for the past seven days, and threat and URL logs for the past three hours.

   3. Expand the traffic log entry to view the user session details for the past 3 hours.

   4. To view details of the security policy that indicates current status of user access, click the link in the banner above the Logs table to run the Check Security Policy Only query.

      This automatically runs the Check Security Policy Only query. View the progress of the query in the Query Log.

      Once the query is complete, click the query link to see the query result with security policy configuration.

   5. To view more details on the logs related to the query, click Log Viewer.