Assigning Multiple Groups to a Single User
When creating firewall rules, it is more productive and efficient to be able to Match Known Users to a particular group than it is to select each user that needs to have that rule applied against. We're limited in our ability to this this however, since the Sophos appliance only allows us to assign a single group to each user. If a group of users needed to be part of Remote Desktop Users, as well as part of the Accounting Web Filtering policy, we'd have to add each user to the rule and not just a group that the users are a part of.
If we could assign a single user to multiple groups, we would be able to have multiple firewall rules check against groups without needing to enter each user on each rule each time.
Are you referring to clientless groups, regular user groups, or both? I voted for the latter - allow users to be assigned to multiple groups be those users regular or clientless. By this, I do not mean crossing from one to the other - for example, I am not saying we need to allow a clientless user to be part of a regular user group or vice-versa.