What policy is effective when I apply more than one policy to a group of users
From Netintelligence Knowledge Base
Having more than one policy applied to a group of users means that it is possible to have different rules set for the same policy category, for those users. In this circumstance (where rules for policy categories overlap), some rules take priority over others. The order of priority for these rules is always:
'Only allow' > 'Allow' > 'Warn' > 'Block'
For example, if you have set an 'Allow' rule for a category in one policy (not excepting the Default Policy), and 'Block' in another policy, then when both of these policies are applied to the same user group, the 'Allow' rule overrules the 'Block' rule. The combined effect of the application of these two policies to a user group is that the user will be allowed access to the category in question.
Note that the Default Policy is applied to all users, and so 'Allow' rules in your Default Policy will overrule any rules for the same category in your custom policies. When planning the application of customised policies, in general you are advised to leave the category as 'Not Set' in the Default Policy, then apply your preferred rule to the category in your customised policies.