Hi, huh? you asked the same question yesterday and got several responses. (recap, yes, thats fine and if you WANT to ensure the policy does what it does then use reject - if you dont then some other later thing might change the auth/policy) alan