What is the best way to tune CSA 5.0 so that the changes that you make for one group dont affect the rules for another group?
Is there a way to create an allow rule for a group? where I could say always allow this application class access to run?
Or will I have to create clones of all the rules and then have each group point to its cloned rules?
Any help is greatly appreciated.
A rule must belong to a module, and that to a policy, so the answer is no.
You wouldn't need to have all rules cloned, just have the exception rule(s) apply to only one group.
A separate policy for that group with just the exceptions in a rule module would probably work best for this.