Apply Allow rules with a higher priority (lower number) before Deny rules with lower priority (higher number). Ideally as a toggle-able option to preserve compatibility with current configs.

Currently there's no way to create exceptions to Portal Access Deny rules as they are universally applied before Allow rules. This would let, say, a group membership to permit a user to bypass a Deny rule. Good for testing and troubleshooting and for allowing minimum exceptions past a Deny rule while otherwise maintaining the environmental security the Deny rule provides.