Configuration
The normal operation of the plugin is that all interactions from Atlassian products are not intercepted and the rules are not applied.
Only when direct REST api requests are done, those calls get a validation against the custom defined rules and are determine if a request is allowed or blocked with a HTTP 403 Status code.
At the moment network rules and group rules are AND linked if there are any defined! With version 2.1.0 this limitation will be eliminated and you can select if they are AND or OR linked!
Be aware that a huge number of rules can impact the performance of the REST api calls!
System Administrators accounts are not limited by any of the rules defined within those plugin!
If you - as System Administrator - want to test rules, then add the query string bypass-admin!