I want to give a bunch of users access but instead of creating individual users in my DB, I’ll grant an AD group access and then put the users into that group. I added the AD group, adjusted the permissions to match a local user but that didn’t seem to work. Is this even possible? For sysadmins it seems to work as a couple of us can login without even creating a user and RDM. The software create a user but it doesn’t do so in the DB as it’s giving us access via the AD group which is a sysadmin. I wanted the same thing for regular users but it seems to have been a total failure. Can I do what I want to do or is this not possible?
My 2nd issue is with permissions. I have the following structure [denotes assigned security group]
Blades[shared]
Teams [none]
-Group1 [Group1]
-Group2 [Group2]
-Group3 [Group3]
--FolderA [none]
--FolderB[none]
---FolderBB[none]
-Group4[Group4]
Since my first test above was a horrible failure, I delete the group in SQL and created a new user via RDM and selected the box to create the SQL user and login.
In RDM I selected Add/Edit/Delete then clicked the view option for [shared] and view, add, edit, delete for [Group1]
Problem is, this user can’t see Group1 folder but does see Group3 and can happily create new entries in Group3 which they shouldn’t be able to. A refresh/RDM relaunch and I can see both Group1 and Group3 but still can create items where they shouldn’t be able to.
Furthermore, the permissions I see on those folders don’t seem to match the permissions this user sees (which is probably why he is allowed to create items when he should be)
Next, I unchecked access to Group1 and just them view permission on Group2. They were able to create a new item in Group2. I unchecked the view/edit/delete boxes to gray out the columns. The user was able to start the process of create and then clicked ok, they got an insert permission was denied (I get a window with a stack trace showing the problem happened in the sql connection)
I’m still testing this software so it was a new DB created with 8.9.2.0 and we’re using 8.9.4.0 (there’s features in the beta we need before deploying).
It’s not easy to explain but the permissions aren’t behaving at all like I expected or like what I saw when using sql logins (and creating new data sources with said logins to test)
Any help is appreciated.
Thanks
My 2nd issue is with permissions. I have the following structure [denotes assigned security group]
Blades[shared]
Teams [none]
-Group1 [Group1]
-Group2 [Group2]
-Group3 [Group3]
--FolderA [none]
--FolderB[none]
---FolderBB[none]
-Group4[Group4]
Since my first test above was a horrible failure, I delete the group in SQL and created a new user via RDM and selected the box to create the SQL user and login.
In RDM I selected Add/Edit/Delete then clicked the view option for [shared] and view, add, edit, delete for [Group1]
Problem is, this user can’t see Group1 folder but does see Group3 and can happily create new entries in Group3 which they shouldn’t be able to. A refresh/RDM relaunch and I can see both Group1 and Group3 but still can create items where they shouldn’t be able to.
Furthermore, the permissions I see on those folders don’t seem to match the permissions this user sees (which is probably why he is allowed to create items when he should be)
Next, I unchecked access to Group1 and just them view permission on Group2. They were able to create a new item in Group2. I unchecked the view/edit/delete boxes to gray out the columns. The user was able to start the process of create and then clicked ok, they got an insert permission was denied (I get a window with a stack trace showing the problem happened in the sql connection)
I’m still testing this software so it was a new DB created with 8.9.2.0 and we’re using 8.9.4.0 (there’s features in the beta we need before deploying).
It’s not easy to explain but the permissions aren’t behaving at all like I expected or like what I saw when using sql logins (and creating new data sources with said logins to test)
Any help is appreciated.
Thanks