User Class Permissions Required to Use Plugin.

This is the documentation project for the ADUC plugin.
Post Reply
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

User Class Permissions Required to Use Plugin.

Post by Cubert »

In Build 1.0.0.3 we have started to add use permissions to the plugin. At a minimum a user (tech or engineer) must have the User Class ActiveDirectoryUI added to there user class permissions. Super Admins are automatically included and are not denied any functionality.


Screenshot 2022-06-07 090759.png
Screenshot 2022-06-07 090759.png (55.83 KiB) Viewed 1823 times
In order to help comply with SOC2 MSP compliance regulations this user class is intended to allow only the access a lesser administrator may need to manage users for the client. Currently in build 1.0.0.3 it retains all the same functionality as a super admin. This will start to change as next few builds are released.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: User Class Permissions Required to Use Plugin.

Post by Cubert »

As of Build 1.0.0.4 User Permissions are in full swing.

There are now two (2) user classes for the ActiveDirectory UC plugin.


UserClassesNeeded.png
UserClassesNeeded.png (51.27 KiB) Viewed 1806 times

  • ActiveDirectoryUI - Required to allow non Super Admins users access to plugin. If a user is assigned this class and the optional limit class was not added then user has all access to plugin controls. This does not allow the user to access the permissions controls inside of plugin.
  • ActiveDirectoryUI-Limit - is an extra optional class that will force plugin permissions for the user.


Setting Permissions

You must be a Super Admin to access the user permission controls of the plugin. There will be a button marked "Permissions" in the top banner of any client console that will open the permissions form and allow you to set the permissions. You can set the permissions for any client or by selecting the Set Global Permissions checkbox you can set all client consoles to use a common set of permissions. If you set any client differently from the global permissions then the client permissions will automatically override the global permissions set.


NewPermissionsButton.png
NewPermissionsButton.png (11.24 KiB) Viewed 1806 times

If a client is using the "Global Permissions" then the "Current Global Defaults Permissions" banner will be displayed.


SetPermissionsForm.png
SetPermissionsForm.png (44.93 KiB) Viewed 1806 times


User Permissions in Action

When a user is provided both ActiveDirectoryUI and ActiveDirectoryUI-Limit user classes and a super admin has set global or client permissions, this is the kind of view a limited user might see. We have only enabled the Unlock User and the reset User password functions for this user.

LimitedUserPermissions.png
LimitedUserPermissions.png (68.21 KiB) Viewed 1806 times

The normal Update User button is missing and 4 of the 6 menu items are disabled. This user can now only reset user passwords and unlock user accounts.

Post Reply

Return to “Active Directory UC Documentation”