Page 1 of 1
User Class Permissions Required to Use Plugin.
Posted: Tue Jun 07, 2022 1:15 pm
by Cubert
In Build 1.0.0.3 we have started to add use permissions to the plugin. At a minimum a user (tech or engineer) must have the User Class
ActiveDirectoryUI added to there user class permissions. Super Admins are automatically included and are not denied any functionality.
- Screenshot 2022-06-07 090759.png (55.83 KiB) Viewed 2306 times
In order to help comply with SOC2 MSP compliance regulations this user class is intended to allow only the access a lesser administrator may need to manage users for the client. Currently in build 1.0.0.3 it retains all the same functionality as a super admin. This will start to change as next few builds are released.
Re: User Class Permissions Required to Use Plugin.
Posted: Thu Jun 16, 2022 7:32 pm
by Cubert
As of Build 1.0.0.4 User Permissions are in full swing.
There are now two (2) user classes for the
ActiveDirectory UC plugin.
- UserClassesNeeded.png (51.27 KiB) Viewed 2289 times
- ActiveDirectoryUI - Required to allow non Super Admins users access to plugin. If a user is assigned this class and the optional limit class was not added then user has all access to plugin controls. This does not allow the user to access the permissions controls inside of plugin.
- ActiveDirectoryUI-Limit - is an extra optional class that will force plugin permissions for the user.
Setting Permissions
You must be a Super Admin to access the user permission controls of the plugin. There will be a button marked "Permissions" in the top banner of any client console that will open the permissions form and allow you to set the permissions. You can set the permissions for any client or by selecting the
Set Global Permissions checkbox you can set all client consoles to use a common set of permissions. If you set any client differently from the global permissions then the client permissions will automatically override the global permissions set.
- NewPermissionsButton.png (11.24 KiB) Viewed 2289 times
If a client is using the "Global Permissions" then the "Current Global Defaults Permissions" banner will be displayed.
- SetPermissionsForm.png (44.93 KiB) Viewed 2289 times
User Permissions in Action
When a user is provided both
ActiveDirectoryUI and
ActiveDirectoryUI-Limit user classes and a super admin has set global or client permissions, this is the kind of view a limited user might see. We have only enabled the Unlock User and the reset User password functions for this user.
- LimitedUserPermissions.png (68.21 KiB) Viewed 2289 times
The normal Update User button is missing and 4 of the 6 menu items are disabled. This user can now only reset user passwords and unlock user accounts.