Active Directory Users / Groups and Laserfiche User Groups

replied on July 24, 2018

Effective rights are calculated based on all groups the user is a member of. So the user will inherit permissions from both the Laserfiche groups and their Active Directory groups.

0 0

replied on July 24, 2018

Yes, I understand that. If User X is member of "Authors" Laserfiche User Group as well as "Librarians" Active Directory Group and both groups were assigned permissions in Laserfiche then User X's effective rights will be inherited from both groups.

I am inquiring about another situation. Here is an example:

- User Y is a member of "CoreBanking Admins" in Active Directory, which gives the user super admin rights over CoreBanking system.

- At the same time, User Y is a member of "Authors" user group in Laserfiche, which gives user permission to read, print, make / read annotations and view redaction.

- Once I add User Y into the "Authors" user group in Laserfiche, will his rights in "CoreBanking Admins" Active Directory group override his rights in the "Authors" Laserfiche user group?

0 0

replied on July 25, 2018

Hi Wissam,

Everything will be merged together based on the rights from each group (be it Lf or AD) that the user is part of. If the rights were set up as 'allow' vs 'not allowed' (blank), then it will be everything that is allowed. If any rights are explicitly denied, then it will be denied.

Some rights types like Privileges just have 'allow' and 'blank', they don't have explicit denies, so in that case it will always be the highest rights you have assigned.

0 0

Question

Question

Active Directory Users / Groups and Laserfiche User Groups

Replies

Sign in to reply to this post.