I am working with an organization that has the 25 user public portal license and then Rio licensing for full licenses. They have 20+ people that have a full license assigned to their AD account via License Manager. They want to have all 600+ employees have access to WebLink via Windows Authentication. They have an AD group that contains All Employees that we can add and then set the group to "Only allow read-only access" in the admin console. If we do this though, the 20+ users with full licenses who are also a member of this All Employees group will get set as Read-Only.
For large organizations that have employees constantly being hired it can become quite tedious to maintain an AD group to just control this read-only access. Is there a better way to handle these licenses so that everyone can use Windows Authenticated WebLink without having to maintain unique groups for the two types of licenses? Why doesn't the full-license trump the "allow read-only access" permissions since they have bought and assigned a full license anyways?