1. Home
  2. Conflicting LDAP Group vs Individual Access Privileges

Conflicting LDAP Group vs Individual Access Privileges

When users are assigned multiple access points from within multiple OnDataSuite LDAP groups, the system will default access rights to the lowest assigned group privilege in the system unless otherwise specified in the individual user settings.

This means that if a user has been denied access in any group, then they will be denied access in ALL groups their associated LDAP name is attached to.

Example of issue
Dave Simmons is assigned to two groups. One is ‘Example Group 3’ and the other is ‘Example Group 6’

Both groups are listed under the Edit Access settings for: ODS Administrator.

All users under the ‘Example Group 3’ have been denied access but all users under the ‘Example Group 6’ have been granted

Even though Dave Simmons should have access privileges to the OnDataSuite Administrator section of OnDatSuite in ‘Example Group 6’, those rights have been cancelled out by ‘Example Group 3’ .

Fixing issue of multiple access permissions canceling out individual user permissions. 

To address this the OnPoint administrator will need to go into the individual user settings and follow the steps outlined in section 5. (Assigning Access Privileges by LDAP Individual User) to assign access privileges at the individual user level. Setting at this level will override user levels no matter the group level permission settings.

 

Updated on 10/11/2021

Was this article helpful?