EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-03 04:04 PM . Last Modified: 2 weeks ago
I've recently configured my DCE (7.4.3) to use LDAP for users. ALl of the users that I select from my domain appear under a 'Remote Users' group and cannot be moved. Each user has two options: read/write off all devices or not being able to see any devices. Is this how it's supposed to be, or did I miss something? I'd like to be able to move users into pre-existing groups based on what they should see with regards to devices.
(CID:118004669)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-03 04:04 PM . Last Modified: 2 weeks ago
Hi Austin,
When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights.
If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that.
The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else.
Thanks,
Steve
(CID:118004701)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-03 04:04 PM . Last Modified: 2 weeks ago
Hi Austin,
When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights.
If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that.
The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else.
Thanks,
Steve
(CID:118004701)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-03 04:04 PM . Last Modified: 2023-10-22 02:54 AM
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.