Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84766members
354198posts

LDAP and User Groups

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
DCIM_Support
Picard
Picard
0 Likes
2
187

LDAP and User Groups

This question was originally posted on DCIM Support by adelaney on 2017-05-15


I've recently configured my DCE (7.4.3) to use LDAP for users. ALl of the users that I select from my domain appear under a 'Remote Users' group and cannot be moved. Each user has two options: read/write off all devices or not being able to see any devices. Is this how it's supposed to be, or did I miss something? I'd like to be able to move users into pre-existing groups based on what they should see with regards to devices.

(CID:118004669)


Accepted Solutions
DCIM_Support
Picard
Picard
0 Likes
0
187

Re: LDAP and User Groups

This answer was originally posted on DCIM Support by Steven Marchetti on 2017-05-15


Hi Austin,

When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights. 

 

If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that. 

The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else. 

 

Thanks,

Steve

(CID:118004701)

See Answer In Context

2 Replies 2
DCIM_Support
Picard
Picard
0 Likes
0
188

Re: LDAP and User Groups

This answer was originally posted on DCIM Support by Steven Marchetti on 2017-05-15


Hi Austin,

When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights. 

 

If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that. 

The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else. 

 

Thanks,

Steve

(CID:118004701)

DCIM_Support
Picard
Picard
0 Likes
0
187

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.