Forum / Remote Desktop Manager - Feature Request

Security Groups Enhancement

  • Create an Issue
  • Cancel

First of all, I love the ability to assign folders to security groups. It makes it easy to secure the folders for specific users. However, there is an issue with assigning security groups to a main folder in that I don't always want it to propagate down to the subfolders. Just to give a little background, I work in a lab where we support remote training and students access our equipment remotely. We provide connections to all of the equipment through RDM. I have switched over to a SQL database that all training solutions will have access to. So, for one of our solutions, we have a main folder for the training solution itself with subfolders for the instructor and the student stations. I wanted the instructor to have access to all folders and the students only have access to their folder. However, if I don't assign the main folder to a security group, all other training solutions will see that folder, which is not very good. I can't assign the main folder to a security group without the permissions propagating down to the subfolders, so as a work around, I had to remove the main folder and rename the subfolders with a unique identifier to make things cleaner for the students and instructors. However, now I will have a big cumbersome list of folders in the database. Could we have a way to group these folders so that they can be collapsed without the use of the main folder, or can you make a modification that provides a choice of whether or not to propagate permissions from the main folder?

Clock4 yrs

Hi,
We already have a todo to change the way the right are inherited. I will see what I can do for the next major release. Sometime we use the shortcut to have a session in multiple folders.

David Hervieux

signaturesignature

Clock4 yrs

Is there any update on changing the way rights are inherited in security groups? This would help clean up our current folder structure where we can roll up subfolders under a main folder.

Clock4 yrs

I'm checking back to see if there is a way to break inheritance for sessions or subfolders under a folder for which a security group is applied.

We really need a way to roll up folders under a main folder just for better organization in RDM. The subfolders security groups would have to override the security group of the master folder so that I could collapse everything under a specific folder.

Is there a way this could be done?

Clock3 yrs

Checking back on this thread as I have not noticed any updates to RDM to include this functionality.

I am unable to organize my folders and collapse them under a master folder due to the inheritance of permissions. This has resulted in a very ugly folder structure for all of our sessions where we apply security groups.

I don't think shortcuts will help us in this situation. There has to be a way to set a folder to not inherit permissions from a parent folder.

Clock3 yrs

Hello Tom,
RDM 12 will offer a role based security as a complement of the security group. This should help you simplify your structure. For example you will be able to restrict the access of one specific entry in a folder by specifying multiple roles.

Regards

David Hervieux

signaturesignature

Clock3 yrs

Thanks for the information. That is excellent news. I'm looking forward to version 12. I'm actually looking for a folder security group to not be inherited by subfolders, not necessarily individual sessions, but that would be great as well.

Clock3 yrs

Just saw the update for RDM and installed it. However, this update does not meet our needs. What we need is more along the lines of organization and ability for users to see specific folders. We need a method to allow disinheritance of a security group of a sub-folder. If I have a top level folder assigned to one security group and sub folders assigned to different security groups, I should still be able to see my folder if I am assigned to a security group even though the parent folder is in a different security group, if that makes sense.
Now, if there is a different way I need to go about organizing my folders, can you please point me in the right direction for how I can make that happen?

Clock2 yrs

Hello,

Instead of using Security Groups, you can try our Permissions based security system. It is possible to manage all permissions on each level and then allow disinheritance of permissions on a sub folder.

In the following example, the View permission has been set on the Company 1 folder to these roles : Administrators and Operators. The column Permissions in the Tree View shows the View permission settings only. Administrators has the Add, Edit and Delete permission on this folder.

image

image

On the Montreal folder, both of these roles have View, Add, Edit and Delete permissions.

image

So, a user that is a member of the Operators role can view, add, edit or even delete anything under the Montreal folder but can only view what's in the Company 1 folder.

I hope that will clarify our new Role-based security system. Let me know if you need more assistance.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 yrs

Thank you Erica, that clears up some things about how to do this. However, I followed these steps and now I can't see any folders even if I am logged in as the user that is assigned to the role that has permissions to view. Maybe there is something I am not doing correctly, but I think I have everything in place.

Clock2 yrs

Just to be clear, I am not able to see the folder when logged on as a user that is assigned to the appropriate role. Here is my configuration:
I have a folder called AFM2. Under that folder, I have a folder called AFM2 Instructor. I have a user account of afm2_instructor that is assigned to the AFM2_Instructor role. I grant all permissions to the Administrator role on the AFM2 folder. I grant view permissions for the AFM2_Instructor Role to the AFM2 Instructor folder. I log onto a system with RDM 12.0.2.0 installed using the afm2_instructor account. I cannot see any folders at this point. I am not using security groups currently. It seems that something is still being inherited that is preventing this user from seeing the appropriate folder. Can I not nest folders and have permissions disinherited to allow at least view access to the subfolder?

Clock2 yrs

Hello,

Have you set the view permission for the AFM2_Instructor role on the AFM2 folder?

You must have the view permission on the parent folder to be able to view the content of a subfolder.

If you add the Permissions column in the Tree View, this will show you which role has a view permission on the folder.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 yrs