Explicit deny on specific sessions
How would I go about explicitly denying a user who is a member of an AD group with a role associated with that AD group? I have a couple of specific situations where a user was previously employed by a customer and those users are not allowed to access those customers servers.
Do you have any ideas on how I could best address this issue?
All Comments (2)
Hi,
Usually you could create a security group related to the customer and assign it to a parent folder. Because of the inherited security, if the user does not have access to this security group, he will not be able to see the customer sessions. You could also assign this group directly to the Security Group property of the customer's' entries.
David Hervieux
I'll try that and let you know if I run into any issues.