Permissions

Hello,

I must admit that at such a large number of AD groups, our network discovery is not performant.

We have designed an AD cache manager that would take the performance hit at the startup only, but it hasnt been implemented yet.

As for your other option, we do not have such a mechanism at this time, although it has been discussed not too long ago. I cannot say if it has been approved though.

In the meantime, I have been able to piece something together with our Custom Credential type, which is essentially a powershell script that must fill the credentials. It is not perfect, but may allow you to get started.

Since we have a variable system, my test credential contains :

write-output '$NAME$ $SESSION_ID$'
This is just to show you that upon execution, the powershell script will contain the resolved values of these variables.

You then set a session (RDP, SSH, etc) to use that credential entry. When you attempt to run it, the prototype will display a dialog with the name of the session, as well as the session ID.

If the powershell script fills in the $Result.xxx variables for the credentials, the session will connect succesfully. If you do not get the OK, you must not return credentials. The downside of this approach is that the session will still try to connect, and you will get the authentication failure.

We can help further if you want to explore this option.

Best regards,

Hello,

I think that your suggestion is not an option for us. I'm not able to see how can we implement this kind of solution.

Can we have a call?

Hello,

We need to know about if this feature will be implemented. We really need this. Your support team said to us that we can't use more than 20-30 security groups but it isn't enough for us. We need to limit permissions more detailed.

Thanks