|
|
|
|
|
In addition to authenticating users against Active Directory, VSys can also assume security roles for users based on the Active Directory groups those users are members of. By associating Active Directory groups with VSys security roles, users derive rights not only from their explicitly assigned rights and roles but also implied roles. When a user logs into VSys Security, and that user is not a non-domain login, VSys:
These temporary roles are added "after" any explicit security roles given to the user, and these temporary roles are not given to the user in any specific order. (A VSys Security role may subtract from a user's rights, so be careful that you don't make assumptions about the order of domain-implied roles.)
In the example below, making an Active Directory user a member of the group "VSys One administrators.vsysone.com" would give that user the VSys Security role "Administrator" at login.
Note that inherited/implied Active Directory groups are not permitted: to meet the criteria here, the user must be explicitly and directly in all of these groups.