Veyon Community Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Access Control - groups within groups

    Help & Troubleshooting
    2
    4
    145
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gerardsweeney last edited by

      I'm trying to set up access control.

      I have a Staff user - TomBaker
      He is a Maths teacher in SchoolA

      His AD account membership looks like:
      SchoolA_Teachers_Maths

      SchoolA_Teachers_Maths is a member of a group SchoolA_Teachers
      SchoolA_Teachers is a member of AllSchools_Teachers

      I check the box "Enable usage of Domain groups".
      I add SchoolA_Teachers and/or AllSchools_Teachers to the "Restrict access to members of specific user groups" section.
      I click Apply
      When I run the "test", and put in TomBaker, the account shows it does not have access.

      If I add SchoolA_Teachers_Maths, then it passes.
      So Veyon doesn't appear to understand nested groups.

      I also tried creating a local group on the PC called VeyonUsers, and adding SchoolA_Teachers to that.
      Still didn't pass.

      I thought I could tackle it with "deny" instead, but the pupil accounts are the same nested approach.
      PupilAccount1 - member of SchoolA2020, which is a member of SchoolAPupils

      Is there a way around this?

      If it helps, any..

      Our AD structure is:

      User Accounts
      SchoolA\Staff
      SchoolB\Pupils
      SchoolB\Staff
      SchoolB\Staff

      There will be cases where staff from SchoolA are using PCs in SchoolB.
      So I can't just use a config where SchoolA PCs look at SchoolA\Staff

      1 Reply Last reply Reply Quote 0
      • tobydox
        tobydox last edited by

        Hi Gerard,

        unfortunately nested groups are currently not supported. This means you'll have to add allow rules for the individual teacher groups.

        Best regards
        Tobias

        1 Reply Last reply Reply Quote 0
        • G
          gerardsweeney last edited by

          Hi..

          I think I'll get round it by using a script to modify the permissions on the Private keyfile on PCs with Master installed.

          In my testing, I've put a PupilAccounts = "Deny read".
          This lets me run the Master as a Teacher, but not as a pupil - which is what I need.

          1 Reply Last reply Reply Quote 1
          • tobydox
            tobydox last edited by

            Sounds like a perfect solution!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB | Contributors