Support for Windows Groups with WPM Recorder 3.0

ahbrook

We currently have our Orion environment set up to use AD Groups for security access. The highest tier of this access is a "Full Access" group that has full admin rights to everything in Orion, including WPM.

However, despite that access, the WPM recorder cannot seem to open transactions and has issues confirming the configuration.

The workaround for us was to add our windows accounts to the "Individual Accounts" section of the Orion Web Console. Doing this allowed us to open server-based recordings, but breaks our security scheme.

This idea is simple: Please have WPM support Windows Groups for admins so that we can keep our security model correct.

michal.kalina

Actually there are two options to "workaround" this issue.
1. Try to connect to Orion with a domain account which belongs to AD Group which has WPM Admin rights - but in the username field, you need to enter "domain\username" exactly that same "character by character" as your "domain\username" is displayed in the web console after you sign in (top right corner of a page) (I think It is case insensitive).

2. You can add an entry to the WPM Permission table for your "domain\username". After that, you will be able to login with your AD Account having only AD Group in Orion. (I think It is case sensitive). With this approach, it works for deprecated WPM - I'm not sure if it will work for the new one as well.