User can see nodes revoked on some views

jkcy

I restrict the console view to a group of systems so our admins aren't distracted by systems they don't care about.  On the default Orion Summary Page, the "All Nodes" view has the correct restricted list of nodes.

However the "All Applications" view has other systems the user used to be allowed to see.  For systems the user is allowed to view, they can expand the node to see the details. They can't expand the node if not on their allowed list.  The "All Groups" view poses the same behavior.  The user sees the groups they to have access to but was revoked before. The group name is listed but you can't drill down to the list.  From technical standpoint the additional data is NOT exposed but this confuses the user.

This is how I setup users and assign groups to what they are allowed in their views:

1. Create an AD group, add users to the group

2. Create Orion Group: Settings > Manage Groups > Add New Group.  Add Computer Nodes

3. Create Orion User: Settings > Manage Accounts > Groups > Add New Group Account

4. Under Account Limitations, add Group of Groups, specify the Orion Group

I think the permission to see the object is working. Maybe there is a procedure to update the viewable list is not updated or need a long time before reflecting to the user interface?

Thanks

jkcy

The view was finally updated correctly after a long wait.

I see what you mean but it's not going to be scalable in my case.  I try to use groups as the way to scope objects. I divide my groups my service environments.  For example, I have a group to include all Exchange servers in production, a group to include just Exchange production servers, a group to with just Exchange lab servers, etc.   I can then assign one or more groups to a admins based on their access needs.

Thanks