1 Reply Latest reply on Sep 16, 2018 8:28 PM by dodster

    MFT LDAP Groups Question

    dodster

      If I have 2 AD Security Group, where I have Users assigned (some users are in Both Groups)

      Some users in seperate groups

      If I grant Access to a different Home Dir and Assign permission to different folder structure

      does MFT application affectively only allow the users to view the more restrictive folder

      Also does the MFT apply least restriction to those users in both groups

       

      Example

      I have a group that I make the Home Dir %DOMAIN-HOME% and Directory Access %DOMAIN_HOME% with RWADN-L---I

      the 2nd Group Home Dir %DOMAIN-HOME%\Subfolder and Directory Access %DOMAIN_HOME%\Subfolder with RW-DN-L---I

       

      Just wondering how MFT applies its rules for Home DIR and rights

      Thanks

        • Re: MFT LDAP Groups Question
          dodster

          FYI Found my Own Answer

          If you have a user with access to different directory structures under the same root then the user gets the Lower level applied to their connection

          So if the user has the following applied by 2 groups option 2 is presented to the user (note user can not browse up if "lock user in homeDirectory" is applied)

          1 Home Dir %DOMAIN-HOME%

          2 Home Dir %DOMAIN-HOME%\Subfolder

           

          Regarding File permissions

          If a user is a member of 2 groups where different file restrictions are applied, then the most restrictive setting appears to apply

          Hope this helps others when considering DIR and File restrictions

          Cheers