VMware Cloud Community
BorgSquirrel
Contributor
Contributor
‎02-15-2018 12:37 AM

Effective permissions with same user in multiple groups/roles

Hi all! I am unable to google a definitive answer to this question, hope someone here can tell me. No lab and I do not have access to the AD to test in prod. env.

User A is member of two Active Directory groups, X & Y. On a particular object in vCenter, group X has the role Administrator and group Y has the role read-only.

What will the effective permission for user A be? Does most restrictive or most permissive win?

Thanks

5 Replies
hussainbte
Expert
Expert
‎02-15-2018 03:37 AM

The below link should answer your question.

Multiple Permission Settings

Although its for version 6.0 I am not expecting 6.5 to be any different

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
BorgSquirrel
Contributor
Contributor
‎02-15-2018 04:54 AM

Thanks but that article does not answer my question. Same user in 2 groups with 2 different roles on same object. It only deals with user vs. group precedence and object inheritance as far as I understand it.

0 Kudos
BorgSquirrel
Contributor
Contributor
‎02-15-2018 05:04 AM

Picture this setup.

User A is a member of both Active Directory groups X & Y.

On 'VM's and Templates', X group has administrator role and Y read only role

Does user A get read only according to group Y role or administrator according to group X role on the 'VM's and Templates' object?

0 Kudos
LokeshHK
VMware Employee
VMware Employee
‎02-15-2018 05:31 AM

User "A"  will get Administrator role.

Regards

Lokesh

BorgSquirrel
Contributor
Contributor
‎02-20-2018 05:18 AM

So, most permissive wins. Thanks!

0 Kudos