Permission through Nested AD Group - VisualCron - Forum

Community forum

We manage our application access via nested AD groups and would like to see support for nested AD groups in VisualCron.

We make users members of functional groups. Through these functional groups we grant them access to applications via the associated applications groups. When a user's function changes, we simply move the user to the new functional group; thus, the application access is automatically updated. For example:

John works for department ABC (FG_ABC) and ABC has access to application XYZ (AG_XYZ). Joan works for department DEF (FG_DEF) and has application to PQR (AG_PQR).

John -- memberOf --> FG_ABC -- memberOf--> AG_XYZ.
Joan -- memberOf --> FG_DEF -- memberOf --> AG_PQR.

When John changes department, we would just move him from FG_ABC to FG_DEF and he automatically loses access to XYZ and gain access to PQR.

If we have nest AD groups support then we can implement the same scheme to ensure that individuals can control jobs that are appropriate to their function.
Scroll to Top