Managing Active Directory users (available from version 5.0.2.7)
Please see Initial agency and user setup if your version is below 5.0.2.7.
Mapping groups and roles
When installing the system, one or several AD-groups that should have access to the system was entered:
In this case the groups: "SYS" , "SC", "ADM" and "PDS_HOLBAEK" is allowed in to the system.
To add or delete groups, edit the file "authorization_INT.confg": <allow roles="SYS,SC,ADM,PDS_HOLBAEK"/>
Click on the the Roles button on the Administration tab:
When the Roles window opens the Administrator role is pre selected in the drop down. Click the Edit role button from the ribbon menu:
In the Edit roles dialog select the AD group name from the drop down, which is to be mapped to the DVI5 role. Members of the AD group will, if added as users, automatically be granted the permissions of the DVI5 role.
Click OK.
Repeat for all the AD groups:
Note that only one AD-group can be assigned to each role.
Adding users
Click on the Users button on the Administration tab:
Click on the Add AD users button:
From the drop down box Available AD groups choose the AD-group from which you wish to add a user:
On the left is a list box with all members of the selected group. Choose a user and click on
If you add a user that is a member of more than one of the legal AD-groups, it will have unpredictable consequences. The following message appears:
You will still be able to add the user, but it is not adviceable to do so.
Aftrer choosing a "legal" user, you get this message:
The SysAdmin will always be able to add users, and the Administrator role will typically be able to do it as well.
If you add users as SysAdmin, you must also assign the user to an agency, whereas as an Administrator, the users agency will automatically be that of the Administrator.
In this case it is the SysAdmin adding users, and an agency for the user should be selected, and Is approved should be checked to give the user access:
To finish click on the Save data button:
In the column DVI Roles you can see which role the user is assigned to. This reflects the users membership in the Active Directory group, and can not be altered for the individual user.
Locking out a user
You can uncheck the Is approved column to temporarily lock a user out from the system.