logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
M_Albert  
#1 Posted : Tuesday, February 14, 2017 6:47:25 PM(UTC)
M_Albert


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/20/2013(UTC)
Posts: 32
Location: Alaska

Thanks: 10 times
Was thanked: 1 time(s) in 1 post(s)
I have several lower-level rank and file folks that have a need to use my SC install. However, I only want them to see those computers that they specifically have a need to access. This was easily accomplished by creating a session group that was tied to their active directory login. It was pretty easy-

Create an AD group specifically tied to that user
In SC, create a role tied to that user (usually a copy of other roles made for the same purpose)
Then create a session group tied to that role, using the Notes feature. For example, the session group for the Warehouse would be named "Warehouse_SC", and would say "Notes LIKE "*warehouse_sc*". Then I'd just go to the Notes on whatever machines the Warehouse needed access to, and in the Notes field put *warehouse_sc*, and then the Warehouse user would ONLY see those machines show up in their access list.

The problem is that when building a session group, previous to 6.1 as I would build the user, you could specify in the permissions: View session group> specific group > warehouse_sc. But now when I build the user, I don't get any options beyond the initial ones in the main list. As a result, when the Warehouse logs in, their session group is there, but in the Access list they also still have access to every machine on the system.

Does anyone have any idea what's up with that?
Michael L  
#2 Posted : Tuesday, February 14, 2017 7:03:40 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 64
Man
United States

Thanks: 4 times
Was thanked: 11 time(s) in 9 post(s)
We changed the way that roles are built in the security page in 6.1 so it looks a bit different, but it should be more intuitive and easier to use. The function you're looking for is still there, you just need to uncheck the permissions at the top that apply to all session groups:

https://help.screenconne...missions#Creating_a_role
ConnectWise Control (ScreenConnect) Support Team
M_Albert  
#3 Posted : Thursday, February 16, 2017 7:30:01 AM(UTC)
M_Albert


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/20/2013(UTC)
Posts: 32
Location: Alaska

Thanks: 10 times
Was thanked: 1 time(s) in 1 post(s)
This is what mine looks like, I can't figure out how to reconcile the documentation you linked to my issue. Any thoughts?

Sessions
Michael L  
#4 Posted : Thursday, February 16, 2017 1:10:45 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 64
Man
United States

Thanks: 4 times
Was thanked: 11 time(s) in 9 post(s)
Originally Posted by: M_Albert Go to Quoted Post
This is what mine looks like, I can't figure out how to reconcile the documentation you linked to my issue. Any thoughts?



Thanks for the screenshot!

The role you have there for Sarah_SC is actually inheriting the basic permissions from AllSessionGroups. In order to assign permissions to just one specific group, you would need to first remove the relevant permissions you want to assign to the regular groups out of AllSessionGroups, and when you go back, the fields will be available for individual groups.
ConnectWise Control (ScreenConnect) Support Team
M_Albert  
#5 Posted : Monday, February 20, 2017 6:39:21 PM(UTC)
M_Albert


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/20/2013(UTC)
Posts: 32
Location: Alaska

Thanks: 10 times
Was thanked: 1 time(s) in 1 post(s)
Right, I get that. And it is fairly clear that the Sarah session is inheriting permissions. But how do I change that? As you can see, there is nothing currently checked, for me to uncheck.
Michael L  
#6 Posted : Monday, February 20, 2017 8:02:50 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 64
Man
United States

Thanks: 4 times
Was thanked: 11 time(s) in 9 post(s)
When you edit her role, you need to click on AllSessionGroups at the top of the tree, and then uncheck the permissions that you would prefer to assign to the specific group underneath. Then, you can click to the specific group afterward and select the needed permissions:

UserPostedImage
ConnectWise Control (ScreenConnect) Support Team
M_Albert  
#7 Posted : Monday, February 20, 2017 11:01:38 PM(UTC)
M_Albert


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/20/2013(UTC)
Posts: 32
Location: Alaska

Thanks: 10 times
Was thanked: 1 time(s) in 1 post(s)
"...but it should be more intuitive and easier to use." LOL I am so confused...

I did what you suggested, but for the life of me I can't see how I'm supposed to grant her login, access to that one session.
M_Albert  
#8 Posted : Wednesday, February 22, 2017 12:09:18 AM(UTC)
M_Albert


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/20/2013(UTC)
Posts: 32
Location: Alaska

Thanks: 10 times
Was thanked: 1 time(s) in 1 post(s)
I think part of the problem could be, that looking at the documentation and your own screenshot, it looks like the upgrade has made ALL my sessions children of "All Sessions Group", rather than (in my case) "AAI". The parent/children in yours look totally different than mine. Could that be an issue?
Michael L  
#9 Posted : Wednesday, February 22, 2017 1:11:38 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 64
Man
United States

Thanks: 4 times
Was thanked: 11 time(s) in 9 post(s)
The AllSessionGroups line is the parent - if you have any permissions applied to that role for that specific group, then they will override the ability to assign permissions to any of the session types (Support, Meeting, Access) or individual groups within those types.
ConnectWise Control (ScreenConnect) Support Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.