Help

Provide access to Self Service application using LDAP Group membership

CapU
Contributor III

Posted on ‎04-11-2017 12:56 PM

Hi folks

I am attempting to provide access to an application published in Self Service. I would like to allow or deny access depending on LDAP membership. Using the Casper Suite as an example, I want to block all students access to installing it and grant all users of IT-All permission to install.
Do I have to add every user to JSS User Accounts & Groups before I can adjust the permissions for Self Service?
I was able to add a test group as an exclusion but it seemed all or nothing468c2e933cf84d6bbe279d85a68acbb0

0 Kudos
3 REPLIES 3

isaacnelson
Contributor

Posted on ‎04-11-2017 02:43 PM

No, you don't have to add every user to the JSS. If you have it set to "Specific Computers" and "Specific Users" and add your IT-All group as a target for this policy it will only be available to users in that AD group (they'll have to log in to Self Service in order to see it).

How you have it right now would make the policy available to everybody except the IM-R-STU-All group. I suppose if you only have the two groups, that would work too. It would be cleaner to specifically the IT-All group, though.

0 Kudos

CapU
Contributor III

Posted on ‎04-12-2017 11:10 AM

If I don't add the LDAP group to the JSS this is what I see:
21c251670b474381a6b4ca4732ba8d3b

0 Kudos

isaacnelson
Contributor

Posted on ‎04-14-2017 11:03 AM

@CapU, sorry for the late response. Turns out I was wrong in my described method for making a policy available to only a certain AD group. What actually works for me is to target all users and all computers, then go to the Limitations tab and adding the AD group there. Does that look like it will work for you?