Posted on 04-11-2017 12:56 PM
I am attempting to provide access to an application published in Self Service. I would like to allow or deny access depending on LDAP membership. Using the Casper Suite as an example, I want to block all students access to installing it and grant all users of IT-All permission to install.
Do I have to add every user to JSS User Accounts & Groups before I can adjust the permissions for Self Service?
I was able to add a test group as an exclusion but it seemed all or nothing
Posted on 04-11-2017 02:43 PM
No, you don't have to add every user to the JSS. If you have it set to "Specific Computers" and "Specific Users" and add your IT-All group as a target for this policy it will only be available to users in that AD group (they'll have to log in to Self Service in order to see it).
How you have it right now would make the policy available to everybody except the IM-R-STU-All group. I suppose if you only have the two groups, that would work too. It would be cleaner to specifically the IT-All group, though.
Posted on 04-12-2017 11:10 AM
If I don't add the LDAP group to the JSS this is what I see:
Posted on 04-14-2017 11:03 AM
@CapU, sorry for the late response. Turns out I was wrong in my described method for making a policy available to only a certain AD group. What actually works for me is to target all users and all computers, then go to the Limitations tab and adding the AD group there. Does that look like it will work for you?