Help

Unable to enable Casper Admin access for site users

powellbc
Contributor II

Posted on ‎10-15-2013 08:10 AM

Using guidance received during the beta, I am following this technique to try to grant Casper Admin access to site users:

Add User X to Group A and assign site access to group A
Add User X or Group A to Group B and assign Full Access to Group B for Casper Admin only

I can verify through the LDAP test page that User X shows up in Group B. When I log in with user X in either scenario, it says insufficient privileges. Has anyone gotten this to work?

0 Kudos
Reply
2 REPLIES 2

leegalan
New Contributor III

Posted on ‎10-30-2013 09:20 AM

Even if it did work, I would prefer if there was a way you could allow Site Admins access to create their own configurations just like they can create their own profiles. Using groups is too complicated.

0 Kudos
Reply

matt4836
Contributor II

Posted on ‎03-18-2015 04:11 PM

I can confirm this is the method. However in 9.65 there is a defect about creating Standard Groups. You can not add any members to them. The work around is to use LDAP groups.

You can ONLY concatenate permissions with groups. Having an LDAP user and LDAP group does NOT work.

Create a group: LDAP_Casper_Admin_Access
Site Access: Full Access
Permissions: Custom
Casper Admin > All
If you need enable Disk Encryption Settings in the JSS Objects tab.

Create another group: LDAP_Casper_SITENAME_Acess
Site Access: Site in questions
Permissions: Administrator

If the user is in both groups, when they log into the JSS they will see the site drop down next to users in the top navigation bar. When in "Full JSS" They will be able to go to Computer Management and use the Packages, Scripts and other functions. They can also use Casper Admin. They will only have access to the Computers, policies and other objects assigned to that site.

0 Kudos
Reply