Some way (Report?) to view what resources a user has access to, especially AD Users
CompletedWe have a hefty mix of AD and native Cerberus users on our server. For the AD users, although we only have a single domain, we have abour 6 domains defined in Cerberus to allow users from different AD groups to authenticate to the system. Unfortunately, many of these users are members of more than one AD group that is defined with domain authentication and due to the way that Cerberus prioritizes AD domain authentication, it can quickly become confusing and potentially insecure. Throw into that the Custom and Group mappings and it can become very, very confusing to understand.
We would like to have some tool in the product that, based on domain prioritization, does an "analysis" for a user to show what they have access to without having to comb through and figure out what AD group they are authenticating through and what Cerberus groups they are members of and what custom mappings they may have, etc,etc. There has been some recent feature additions that address this partially but it is at the domain level. It would be great to have a report that delivered a comprehensive report for the user showing what access they may have for each domain definition sorted by domain authentication priority.
I hope this makes some sense. It is a difficult request to articulate.
Thanks!
-
Official comment
Hi William,
We've enhanced the Account Report in the newly released 12.2 to include AD and LDAP users. I believe the reporting feature works just as you have requested. We would love you hear your feedback when you have time.
Please note that the new Report can take a while to run for domain configurations with many users.
-
Hi William,
Thank you for the request and the detailed explanation of what you are looking for and how it will help. We're actually working on this now, and have a prototype we're already testing privately. We'll reach out once we get closer to release.
0
Please sign in to leave a comment.
Comments
2 comments