Login

Achim.Z. · 11-12-2018, 12:29 PM

Hello

I have transferred from ASG2015 to ASG2018 and I am still having a problem to create the security settings.

I have two Active Directory groups:
A1SRV_WDBSQL23.visionapp.adm
Members of these groups should be able to see the LOGs

A1SRV_WDBSQL23.visionapp.usr
Members of these groups are not allowed to see the LOGs

So I added the A1SRV_WDBSQL23.visionapp.adm group to the Administrators in VisionApp (Tools -> Security Groups -> Administrators "add")
This works fine and members of the group can login the app and use it.

I created a new security group in VisionApp called "Users - all" and added the AD group A1SRV_WDBSQL23.visionapp.usr to it.
These users can login VisionApp but the connection list is empty.

I tried to reset the security in VisionApp on e.g the Connections (Multi-Edit - Folder - Security) but changes there where not saved.

I am a little bit confused ... Sad

Did I miss some Settings in SQL?

Regards
Achim

Michael Scholz · 11-12-2018, 04:32 PM

Hi Achim,
To be able to use the security -settings and -groups you have to enable the "user permissions" globally in the Settings ( Tools-Settings-Permissions ). Only after doing this usergroups could be created.
If you define a usergroup you can very fine tune the options for that group by clicking on the "Details" button after choosing the desired group in "Tools"-"Security Groups". If you want the users to generally see the root-Connection-objects you have to enable that in the settings if ASG-RD also ( Tools-Settings-Permissions ) and what you also need to do is rightclick on the connection tree on the left side and configure the root folder or specific connection-folder with "security" settings: just add the security group there also ! That should be it.
Hope that helps,
best regards,
Michael

[Image: attachment.php?aid=3603]

Achim.Z.

Hello Michael;

thanks for answer.

In our case this does not solve the challenge, as we use SmartCard for local authentication and we use Passthrough we have empty

The user "zorach" is logged on his workstation with SmartCard Authentication, than it looks like this:
(passthrough can not be disabled in this way!)

Achim.Z. · 12-12-2018, 09:29 AM

with smartcard and passthrough
2018_12_12_08_11_15_asg2018_ASG_RemoteDesktop_2018.png

If the user logs on a machine without SmartCard, it is possible to login with username/password and than the menue looks like this:
2018_12_12_08_18_14_a1wdbsql23_Remote_Desktop_Connection.png

In this case there is no way to change the settings of a Credential folder

How can we solve this problems?
Any suggestions?

Best Regards
Achim

Achim.Z. · 12-12-2018, 09:38 AM

also a manipulation of the settings of the credential folders is not possible:

DevOma · 12-12-2018, 09:53 AM

Can you post a screen of the "Security Groups" dialog - do you have a AD group, OU or user directly assigned to a Security Group? If you use a group did you try to assign the user directly?

Achim.Z. · 12-12-2018, 10:49 AM

Hi;

like i wrote in Post 1:
I have two Active Directory groups:

A1SRV_WDBSQL23.visionapp.adm
Members of these groups should be able to see the LOGs

A1SRV_WDBSQL23.visionapp.usr
Members of these groups are not allowed to see the LOGs

So I added the A1SRV_WDBSQL23.visionapp.adm group to the Administrators in VisionApp (Tools -> Security Groups -> Administrators "add")
This works fine and members of the group can login the app and use it.

I created a new security group in VisionApp called "Users - all" and added the AD group A1SRV_WDBSQL23.visionapp.usr to it.
These users can login VisionApp but the connection list is empty.

No, I did not add a user directly in VisionApp into one of these VisionApp-groups.

Regards
Achim

DevOma · 12-12-2018, 10:52 AM

Do you have assigned at least the "READ" permission to the Root-object (Connections) for your new security group and then use Inherited Permissions for all sub objects? Then users of the ALL group should see the connections

Achim.Z. · 12-12-2018, 12:41 PM

(12-12-2018, 10:52 AM)DevOma Wrote: Do you have assigned at least the "READ" permission to the Root-object (Connections) for your new security group and then use Inherited Permissions for all sub objects? Then users of the ALL group should see the connections

Hi Oliver;
attached you find the settings for the group:
2018_12_12_11_34_45_Portable_ASG_RemoteDesktop_2018.png

it looks like, this problems only pops up, if you use a portable visionapp.

1. I have installed VisionApp on my computer
2. running VisionApp works
3. the connection menu is available
4. created a "portable version"
5. start the portable version -> ASG works as it should
6. copy the portable version to a virtual machine where no ASG was installed
7. starting ASG on the virtual machine works
8. login is ok (same account like the one used to create the portable app)
9. connection menue is empty

Regards
Achim

Achim.Z. · 12-12-2018, 12:54 PM

attached a screenshot with the view

the red lines show the differences

red arrow:
the main frame is ASG-Portable started on a machine where also ASG is installed

green arrow:
a copy from the ASG-Portable on a virtual machine without ASG-installed

orange arrow:
not available menues

on both machines i have been logged on with the same windows account and started ASG-Portable the same way

regards
Achim

DevOma · 12-12-2018, 01:02 PM

We will check that...

Achim.Z. · 12-12-2018, 03:10 PM

If you need further information, feel free to contact me

regards
Achim

DevOma · 13-12-2018, 12:08 PM

Did you use ASGRD with a database or a local file when you creating the portable version? If you use a database you need also access for the database on your client where you copy the portable version to - I checked this and it worked - I will also check a local file environent with a portable version

DevOma · 13-12-2018, 12:12 PM

File version is also working without any issues

Do you really use the same Windows Account on both machines?

Achim.Z. · 13-12-2018, 02:04 PM

Hi Oliver;

yes, we only have database version with an W2016 Server and SQL2017

Achim.Z. · 13-12-2018, 02:20 PM

(13-12-2018, 12:12 PM)DevOma Wrote: File version is also working without any issues

Do you really use the same Windows Account on both machines?

Hi;

yes, the only difference is, that on the machine on which it is working, I have authentication with a SmartCard and on the other not.

As we have a Active Directory Forrest, we have a structure like:

AD
1 Top Level Domain TLD
3 Sub Level Domains SLD

Server (blue) is member of one of the SLD
in these SLDs there are OUs which contains the user account

DN of the account
CN=Zor**** Ach****,OU=users,OU=A1,OU=sites,DC=xxxx,DC=****,DC=com

User Principal name
zorach@****.com --- not zorach@xxxx.****.com

sAMAccountname
zorach

Logon name (pre Win2000)
SLD\zorach

DevOma · 13-12-2018, 02:26 PM

You can see the name of the user at the bottom line of ASGRD (if not hidden) - it must be the same for both - else the user will get a new UserID - I guess that's the issue

Login
Username:
Password:	Lost Password?
	Remember me