We use Active Directory integration. One group who all share the same AD role have the PRTG admins in it, but also a large number of other users. I have not been able to find a way to make sure the Admin users still have Admin rights while the other users only have Read -Only.
If a create a second AD integration group with Read Only, the users get that as the Primary group, but are still members of the secondary admin group and have access to the Admin functions.
Is there a way to divide the rights in a group who are in the Same AD group?
Article Comments
I tried this with a user who had never been in the system.
In AD, they are in a SAP group (R123456 for example)
I am trying to have 2 groups in PRTG linked to this SAP group. One with Admin rights, One without Admin rights.
When the user logged in, PRTG correctly added them to the group with No admin as it was the highest in the group list, but as the user is a member of the SAP group, he also inherited the Admin group. Trying to limit the number of admin users without redoing our AD roles.
Oct, 2021 - Permalink
Unfortunately, PRTG pulls all the user group information from the AD, so that if a user a member of multiple groups, and these groups are set up in PRTG, he will be a member of all groups.
The only workaround is to create PRTG only AD groups, and have one for the admin users and one for the Read Only users, and set those up in PRTG.
Kind regards,
Sasa Ignjatovic, Tech Support Team
Oct, 2021 - Permalink
Do I understand you correctly that the User is a member of both AD groups in PRTG? Does this also happen for new AD users that log in for the first time, or when you recreate a user?
Kind regards,
Sasa Ignjatovic, Tech Support Team
Oct, 2021 - Permalink