Skip to main content
Skip table of contents

Group-based Authorisation - Active Directory and LDAP

Once your LDAP or Active Directory authentication service is up and running, any groups in the LDAP directory that match the criteria set by the various auth <service_name> group commands will be available as groups in SuperADMIN. Such a group can then be assigned permissions and those permissions will apply to all users in that group.

For example, to allow read access to the bank database for the group "Accounting" you would use a command like:

CODE
cat bank access "Accounting" read true

To list the LDAP groups that are available for use by SuperADMIN, use this command:

CODE
account groups

Users and groups are only visible in a SuperADMIN console session if they are from the same authentication service that was used to login to the console. This means that if you login as a local SuperADMIN user you will only be able to work with the locally created groups, not any LDAP groups.

To assign permissions to LDAP groups, you must log in to the console as an LDAP user, and this LDAP user must be in the LDAP group assigned for administration by the auth <service_name> adminGroup command described earlier.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.