logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
bourne  
#1 Posted : Thursday, December 3, 2015 10:04:34 PM(UTC)
bourne


Rank: Newbie

Joined: 11/12/2014(UTC)
Posts: 7
Canada

Hi,

I have been working with ScreenConnect for a little while now and we are at the point where we are starting to expand it's usage and allow more and more people to use the product.

Because of this I wanted to re-evaluate the security roles/session group/AD group structure.

I can think of a few different ways to manage the security:

  • You have a few AD groups
  • Each group gets a role inside ScreenConnect security and all access to session groups are controlled through the single role.
  • You will have to create additional AD groups to get more fine grain privilege management.
  • This results in the permission table per security role inside ScreenConnect looking very large and complicated.

  • You can create a lot of AD groups.
  • A group for meetings, a group for on the fly support, a group for each session group, etc.
  • You then create the individual security roles inside ScreenConnect.
  • Each security role would only have a few session groups associated to them, depending upon your requirements.
  • This results in the security table per security role looking a little more lean, but you could end up with a lot depending on your requirements.

  • You can try and maintain a mixed approach based upon what you need to accomplish.


I guess I am curious about what other people are doing?
Are there performance considerations with the security? Like having to many roles could result in a slowdown of displaying the session groups?

Sorry if my questions isn't exactly clear. I just want to make sure I am managing the security as efficiently as I can.

Any feedback would be appreciated!

Cheers

rmmccann  
#2 Posted : Thursday, December 17, 2015 4:51:19 PM(UTC)
rmmccann


Rank: Advanced Member

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 12/16/2012(UTC)
Posts: 184
Location: MN, USA

Thanks: 17 times
Was thanked: 21 time(s) in 18 post(s)
I guess if I were doing this, I would do a combination:

Create as many AD groups as I need. Since users can be members of more than one group, it'll be pretty easy to add/remove access on a per-user basis.

Within SC, I would create a role for each AD group. This was I can control what each group has access to. If a user needs more permissions, add them to another AD group.

Essentially, once set up I'd almost never have to play around with the SC security configuration and could do most of my management within AD.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.