SUGGESTION: Multiple Group Assignment for Local Users

Home Forums General Suggestions SUGGESTION: Multiple Group Assignment for Local Users

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #30870
    smithrw
    Participant

    I am working on deploying Cerberus in our public facing DMZ. As a result, AD / LDAP is not available. We must use Cerberus Local Users and Groups. I can see no way in the current version of Cerberus to assign a user to multiple groups.

    I use groups as definitions for VDs that are consistent against a user base. This keeps the management of individual user VDs extremely simple. I need to be able to extend this as follow:

    User A has a dedicated directory assigned to him for his personal use, call it “Home”

    Group 1 has 2 VDs assigned that all members will get – “Folder 1A” and “Folder 1B”

    Group 2 has 1 VD assigned that all members get – “Folder 2A”

    When User A logs in he will see “Home”, “Folder 1A”, “Folder 1B”, and “Folder 2A”

    With a small group of users it’s not difficult to manage users directly. However, when you have departments that have upwards of 50-75 people or more, managing the VDs via Groups is infinitely easier.

    I’ve searched through the forums and it seems that as far back as 2010 this was being discussed as a possible enhancement but, to date, it doesn’t appear to be possible.

    If this is in development, is their an ETA? If it’s not, it should be fast tracked. This is an extremely useful functionality.

    #37659
    pacman
    Participant

    Yes, it’s still not possible to assign a local user to multiple groups.

    It is something that is in the development pipeline. We don’t have an ETA at this time.

    I do agree it would be a helpful feature to have. I will make sure the correct teams see this thread.

    #37660
    Steve.H
    Participant

    We are in the same boat as smithrw.

    We have been able to work around the limitation so far with occasionally granting additional VDs directly to individual users, but that is becoming more cumbersome as our user base continues to find new opportunities to use the site.

    Steve

    #37661
    smithrw
    Participant

    That’s the exact workaround I have to use, Steve. Is there any update from Cerberus as to a product / feature request roadmap?

    #37662
    Steve.H
    Participant

    I haven’t seen anything in the release notes for 9.x.x 😥

    #37663
    imported_Serin
    Participant

    Hello Steve,

    We haven’t added support for multiple groups for native users yet.

    There are a few reasons we’ve been hesitant, and we’ve detailed those in other posts.

    The basic issue is group priority. If we have multiple groups, we can’t differentiate which settings are applied to a user unless we do one of two things:

    1. Create a group priority system of some sort. This would allow multiple groups and a way to determine which group’s IP restrictions, SSH authentication, protocol restrictions, ect, take precedence. We really don’t want to do this as it severely complicates things.

    2. Create a new class of groups (i.e., secondary groups, or directory-only groups) that only transfer virtual directories to a user, and have some sort of rule in place to de-conflict cases where there are virtual directories in different groups with the same name (which could map to the same underlying location or not, and have different permissions).

    The second option is what we’ve been thinking about doing. We’ve received many requests for multiple group membership for native users, and it seems directory access is the only thing customers are interested in.

    I’ll get back to you later this month about the status of groups in 9.0. I’m considering prioritizing it for inclusion this year.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart