A user asked how to set permissions for first-level support to logoff user sessions – the recommendation is to keep everything as "Not Set" and set specific permissions to "Allow". For more information, there is an article on creating a read-only permission set at https://support.controlup.com/v1/docs/security-policy-view-only-role.
Read the entire ‘Setting Permissions for Logoff User Sessions’ thread below:
HI, i wanted to give our fist level support only the permissions to logoff User sessions. Do i have to create an ad group and denying all other settings, and maybe an gpo to hide all other tabs or what recommended way to implement this?
No, if you don’t have an allow you are not allowed.
Just keep everything Not Set.
BTW, a Deny is a HARD DENY. Use them sparingly. If your a member of 2 roles and one of them has a deny your also denied.
So a DENY on a help desk role for example will trump your allow for ControlUp Admins if your a member of both roles due to domain group memberships.
cool thanks, i will do some tests
@member there is an article here about how to set up a read only permission set and if you just want to allow permission for logoff, just make sure you set them as allow for that specific permission:
https://support.controlup.com/v1/docs/security-policy-view-only-role
Continue reading and comment on the thread ‘How to configure ControlUp to allow fist level support only the permissions to logoff User sessions’. Not a member? Join Here!
Categories: All Archives, ControlUp for VDI