Patch My PC Ideas & Feedback
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize requests, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize requests, please see:
"N.B. There is currently no support for nested groups."
Please consider adding support for nested groups to the product. For environments that have strict/comprehensive security requirements, Role Based Access Control typically necessitates that users not be added directly to security groups in AD, rather, they are limited to a single security group (i.e., "t1-admins", "t2-admins", etc) that encompasses their "role" (or job function), and permissions are allocated to that.
In order to make this manageable at scale, permissions/roles/groups from applications like Advanced Insights would typically be mapped to a specific security group in AD, such as "advanced_insight_admins" or "advanced_insights_users", and "t1-admins" would be added to "advanced_insight_admins" and so on. Past the initial setup, this centralizes the control of roles being mapped to specific permissions within platforms/applications to Active Directory rather than having to log into every platform/application to add/remove/modify role mappings every time a new "role" is introduced into the environment who needs access to certain toolsets.
This should be easy to implement with memberOf:1.2.840.113556.1.4.1941 (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/4e638665-f466-4597-93c4-12f2ebfabab5)
