Hi all! I am unable to google a definitive answer to this question, hope someone here can tell me. No lab and I do not have access to the AD to test in prod. env.
User A is member of two Active Directory groups, X & Y. On a particular object in vCenter, group X has the role Administrator and group Y has the role read-only.
What will the effective permission for user A be? Does most restrictive or most permissive win?
Thanks
The below link should answer your question.
Although its for version 6.0 I am not expecting 6.5 to be any different
Thanks but that article does not answer my question. Same user in 2 groups with 2 different roles on same object. It only deals with user vs. group precedence and object inheritance as far as I understand it.
Picture this setup.
User A is a member of both Active Directory groups X & Y.
On 'VM's and Templates', X group has administrator role and Y read only role
Does user A get read only according to group Y role or administrator according to group X role on the 'VM's and Templates' object?
User "A" will get Administrator role.
Regards
Lokesh
So, most permissive wins. Thanks!