Thycotic Community - Secret Server - Nested Groups

Thycotic Community - Secret Server - Nested Groups - Messages http://www.thycotic.com/forums/messages.aspx?TopicID=247 Thycotic Community - Secret Server - Nested Groups - Messages en-us http://blogs.law.harvard.edu/tech/rss Jitbit AspNetForum Tue, 09 Feb 2010 05:13:06 GMT Tue, 09 Feb 2010 05:13:06 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Jeremy A
We have multiple AD Group Admins, who, by policy, are not administrators in Secret Server. If I used the group nesting for this purpose, then it would be possible for a security group administrator to give themselves elevated access in Secret Server by modifying their group membership.

Our only AD syncing is done by a single group which gives a user the ability to log into Secret Server. All rights and membership in Secret Server is contained in the application]]> Tue, 09 Feb 2010 05:13:06 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Jonathan ]]> Thu, 04 Feb 2010 12:28:39 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Larry
Is anything like ADSync available for the hosted solution?

thanks,

Larry]]> Thu, 04 Feb 2010 12:16:02 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Jonathan
One workaround at present is to use the AD Sync. You can then nest and manage your groups in AD and Secret Server will simply pull the groups in from AD. Note that Secret Server will flatten the membership from AD - for example:

AD Group1 => John, Steve
AD Group2 => Group1, Fred

If you sync both groups to Secret Server then:

SS AD Group1 => John, Steve
SS AD Group2 => John, Steve, Fred

You can then assign these groups to roles and just do nesting in AD.

Hope that makes sense.

Thanks for the feedback!

:-D ]]> Thu, 04 Feb 2010 11:55:55 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Scott
I will add this to our list of feature requests.

best,
Scott
Thycotic Support]]> Thu, 04 Feb 2010 09:00:34 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=247 Message from Jeremy A
We've got a large user base with varying degrees of access, and it would make managing role memberships a lot easier with this ability]]> Thu, 04 Feb 2010 04:44:46 GMT