User Permission Sets need to be apply-able with exceptions

[UncleDavey 0]

We need a way (that doesn't require manual intervention) to give Users Permissions to All Static Groups EXCEPT Groups A, B , C.

We have certain clients that require Certifications to work on their networks.  We need a way to allow the bulk of our engineers to access all clients EXCEPT these "certified clients".  The easiest way to me would seem to be allow permissions to be applied to a Dynamic Group with a definition of Client <> A OR B OR C.  Alternatively one would provide the ability to Apply the Permissions to ALL Static Groups EXCEPT A AND B AND C.

 

It would seem to me I'm not the first to request this.

[Marcos 5,074]

I would create 2 static groups under the All group, and put other static groups under them, e.g.
All --
     |--- Special group
     |    |---- A
     |    |---- B
     |    |---- C
     |--- Others
           |---- D
           |---- E

For the engineers with a special config for A.B and C group I'd set the "Special group" static group as the home group. For the other users I'd keep the All static group as the home group.

[UncleDavey 0]

Marcos,

Thanks for the reply.  Yes, that is what I will have to do.  But...  Our current setup is that all Clients are in the Static MSP group.  So I will create the Special Group outside that and limit access that way.

 

Still like the idea of exceptions (for flexibility).

 

Thank you!

David Radunsky