Revoked Permissions
I was able to reproduce this behavior with another similar group, but I am uncertain how these are different than other groups. The only attributes I've been able to narrow it down to is that these groups are both universal security groups. I haven't had the issue yet with any global security groups. However, there are other universal security groups that can be added without producing this issue.
Any ideas?
-
I hope this explanation of the allow/deny settings helps you to figure it out.
Although it seems that you have a binary choice of allow or deny, it is in fact a tri-state option. The options are allow, deny, or nothing is selected.
When a user is a member of a group that is denied a permission, then that permission is denied to the user even if there are separate permissions just for this user that explicitly allow the action.
When a group allows the action, but the member denies it, then that action is denied just for that user from the group.
When both the group and the user have nothing selected for the action then the action is in effect denied.
When either the group or the user, or both, explicitly allow the action, with no deny permission set in either the user or group, then the action will be allowed.
Therefore for groups, only specify a deny permission when you explicitly wish to do so leaving all other action options to allowed or blank as required.
Check the effective permissions of the user/group by right clicking it in the list and selecting the “Effective Permissions” option.0 -
HDP
★ BarTender Hero ★
In this situation, what would be the way out? If the local users are denied of the permissions but the Administrator has the Allow actions. In that case, will the Administrator be able to access or not?
0 -
Hetal: As stated previously, only explicitly deny an action for a group of users if you do not wish to override and allow for just specific users in that group. In such a case you'd leave both check boxes blank which implicitly denies the action unless explicitly allowed for particular users. Right click a user and select the "Effective Permissions" item if you want to know what the end result permission the particular user or group has based on the variety of security settings specified.
0 -
HDP
★ BarTender Hero ★
Thank you Ian for a quick response. But, just wanted to know if there could be a work around to reset the permissions or at least the Admin Console be opened by a default user in such situation.
0 -
Hetal: The security setting when stored as a file are kept in the hidden Windows folder of "C:\ProgramData\Seagull Security\" in a "SecuritySettings.xml" file. You will need to be the local Windows admin permission to access this folder. To reset the security you could rename the existing file to have a .old extension, and create a new XML file of the "SecuritySettings.xml" name, that contains defaulted security settings. Below I paste the content of a file I've used in the past for BT2016, hopefully it will work just fine for later versions. If not just revert the files back and call technical support for assistance.
<?xml version="1.0" encoding="utf-8"?>
<Security Enabled="True" Version="11.0">
<SecurityStorage Method="Local" ErrorHandling="Cache" />
<SecurityOptions AllowLoginOverride="True" />
<Applications>
<Application ID="" Name="1" FriendlyName="ActivationWizard" />
<Application ID="" Name="2" FriendlyName="BarTender" />
<Application ID="" Name="3" FriendlyName="IntegrationBuilder" />
<Application ID="" Name="4" FriendlyName="HistoryExplorer" />
<Application ID="" Name="5" FriendlyName="LicenseServer" />
<Application ID="" Name="6" FriendlyName="PrinterMaestro" />
<Application ID="" Name="7" FriendlyName="ReprintConsole" />
<Application ID="" Name="8" FriendlyName="SystemDatabaseSetup" />
<Application ID="" Name="9" FriendlyName="BatchMaker" />
<Application ID="" Name="10" FriendlyName="Librarian" />
<Application ID="" Name="11" FriendlyName="Librarian_FileStates" />
<Application ID="" Name="12" FriendlyName="PrintStation" />
<Application ID="" Name="13" FriendlyName="BarTenderPrintPortal" />
<Application ID="" Name="14" FriendlyName="AdminConsole" />
</Applications>
<UserRights>
<Group Name="Everyone" SID="S-1-1-0" Domain="" Caption="">
<ApplicationRights Application="1" Allow="00000003" Deny="00000000" />
<ApplicationRights Application="2" Allow="00007FFF" Deny="00000000" />
<ApplicationRights Application="3" Allow="0000001F" Deny="00000000" />
<ApplicationRights Application="4" Allow="0000000F" Deny="00000000" />
<ApplicationRights Application="5" Allow="00000003" Deny="00000000" />
<ApplicationRights Application="6" Allow="0000003F" Deny="00000000" />
<ApplicationRights Application="7" Allow="0000000F" Deny="00000000" />
<ApplicationRights Application="8" Allow="00000003" Deny="00000000" />
<ApplicationRights Application="9" Allow="00000003" Deny="00000000" />
<ApplicationRights Application="10" Allow="0000003F" Deny="00000000" />
<ApplicationRights Application="11" Allow="FFFFFFFF" Deny="00000000" />
<ApplicationRights Application="12" Allow="00000007" Deny="00000000" />
<ApplicationRights Application="13" Allow="00000003" Deny="00000000" />
<ApplicationRights Application="14" Allow="0000001F" Deny="00000000" />
</Group>
</UserRights>
<Logging>
<ApplicationLogging Application="1" Actions="00000000" />
<ApplicationLogging Application="2" Actions="00000000" />
<ApplicationLogging Application="3" Actions="00000000" />
<ApplicationLogging Application="4" Actions="00000000" />
<ApplicationLogging Application="5" Actions="00000000" />
<ApplicationLogging Application="6" Actions="00000000" />
<ApplicationLogging Application="7" Actions="00000000" />
<ApplicationLogging Application="8" Actions="00000000" />
<ApplicationLogging Application="9" Actions="00000000" />
<ApplicationLogging Application="10" Actions="00000000" />
<ApplicationLogging Application="11" Actions="00000000" />
<ApplicationLogging Application="12" Actions="00000000" />
<ApplicationLogging Application="13" Actions="00000000" />
<ApplicationLogging Application="14" Actions="00000000" />
</Logging>
<ElectronicSignatures>
<ApplicationSignature Application="1" Actions="00000000" />
<ApplicationSignature Application="2" Actions="00000000" />
<ApplicationSignature Application="3" Actions="00000000" />
<ApplicationSignature Application="4" Actions="00000000" />
<ApplicationSignature Application="5" Actions="00000000" />
<ApplicationSignature Application="6" Actions="00000000" />
<ApplicationSignature Application="7" Actions="00000000" />
<ApplicationSignature Application="8" Actions="00000000" />
<ApplicationSignature Application="9" Actions="00000000" />
<ApplicationSignature Application="10" Actions="00000000" />
<ApplicationSignature Application="11" Actions="00000000" />
<ApplicationSignature Application="12" Actions="00000000" />
<ApplicationSignature Application="13" Actions="00000000" />
<ApplicationSignature Application="14" Actions="00000000" />
</ElectronicSignatures>
<Encryption EncryptWhenSaving="False" />
</Security>0 -
HDP
★ BarTender Hero ★
Thank you so much Ian. This worked.
0
Iniciar sesión para dejar un comentario.
Comentarios
6 comentarios