New to DA

Hi I've just started a new job and my first project is to get desktop authority up and running efficiently. We have a training session booked in next week but ideally id like to have my issues resolved before then.

Basically what I'm trying to do is set up USB rules for certain users, so far i've got it working in the sense that if i log on or my test user logs on we both get a different set of permissions. but if i try and add "everyone" and set their permissions as different from the other 2 it forces "everyones" permissions on myself and my test user overriding any other settings.

Also it only upgrades the agent on the PC's when I log on. Could that be due to the fact that the profile created is called "user-myloginname"? 

Thanks

Parents
  • Terry, you are running up against one of the tricky parts of DA validation logic - combining ANDs and ORs in rules. Since it doesn't allow traditional nesting of logic, it can be tricky to get it the way you want it.

    In a situation like this you can attack it a couple of different ways:
    You can create a group for users and a group for computers. Then the various rules can do things like: if user is member of group AND computer is member of group then use USB profile 1

    Alternatively you can nest the rules. Create a Profile at the User level that has part of the logic - such as "user is member of group" then anything inside of that will only be looked at if the outer validation logic is true (we use it to reduce the amount of logic happening at logins, i.e. "computer is in facility 1 so ignore the 200 rules for other facilities")

    So inside of that profile once you know that the element will only be looked at if the outer validation is true, then the inside validation such as different rules on different computers becomes much easier.

    I hope that helps, its kind of hard to explain in text-only!
Reply
  • Terry, you are running up against one of the tricky parts of DA validation logic - combining ANDs and ORs in rules. Since it doesn't allow traditional nesting of logic, it can be tricky to get it the way you want it.

    In a situation like this you can attack it a couple of different ways:
    You can create a group for users and a group for computers. Then the various rules can do things like: if user is member of group AND computer is member of group then use USB profile 1

    Alternatively you can nest the rules. Create a Profile at the User level that has part of the logic - such as "user is member of group" then anything inside of that will only be looked at if the outer validation logic is true (we use it to reduce the amount of logic happening at logins, i.e. "computer is in facility 1 so ignore the 200 rules for other facilities")

    So inside of that profile once you know that the element will only be looked at if the outer validation is true, then the inside validation such as different rules on different computers becomes much easier.

    I hope that helps, its kind of hard to explain in text-only!
Children
No Data