Active directory

Microsoft's active directory provides a variety of directory-based identity-related services. Harmony Enterprise pulls information from active directory for Status Window messaging, role-based security, and group assignments.

Note:    Your database administrator (DBA) adds active-directory groups via the SQL Server Management Studio.

Important considerations

When DBAs set permissions, these items need to be considered:

  • Individual permissions supercede group permissions. For example, if you have permission to import data and the group you are assigned to does not, you are still able to import data.
  • Groups at the same level in the hierarchy, roll up / concatenate permissions. For example, if you belong to group ABC with import rights but no delete rights, and also belong to group 123 with delete rights, you have both import and delete rights.
  • By default, individuals in a group receive all the same permissions as those set at the group level.
  • If you remove all of the roles for an individual, they inherit the default roles. In order to have an individual inherit group permissions, you have to delete the user's login name.
Note:    At this time, we support active directory groups that contain individuals, not other active directory groups.