Support

Bug Fix: Permissions not updated promptly for Dynamic Logins when Active Directory group membership changes

Article ID: CR00007208
Last Updated: July 26, 2016

Applies To

adTempus 4 Fix available in release(s): Hotfix 4.3.0001.16207 (July 25, 2016), 4.4.0 (October 27, 2016)

Description

When a user has been authenticated to adTempus using a dynamic login (based on Active Directory group membership), permissions assigned to the user may be cached until the next time the adTempus service is restarted. Therefore if the user's group membership changes, the user's permissions in the Console may not reflect that change until the next restart.

For example, user Rachel is a member of an Active Directory group that has been given permission to execute jobs in adTempus. She logs in to adTempus and is able to run jobs. She is subsequently removed from that Active Directory group, but when she logs in to adTempus she is still able to run jobs even though she should not be permitted. After the adTempus service is restarted, her permissions are correctly updated.

This problem was corrected so that cached permissions are discarded and the user's permissions are always recalculated each time she logs in to adTempus.

Note: Group membership changes won't be reflected until the user restarts the adTempus Console, as the permission assignment only happens when the user logs in. Also, it may be necessary for the user to log out of Windows for the user's login session to be updated with the group membership change.

Availability

This article describes an enhancement or bug fix included in the specified release(s). See the software download page to download the latest public release. For items included in a hotfix, see the hotfix download page.