I may be misunderstanding the capabilities of OpenVPN here, but since I purchased a 10 user license for testing, I need some clarification on what you can and cannot do, because Group Access does not appear to work in the way the menu suggests it does. I have a working solution in that user access controls work fine, and to some extent, Group Access permissions work, if a user is assigned to a specific (default) group. However, if I have three users that need access to three different groups (user1, user2 and user2 and Group1, Group2 and Group3), that's fine, but what happens when user1 needs access to Group1 and Group3? The crux of the problem here is that the option in the Group Configuration page on the WEB UI that states:
Allow Access To Groups:
Does not seem to do anything, selecting multiple groups and saving does nothing to allow access to those groups/networks.
Also the Allow Access to Users does nothing either, you can't actually enter anything in that field or select a user from a list (most likely because I'm using LDAP and not local users, although the documentation makes no distinction - it isn't even mentioned).
before I go out an purchase 150 licenses, I think I may need to reevaluate this as a solution, since at the moment this isn't going to work for us, specifically because of the large number of resources to which we need to control access both internally and in AWS. Does anyone have any answers to these questions (is it possible) or am I just not understanding what the UI is presenting?
Robert.
Multiple Groups assigned to user not working.
-
rjbirkett
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 20, 2019 5:55 pm
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Multiple Groups assigned to user not working.
Allow access to groups means you can access users within that group. It does not mean the user inherits access rules from those groups.
A user can be assigned to only one group.
And official support is available at https://openvpn.net/support
A user can be assigned to only one group.
And official support is available at https://openvpn.net/support
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
rjbirkett
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 20, 2019 5:55 pm
Re: Multiple Groups assigned to user not working.
Thanks for the quick response. Is there any way to do this without using groups, some other filtering method based on user? That's a serious limitation when you have 250 users and hundreds of resources to limit access to based on developer groups, support services, database groups etc. i suspect I will need to look for an alternative solution, it would be too much administrative overhead to manage without this capability.
RJB
RJB
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Multiple Groups assigned to user not working.
You can give each individual user access to specific resources.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.