+25
Pending Review

Exclusion Permissions

Andrew.H 3 years ago updated by RyanG 12 months ago 10 3 duplicates

It would be nice to be able to have "Deny" based permissions so that we can exclude some users from being able to access certain sites. Right now, the only way to do this is to create an inclusive permission set of all the sites less the one(s) you don't want these users to have access to. This can be time consuming when you have over 50 sites and each site has a dozen permssions

Available in Version:

Duplicates 3

I feel like it should just be host all without consent and then only on the ones you want to have to allow consent get added...

I agree Seth. Right now the expectations are ridiculous, having to globally remove a setting, then having to put back in "without consent" rules for each and every grouping, which for me is 50+ per user.

This feature would be very helpful.

Technically you can do this now, I wish they would add it to the GUI but to fulfill your need in the short term as I had to do you can read how to achieve it here. (On prem only sadly) http://forum.screenconnect.com/yaf_postst3823_Prevent-a-user-from-accessing-a-specific-Session-Group.aspx

Pending Review
Pending Review

Would be usefull, I agree.

Having something in place which would allow us to more easily specify prompt for consent would be nice.

Right now we can do some stuff through our LT integration on a per client basis that forces us to get consent from the customer before we can remote in however if we do it directly through the SC web portal we can pop right in,

Having something in place that more easily allows us to have control over prompt for consent such as settings that allow us to apply the flag based on the organization field on whether for "Workstation" type operating systems prompt for consent but for "Server" Type operating systems we may be able to allow unattended access. Or have it to where regardless of what type of access we want it all requires consent.

Right now regardless of how you do it there isn't really an easy way of having it so it prompts users for consent whether we do it through SC or LT, and to do it in SC from what I gather it would mess up all my session groups to do it....

I'm open to additional feedback but right now we've had clients that absolutely require this for compliance purposes and it is NOT easy at all to set this up without putting something in place that I would consider to be a "Workaround" or "Bandaid"




Unfortunately, right now the only way to do this would be to utilize session groups, but I see you say it would mess up your session groups. How are you currently sorting your sessions? If it is entire clients that need consent, wouldn't sorting session groups by client make the most sense so you could turn the feature on/off per client. In addition, if there is the need to have unattended access, you can set it to automatically consent after xx seconds (for maintenance windows, etc.) or IIRC it can auto-consent when no user is logged in.


There is definitely MASSIVE improvement that can be made in the permissions area in ScreenConnect, but you can definitely get it to perform as expected with a bit more up-front work than would be necessary if the setting options were what they could be.