Active Directory security

When specifying the access requirements on a page, Radzen lists the groups available in our AD. Our AD is pretty sizable with lots of OUs within OUs. From the page properties, in my network, it looks like Radzen is listing somewhere in the region of 170 pages of groups which appear to be listed in an unsorted order.

Is there any way to specify the OU within AD which Radzen will look in for the groups? Failing that can the list of groups be extended or enhanced to make finding the group required easier or make it possible to type in the group name?

As another thought, are there any plans for a hybrid security system such as having AD authenticate a user exists and password is correct and then the roles they have acccess to are configured and stored within the Radzen DB tables.

Hi @markb,

Is there any way to specify the OU within AD which Radzen will look in for the groups?

No, this is not supported.

Failing that can the list of groups be extended or enhanced to make finding the group required easier or make it possible to type in the group name?

The dropdown should filter the roles when you type them. Doesn't this work? In any case you can manually edit the json of the page and set the "access" field to the user group needed. It should be array of strings e.g. "access": ["UserGroup1", "UserGroup"]

As another thought, are there any plans for a hybrid security system

No, this isn't planned. Usually user permissions in AD are associated with users and groups.

It does allow input but, it doesn't seem to be picking up any groups that I type in...I wasn't sure if that was me doing something incorrectly or an issue resulting from the sheer number of groups that will exist in our AD. I've tried both global and domain local security groups without any success so far. I'll try just entering the group name in the json and see if that works or not.

I've had a play with this and it seems that:

  1. The list of roles returned on the page properties is incomplete (possibly only the first x groups found in the AD?) in that not all groups are shown - I've compared groups that are shown to those which are not and, other than the group name and members, there are no differences;
  2. I can enter a missing group into the json access list and the system works as expected and either allows access or directs to the unauthorised page. If I modify the json and then look in the page properties after doing this, the field is shown as blank;
  3. If I perform 2, the menu item for the page is still shown on the menu I have on my layout but, I can link the visible property to ${security.user.isInRole('<group name')} and all then works as expected.

We are using an open source library to retrieve the AD groups that Radzen displays. It probably fails to see all. We will investigate if there is something we can do about that.