-
Title
Error: "Permission assignment and Duplication has been disabled" on a group. -
Description
On the Details tab of a Group you receive the warning "Permission assignment and Duplication has been disabled for this group because it has at least one user assigned to it with a User Type which does not allow Permission assignment (Sys Admin, User Administrator, Auditor, Cache User)." on the "Details" tab. The permissions tab is greyed out, and the users in the group have lost their permissions within TPAM.
When trying to assign permissions to a LDAP Directory Mapping group, you receive the warning "Group has become non-Permissionable due to newly added Auditor or User Administrator users."
-
Cause
When the AD Group contains non-permissionable users the "Permissions" tab becomes unaccessible this is by design. -
Resolution
Verify that the users are all of type "Basic" or "Administrator" by viewing the "User" button for the affected TPAM Group. Any users that are non-permissionable user types (Sys Admin, User Administrator, Auditor, Cache User) must be changed.
NOTE: In 2.5.913 and below changing all users may not have an immediate affect. Once all of the users are of the correct type, the LDAP Mapping must be forced to update with changes.
Either add or remove a user to the Active Directory group and then wait for the next scheduled run ("Automatically Update" on the Source tab of the LDAP Directory Mapping); or alternatively an update may be forced immediately by deleting and recreating the LDAP Directory Mapping. -
Change Request
5843 -
Additional Information
BFER 5843 : Fixed problem where if an active directory group contained a user that does not allow permission assignment (Sys Admin, User Admin, Auditor, and Cache User) once that user was removed from the group, the message would still appear saying that permission assignment for that group was still disabled.