2

Is it possible to get group hierarchy in AD? It's for managing permissions to a web app from there.

I need to do this:

  • Users
    • Product
      • Admin
        • Task
          • Subtask1
          • Subtask2
          • Subtask3
        • Task 2

So if you are member of Admin you get reference to Task and Task 2 and its children. I think that AD doesn't come with an RBAC hierarchy but I want to be sure.

jscott
  • 25,114
JorgeeFG
  • 1,013

1 Answers1

2

Assuming your app supports recursive lookups, or if youre doing this with simple filesystem permissions, yes, that is possible.

What you need to do is to make each parent a member of its direct children. For example, Admin would be a member of Task and Task 2, Task would be a member of Subtask1, Subtask2, and Subtask3. You would then add users to a single group and they would have all the privilege of the subgroups.

Jason Litka
  • 148