It is necessary to understand how to map Xtraction groups from Active Directory. This can be found in the Installation Guide of Xtraction whose the last version can be accessed in this page: Xtraction 2017.2 Downloads & Instructions
Tested in Xtraction 2016.2
The groups must be mapped from Active Directory
Requires Access To:
We created a folder that can be accessed by a specific group and upon saving a dashboard or accessing the "Folders" feature, the list of shared folders is empty.
If you have an AD integration to map Xtraction groups automatically, there may be a user with many of the three "Designer" roles while Xtraction expects only one between Enterprise Designer OR Designer OR Private Designer as it's possible to see from the user administration window.
- A user is created in Xtraction to log in through the Windows Authentication, his login is "MyDomain\XTADMIN"
- In AD, he belongs to the groups "XT-Designer" and "XT-Enterprise Designer"
- In Xtraction there's a group called "Designer Group"
- In Xtraction is created a Shared Folder called "Designers Only" and it can be accessed only by the members of "Designers Group"
- The following mapping is added to the Xtraction Windows Authentication web.config file:
<xtractionAuth secretKey="abc123" userAttributeSource="DIRECTORY" queryAdditionalUserAttributes="true" updateXtraction="true" authenticatedGroups=""> <directoryLocations> <add name="domain" contextType="DOMAIN" connectionConfig="MyDomain" /> </directoryLocations> <groupMap> <add name="Enterprise Designers" windowsGroupName="XT-Enterprise Designer" roleIds="2" featureIds="1,2,3" xtractionGroupNames="" securityPolicyName="" /> <add name="Designers" windowsGroupName="XT-Designers" roleIds="4" featureIds= "1,2,3" xtractionGroupNames="Designers Group" securityPolicyName="" /> </groupMap> </xtractionAuth>
As a reminder, this config file is by default in Xtraction Software\Xtraction\Web\WinAuth
- MyDomain\XTADMIN logs in via Windows authentication
- He's saving a dashboard
The Shared Folders list is empty although it's supposed to see the "Designers Only" folder since he's been added to the "Designers Group" group with the mapping.
Solution / Workaround:
A user can be mapped to only ONE of the roles Enterprise Designer, Private Designer or Designer in addition to Administrator and Scheduler.
Reminder - Role Ids':
As mentioned in the Installation Guide, below is the list of roleIds that are used in the above mapping:
1 – Administrator
2 – Enterprise Designer
3 – Private Designer
4 – Designer
5 – Scheduler