Dane -
Access to UMP USM groups are not controlled by liferay groups. Daniel Blanco correctly answered your question. You need to define an account from the UMP AccountAdmin portlet where you assign specific origins to the account and add users to the account. When you create/edit groups in the UMP USM portlet, you can specify the Account that has access to the group. By default, the account option of a group is give a value of No Account.
Users that are members of defined Accounts will only be able to access groups that are configured with the same Account that the user is a member of.
In this example, the Test Account 1 account was created with 1 user. All groups in the UMP USM portal have the Account option set to No Account. When the acct1user1 user logs in, they see no groups as follows:
If your LDAP users were not assigned to a UIM account, then they will be able to see all groups defined in the UMP USM portlet.
------------------------------
Kathy Maguire
Technical Support Engineer 4
Broadcom
------------------------------
Original Message:
Sent: 04-06-2020 04:48 PM
From: Dane Rafn
Subject: Restricting USM group access
Daniel:
The users are not in IM, they are in an AD group for users. I created the ACL and Account in UMP and the USM group was created at root level under groups and the users are a member of the account in the Liferay control panel settings for groups.
When the user signs in they see all groups and nto just the one they are a member of - which I was attempting to limit to.
Original Message:
Sent: 04-06-2020 02:45 PM
From: Daniel Blanco
Subject: Restricting USM group access
Do these users also have accounts in IM or Admin Console's Managed Users? If so then they will have access to everything.
If not then in the UMP's > USM porlet at the Root level did you create a "Container" first for this Account and specify the "Account" = account_name.
In the AccountAdmin portlet for that specific account, did you specify just the Ownership to the specific Origin?
------------------------------
Daniel Blanco
Enterprise Tools Team Architect
DBlanco@alphaserveit.com
Original Message:
Sent: 04-06-2020 02:19 PM
From: Dane Rafn
Subject: Restricting USM group access
I am trying to modify the USM group, tree view/group access for several sets of users. I have an ACL created and linked to an account and that account is the owner of the USM group but instead of the users seeing just their groups when they login they are still seeing the entire tree of groups and can view those group contents.
Is there something I am missing here?