Managing PermissionsThe permissions assigned to each MIDAS user who authenticates against your Active Directory are derived from the name of Primary Group the user is a member of within your Active Directory, and the permissions associated with the corresponding MIDAS User Group with the same name.
If an AD user has no "Primary Group" set, and MIDAS isn't configured to block such users, MIDAS will instead default to allocating the user a very basic/restrictive set of "view only" permissions instead.
To set a user's Primary Group in your Active Directory:
In the above example, the user's Primary Group in the Active Directory is "Staff".
This user's MIDAS permissions will therefore be derived from the permissions you've specified for a User Group within MIDAS with the same name (i.e. "Staff") (You can setup MIDAS user groups via MIDAS Admin Options → Manage Users & Permissions → Groups)
If the "Update User Permissions upon each login" option is enabled (MIDAS Admin Options → Manage Users & Permissions → Single Sign On (SSO)) then each time the user opens MIDAS, their MIDAS user permissions will be updated to reflect the current permissions associated with their User Group.
If the "Update User Permissions upon each login" option is not selected, their MIDAS permissions will be set based upon the group permissions at the time of their first access of MIDAS via Active Directory authentication. Once set, these permissions will not then be automatically updated again (i.e. subsequent changes to the user group's permissions within MIDAS will not be applied to existing users who have previously authenticated with MIDAS via Active Directory integration).
Leaving this option unselected can be useful if you wish to "tweak" specific individual user's permissions.