cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict App Portal Access For Group of Users

We need to restrict access to the App Portal web page for a group of users.  We have an AD group create that includes all users we want to have access and excludes the users we don't want to have access.

We have followed this KB Managing Catalog Permissions (flexera.com) but our user can still get to the home page and see tabs at the top.  They see these tabs at the top and can click on them: My Apps, Processed and Approve/Reject although they are blank.

We use user-based licenses.  In the past, we recall users receiving a message similar to: "You do not have a license to access this web page".  We tried changing our custom User Sync as well to include the MECM collection which does not include these users.

Do you have any ideas?

Thanks,

Joan

(1) Solution

Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection. 

While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker..  For instance, I think that you could use .NET Authorization Rules.  The following is a brief overview:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)

I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
rule.png

 

 

View solution in original post

(4) Replies

I think you should be able to use an Exclude Condition in the General tab of the Site Management > Settings > Web Site .  We use an exclude condition to exclude servers from App Portal and it works.  General Tab (flexera.com)

We tried that but it didn't work - we have user-based licensing.  I found this in a previous post (attached screenshot).

Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection. 

While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker..  For instance, I think that you could use .NET Authorization Rules.  The following is a brief overview:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)

I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
rule.png

 

 

Thanks Charles!  We were able to get it to work with a device-based collection in the > Settings > Web Site.  We were using a user-based collection before.  Thanks for clarifying that!