I have Windows auth set up, and what I want to have happen is when a new user logs in, set the Role on their Identity to Reader. Is this possible? If so, how?
Currently anyone who signs in is automatically granted Admin access – this is very bad, esp in an IT org w/ hundreds of people. I am happy to manually grant Roles to people who need them until I figure out Claims, AD groups, etc…
Roles are assigned by policy by default. If you click Security \ Roles and then click on the Edit Details button, you’ll see that the policies all return true. You can return false to avoid this default behavior.
Make sure you statically assign a role to your account before doing this as you will lose access if you don’t.
Perhaps I’m misunderstanding, but there seems to be an issue with this.
Again, we use IIS/AD auth.
I have set all Roles except for Reader to False (obviously manually assigned roles to my existing Identity). Thus, any new user login should be assigned the Reader role. I have not done anything with Claims.
I just had several people log in for the 1st time and all of them had no Role at all. This is ok as it provides some control, but was entirely unexpected.