Issues with users group assignments

28 views
Skip to first unread message

Ian Kennedy

unread,
Nov 7, 2025, 5:44:11 PMNov 7
to QATrack+

Hi all,

 

We have been using Active Directory on our QATrack+ instance to allow users to access directly, and assign them a default user permissions called "Therapist" which allows them to perform tests. We'd like to create a test which is visible to a new group named "Nurses" only. We have Therapists setup as the default group as that group sees the most new users. 

 

The Nurses group has access to the least amount of test lists and we'd like to keep it that way. Once a nurse joins using their Active Directory login they're added to the Therapists group (our default permissions) as well as the Nurses group. I'm able to remove them from the Therapists group, but the next time they login they're automatically added back again. This only happens to users logging in using Active Directory login. Any thoughts on how to remedy this while still allowing new users to automatically be added to the Therapists default permissions?

 

Thanks,

Ian

Cody Crewson

unread,
Nov 17, 2025, 3:30:40 PM (8 days ago) Nov 17
to QATrack+
Ian

I've honestly never seen that behavior before, could you pull your AD logs? They should be in your logs folder as auth.txt. 

An additional question, I'm not sure if it was tested but there is a user group mapping option, this can be added to your local_settings.py but I'm not sure how it handles users in multiple groups. 

     # AD_GROUP_MAP is a map from AD Group names to QATrack+ group names in form
     # of {'AD group name': 'QATrack+ Group Name',}
     # e.g. {'Your Hospital - Physics': "Physics"}.
     # When a user logs in to QATrack+, their AD groups will be
     # checked and they will automatically be added to the
     # corresponding QATrack+ group based on this map.
     AD_GROUP_MAP = {}

Ian Kennedy

unread,
Nov 19, 2025, 4:08:04 PM (6 days ago) Nov 19
to QATrack+
Thanks Cody,

We're looking into using ADFS groups, but we're curious on how exactly the default user feature works when creating a group. Is this something you're using and do you have any tips on how to use it while still maintaining separation between groups without having to manually move users to the proper group when they join for the first time?

Thanks,

Ian
Message has been deleted

Cody Crewson

unread,
Nov 21, 2025, 10:41:23 AM (4 days ago) Nov 21
to QATrack+
Our current clinical practice is to use the default group for therapists, and change everyone else as part of their onboarding. We've never considered it much of an issue because the people doing onboarding and the people having admin rights work really closely. 

Modern Python AD is available in Dev, but I have not had a chance to transition from CherryPy to Apache

Reply all
Reply to author
Forward
0 new messages