> Verified user is in the gs-netcool-noc Group name in AD. If I tag the user > with the NOC Team group > then login I get the write permissions. Untag it I can only view objects. > > Please advise... The reason may be that the LDAP groups are not translated into "lgcn" autotags. In that case the Permissions handling code wouldn't have the input facts necessary to make the decision to "allow". To check if the autotags are there, trigger a "permission denied" message for the user. Once there are no "lgcn" autotags in the dump, this means that LDAP group mapping is not configured (properly). In this case the following page should help: https://sourceforge.net/apps/mediawiki/racktables/index.php?title=LDAP -- Denis Ovsienko