Removing user from group in WGM not affecting AFP access
Originally a Share Point was only accessed by a group called 'Project Staff'. This group has Read-Write permission is granted by ACL.
I created a new group called 'Project Assistants', and gave it Read-Only access to the Share Point.
I looked at three accounts:
UserA, in 'Project Staff'.
UserB, in 'Project Assistants'.
UserC who had been removed from 'Project Staff', and added to 'Project Assistants'.
Effective Permissions Inspector shows:
UserA has the appropriate RW access.
UserB has the appropriate R only access.
UserC still has RW access instead of the expected Read-Only access.
I removed the ACL for 'Project Staff' from the Share Point as a test and looked the users again.
UserA, no access.
UserB and UserC, Read-Only.
When I added the 'Project Staff' access back to the Share Point, UserA and UserC again showed Read-Write access.
It seems that the AFP server is still treating UserC as though it was in the group 'Project Staff', which suggests that it's not seeing the updates to user accounts. However it is granting access to the new group 'Project Assistants'.
Any idea how I can get the AFP server to stop allowing access to accounts that have been removed from groups?
Mac OS X (10.6.8)