Issue:
If a user has no access type and the contact type is set as Employee can login as an Administrator.
USRD 17.3
-> If a user does not have any access type specified then he would be getting all Admin privileges. As per best practice, every contact should have an access type defined.
-> If the users are coming from LDAP then refer to below tech doc:
Where it advised to have LDAP Group enabled as below:
-> We would need to map the LDAP group to the respective default access type which we like to assign to users.