This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Group manage self service

Hi all,

I'm struggling with setting up self service for users to manage groups. What I have done is on OU (where are my groups) add permission to "authenticated users" template "self - Group manage". On other OU where are users - template "users - list". Everything seems to be working fine until one user (regular one, no admin) could change members of group were he/she was NOT manager/secondary owner.

Can someone confirm permissions/templates that need to be deployed on OU's, so the user can manage their own groups not other ones.

Thanks

Adam

  • I guess the useful hints here. Scope(where) – AT(what) – SID(who):
    #1. Scope: OU or Managed Unit (MU = ldap query) with AD Sec Groups, DLs
    #2. Access Mask (AT): Group.members attribute
    #3. Trustee: (ARS well known SIDs): Primary Owner, Secondary Owner.
    (*) SID: Authenticated Users to be used to VIEW (Read) access, not to Write (members)

  • Hi Aidar,

    It seems that adding primary and secondary owner as Self group managent do the trick.

    But another thing pop's up.

    If I've try to add via webpage users, it only happening when users search for group, check mark next to group. Then from right side menu chose members and find one and add.

    We have   "Access is denied.", but when we go into group -> member and add then it's working. Is it a bug or feature ? :D

    regards

  • Hi Adam,

    Glad to hear that my lead helped. Further, it is hard to answer because of the potential complexity in details. I would recommend (a) engage Support (if you can articulate a concrete problem) or (b) PSO (in case you need to develop Solution). For (b) please contact Quest PSO, me, for example.