• State Suggested Answer
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 3278 views
  • Users 0 members are here
Options
Related

Delegate Rights to Manage Scheduled Tasks

rob lowe
over 3 years ago

Hello -

I'd like to delegate rights to manage Active Roles scheduled tasks but haven't found an access template specific to delegating the right.  Any suggestions would be appreciated.

Thank you.

  • 0 over 3 years ago

    My gut would tell me that this not something that you can delegate.  And certainly not without giving users access via the MMC (which I tend to recommend against).

    What exactly do you want to delegate around Scheduled Tasks? - enabling / disabling, setting start times and such shouldn't be a big deal with some light Web UI customization.

  • 0 over 3 years ago in reply to JohnnyQuest

    The users I'd like to delegate to are Domain Admin level users who are comfortable using the MMC, myself included.  I'd like to avoid using the console as a Domain Admin or as the service account for managing Scheduled Tasks.

  • 0 over 3 years ago in reply to rob lowe

    The issue is that there were certain things (Dynamic Group creation being another example) that were never designed to be delegated.  So the only way to perform these tasks is if you are an AR Admin....which as you know, is a level of access that you don't hand out lightly.  Hence my suggestion to set this up in the web UI because then we can hide the workarounds that facilitate it.

  • 0 over 3 years ago

    Access Templates do have the ability to be delegated to Scheduled Tasks (edsScheduledTask) and Scheduled Task Containers (edsScheduledTaskContainer) objects. So, initially this appears that it could be accomplished by creating a new Access Template, selecting the option to 'Show all possible classes' and locate these object classes in the list to delegate the necessary access to.

  • 0 over 3 years ago in reply to Richard.Lambert

    Thank you for this suggestion.  

    I have found Scheduled Task (edsScheduledTask) and granted Create/Delete child objects permissions.  When checking Object Classes, no classes display so I've selected Child objects of any class.  I've assigned that template to a group for a custom Scheduled Task Container and still cannot create or modify a scheduled task.

    What am I missing?

  • 0 over 3 years ago in reply to rob lowe

    You need to delegate the creation of the child objects to something - so creation of child objects (any class) of a Scheduled Task container would be the most sensible.  For simplicity's sake, I would pre-create the Scheduled Task container(s) and then just delegate the create of the child objects within it (them).

  • 0 over 3 years ago in reply to rob lowe

    You always create children inside of a container.

    The ability to create an object of class edsScheduledTask is a permission that you would have to have on an edsScheduledTasksContainer object.