• State Not Answered
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 285 views
  • Users 0 members are here
Options
Related

how to add permission to domain users in help desk web interface

richa kumari
2 months ago

hello ,

I just configured the web interface . I tried to login in using normal domain user account in help desk site. but it is showing no objects in active directory domain  how to add rights to these users can see some active directory group where he can request to add as member.
 

thanks
Richa

Parents
  • 0 2 months ago

    Hi  

    Active Roles by default does not grant users (except members of the Active Roles Full Admin group) to view anything within a managed domain within Active Roles.

    To grant a trustee permissions over directory objects, you need to delegate appropriate permissions via Access Templates.

    In the simplest form, this might be to delegate that "Domain Users" are granted "All objects - read only" access template, applied against the node "Active Directory". However this is likely going to grant to wider access for 99.9% of users.

    If they should only see their own user account, then you might delegate "Self" principal be granted "users - read all properties" access template applied against the node "Active Directory". This would grant an individual user permissions to view their own user account, and all the properties.

    The complexity increases from there, depending on your use cases and the security requirements of your business.

    If unsure, you can engage Professional Service to assist.

    Kind regards

    Stu

Reply
  • 0 2 months ago

    Hi  

    Active Roles by default does not grant users (except members of the Active Roles Full Admin group) to view anything within a managed domain within Active Roles.

    To grant a trustee permissions over directory objects, you need to delegate appropriate permissions via Access Templates.

    In the simplest form, this might be to delegate that "Domain Users" are granted "All objects - read only" access template, applied against the node "Active Directory". However this is likely going to grant to wider access for 99.9% of users.

    If they should only see their own user account, then you might delegate "Self" principal be granted "users - read all properties" access template applied against the node "Active Directory". This would grant an individual user permissions to view their own user account, and all the properties.

    The complexity increases from there, depending on your use cases and the security requirements of your business.

    If unsure, you can engage Professional Service to assist.

    Kind regards

    Stu

Children
No Data