Allow Managers to Manage Their Teams
Your organization may authorize managers to perform operations on their subordinates in Active Directory. A user's manager is specified in the Manager property of the user's account. In Adaxes, you can grant managers the rights to manage their teams. If you change the manager of a user, the previous manager will lose, and the new manager will gain the rights.
In this tutorial you will learn how to create a Security Role with the necessary permissions and assign it to managers of users.
Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Security Role. The Create Security Role wizard will open.
Now you need to specify the permissions that you want to delegate to managers. To do this, click Add.
Since the Security Role will allow managers to manage user accounts, select the User object type.
In the right portion of the dialog, select the operations that you want to allow to managers. For example, if you want to allow managers to reset passwords, check the Reset Password permission in the Allow column.
Optionally, add the Read permission
Check the Read permission in the Allow column.
Now you need to assign the new Role. Since you want to grant permissions to managers, select the Manager security principal and click Assign.
In the Role Activity Scope dialog that opens, you need to specify the user accounts that will be managed by their managers. You can select one of the following options:
- All Objects - the Role will be assigned to managers of all users in all the AD domains managed by Adaxes.
Specific Domain - the Role will be assigned to managers of the users located in the selected domain. If you select a domain, you will need to specify the assignment scope in the Assignment Options dialog. The only applicable option is All objects in this Domain.
OU or Container - the Role will be assigned to managers of the users located in the selected OU or container. If you select an OU or container, you will need to specify the assignment scope in the Assignment Options dialog.
- If you want to assign the Role to managers of all users in the selected OU at any nesting level, select Child objects of this Organizational-Unit.
- If you want to assign the Role to managers of the users who are direct children of the selected OU, select Child objects of this Organizational-Unit and Immediate child objects only
Group - the Role will be assigned to managers of members of the selected group. If you select a group, you will need to specify the assignment scope in the Assignment Options dialog.
- If you want to assign the Role to managers of all members of the group, select Members of this Group.
- If you want to assign the Role to managers of direct members of the group only, select Members of this Group and Direct members only.
Business Unit - the Role will be assigned to managers of members of the selected Business Unit. If you want to select a Business Unit, select Business Units in the Look in drop-down list.
Select the object you need and click Add. When finished, click OK.
When specified, the assignments will be displayed in the Assignments list. Click Finish.
Managers can quickly access members of their teams on the My Team Page of Adaxes Web Interface. To open the My Team Page page, click the My Team link in the My Panel section.