In order to allow specific users or groups to create and modify virtual collections
of Active Directory objects called Business Units, you need to grant them the permission
to create/delete Business Units and permission to write all properties of Business Unit
objects. For this purpose, you need to create a Security Role that grants these permissions
and assign the new Role to the users or groups, whom you want to allow managing
Launch Adaxes Administration Console, right-click your Adaxes service, point
to New and click Security Role. The Create Security Role
wizard will open.
Enter the name for the new role and click Next.
On the Role Permissions page you need to specify which permissions the new role will
grant. The permissions for Business Unit management are predefined in the list of common tasks.
So, to quickly add these permissions to the role, click the arrow inside the Add button
and choose Manage Business Units. Click Next.
With the help of the drop-down menu you can add permissions for other
common tasks, such as managing user accounts, groups, Business Rules, Security Roles, Property
Patterns, or Custom Commands, modifying group membership, reading contact information, etc.
Here, at the Assign Role page, you need to specify the users or groups to which you want
to assign the new role.
To quickly find a user or group, type its name in the search field and click the
Select a user or group in the list of available trustees and click the Assign button.
In the Role Activity Scope dialog that opens, select Configuration Objects,
click Add, and then click OK two times.
When the assignment is added, it will be displayed in the Assignments list. To add
assignments to other users or groups, repeat steps 4 and 5.
When all necessary assignments are added, click Finish.