0 votes

When I build a report for "everyone" (and specifically for use by self service users) and define a scope that is specific to an OU, it runs fine in the web interface when I run it in my capacity as a network administrator; however, when I run it in the Self Service Portal (as a self service user), the report fails and it appears that it is unable to resolve the OU and instead is showing the SID/GUI for the specific OU.

Here's what I get when I try to run the report in the Self Service Portal:

Amarillo Extension Report Error.jpg

Here's the scope setting for the report:

Scope Setting.jpg

Here's the security role for the self service user:

Self-Service User Security Role Permissions.jpg

I'm not sure what permission seems to be missing that would allow this report to run properly and the Scope to be recognized for the self service user. Without this, the report is VERY slow because it is unable to isolate a smaller subset for the search. And I know it works as a different user (with essentially "full control" access to everything), so I'm not sure where to start.

Thanks!

by (280 points)

1 Answer

0 votes
by (191k points)
selected by
Best answer

Hello Bill,

According to the error message, the logged on user does not have the permissions to actually see the Users OU. The thing is that the Security Role in your screenshot does not grant any permissions over OUs. Also, the permission for reports in the role will not work. To grant permissions to view reports you need to use specific users or groups as trustees. For your information, the Self security principal is only used to grant permissions to users over their own accounts.

For information on how to grant permissions to see objects, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_HideADObjectsFromUsers.htm. For example, to allow all users to see the Users OU, your Security Role will look like the following: image.png For information on how to delegate the permissions to view reports, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToViewReports.htm.

Related questions

0 votes
1 answer

Is there a way to export the list of users enrolled in Password Self-Service? When I click on "Statistics" and select only "Enrolled", I see the list ... Attributes such as "adm-PasswordSelfServiceEnrollmentInfo" (I am guessing that is the correct attribute)

asked Jun 6, 2016 by Kikaida (4.8k points)
0 votes
1 answer

Hi all I want to create a workflow on the Self Service portal. The choice is the default Join a group or possibly a new action. A normal user should be able to ... by" of the group has the permission (Write membership) as described in the guide. Micael

asked Jan 21, 2019 by ecit (510 points)
0 votes
0 answers

Hello, I have a Group Membership section on the Self Service Web interface. The idea is to have a list of the groups the user is a member of, but only the groups with their ... seems to work so I'm not sure where else I should be looking to fix the problem.

asked Dec 24, 2018 by LindaPeterson (250 points)
0 votes
0 answers

Hello, I have a Group Membership section on the Self Service Web interface. The idea is to have a list of the groups the user is a member of, but only the groups with their ... seems to work so I'm not sure where else I should be looking to fix the problem.

asked Nov 2, 2015 by drew.tittle (4.5k points)
0 votes
1 answer

We are seeing that when users access the self-service password enrollment via web page on an iOS device, the question drop downs are not responsive. The users cannot select a ... drop down list, but can type in a question of their own. Can someone assist?

asked Dec 8, 2014 by rgreggs (1.7k points)
2,381 questions
2,137 answers
5,770 comments
187,053 users