Adaxes

[SOLVED] Got my security role wrong!

0 votes

Morning,

I have an issue with self service users being able to modify the properties of other users, my permissions look like this:

(Role permissions)
I assume it's my assignments: entry that needs to be set to "self" not my user group is that correct?

Thanks,
John.

by (840 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello John,

Yes, to allow users to perform operations on their own accounts, the role must be assigned to Self.

However, as far as we can see, the role contains not only permissions for User objects, but also permissions for operations on objects of other types. For example, it allows writing all properties of groups and creating child objects. If you assign it to Self, users will not be able to use such permissions. We recommend splitting your Security Role into 2 roles:

  1. A role that contains permissions only for the operations that users can perform on their own accounts;
  2. Another role that contains permissions for operations on other objects.

The 1st role must be assigned to Self, and the 2nd role must be assigned only to users who can modify groups or create child objects and include the parts of AD where they can perform such operations in the Assignment Scope.

0

All separated out now and assigned the minimal required. Thanks for the help.

by (840 points)

Related questions

0 votes
1 answer
[SOLVED] "My Teams" is showing users that aren't my team!

Actually it's a test account that's showing this issue. I logon as a test account that has recently been created so has not reports in AD. When I logon as that user ... members who are not managed by that account. Any ideas where I should look for a solution?

asked Mar 10, 2016 by bistromath (840 points)
0 votes
1 answer
Is there an email address my security team can send a security questionnaire to and have it filled out?

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer
Security Role for Read Only Configuration Items

How can I grant read only rights for Configuration items in the Adaxes Admin Console?

asked Jan 26 by mark.it.admin (2.3k points)
0 votes
1 answer
What specific permission is needed in a security role to grant access to enable a user account?

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Is it better to grant access via multiple OU and group assignments in the security role or use a business unit?

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (80 points)
3,351 questions
3,052 answers
7,791 comments
545,079 users