Adaxes

Different tasks for department heads

0 votes

Hi all,

I'm trying to work out how to configure different tasks for different users. Basically, what we want to achieve is for team leaders or department heads to be able to manage their own users and groups etc, and for HR to be able to create new users but be limited to where they can be created etc.

1. I have created a new interface type called TeamLeader, and on the home page I want it to display the Actions assigned to that role, and only the Business Units this role has permissions to. Currently it shows all Business Units and I'm not sure how to change it. Also, when performing an Action (say, Reset Password) I want it to just return a list of users in the Business Unit it has permissions to.

2. When a HR user logs in to the Team Leader site, I want them to be able to create users, but only from a list of pre-defined departments that will perform the various tasks for that department (copy from Template and create in specific OU to department).

I'm sure these are covered somewhere but I can't find any tutorials listed on the site and the documentation isn't really helping me.

Cheers,
Luke.

by (50 points)

1 Answer

0 votes
by (302k points)
selected by
Best answer

Hello,

Active Directory objects that users can/cannot view in the Web Interface do not depend on the type of Web Interface they sign on to. Permissions to view/modify objects are granted by Security Roles. This rule is also spread on objects that can be selected as target objects for Home Page Actions. For information on how to check Security Roles assigned to a user, have a look at the following help article: http://www.adaxes.com/help/?ManageSecur ... forms.html.

Most probably, you are signed in to the Web Interface with the credentials of the default service administrator (specified during Adaxes installation). In this case you can view/modify all objects in the environment as service administrators do not undergo security checks. Other users can view/modify only the objects that they are allowed to by assigned Security Roles.

By default, the Domain User Security Role allows all users to view all objects. You can disable the role and grant users a limited range of permissions. For example, to grant users permissions to view Business Units, have a look at Delegating Rights to Manage Business Unit Members section of the following tutorial: http://www.adaxes.com/tutorials_Delegat ... sUnits.htm.

If you need HR operators to have Home Page Actions different from those available for Team Leaders, they must use different Web Interfaces (e.g. TeamLeader and built-in Help Desk interfaces).

Related questions

0 votes
1 answer
Is copying Entire Action Sets as is to different tasks/commands/rules without forcing an ElseIf possible

I like to reuse action sets I've created in varying rules, tasks and commands. The main issue I am facing is I cannot find a way to make it copy and paste 1:1. It ... the other rule/task/command. Is this not possible or am I just not figuring it out? Thanks

asked Nov 22, 2024 by msheppard (790 points)
0 votes
1 answer
Possible to set constraints for parameters in custom tasks?

We're tryingo to create a custom task that would allow us to create a service account and run some logic. These need to start with "svc_". Im able to do this on ... possible? Alternatively, could I use the built in task and add additional fields to the form?

asked Jul 30, 2024 by ZoomGhost (280 points)
0 votes
1 answer
Is there a way for Scheduled tasks to NOT automatically run after being enabled?

When I enable a scheduled task, instead of running at the scheduled time they all run imeadiately. This is not good behavior as changes are written in a way to reflect the ... is being enabled. I am hoping there is a powershell command to stop this behavoir.

asked Jul 10, 2023 by mightycabal (1.1k points)
0 votes
1 answer
Add Schedule Tasks for Active Directory Management to Web UI

I would like to add "Configuration > Scheduled Tasks" to the Adaxes Web UI. I canĀ“t find an option to impelement this. Any hints?

asked Feb 9, 2021 by MatthiasP (40 points)
0 votes
1 answer
How do I synchronize the same user for 2 different domains?

I have an M365 tenant synched with my on-premise AD, via Entra Cloud Sync. I also have a domain in AWS with the same usernames as in the on-premise domain. These ... , but it creates duplicate user accounts. Is there a way to accomplish this task with Adaxes?

asked Mar 18 by System (40 points)
3,685 questions
3,370 answers
8,521 comments
549,558 users