Adaxes

Different tasks for department heads

0 votes

Hi all,

I'm trying to work out how to configure different tasks for different users. Basically, what we want to achieve is for team leaders or department heads to be able to manage their own users and groups etc, and for HR to be able to create new users but be limited to where they can be created etc.

1. I have created a new interface type called TeamLeader, and on the home page I want it to display the Actions assigned to that role, and only the Business Units this role has permissions to. Currently it shows all Business Units and I'm not sure how to change it. Also, when performing an Action (say, Reset Password) I want it to just return a list of users in the Business Unit it has permissions to.

2. When a HR user logs in to the Team Leader site, I want them to be able to create users, but only from a list of pre-defined departments that will perform the various tasks for that department (copy from Template and create in specific OU to department).

I'm sure these are covered somewhere but I can't find any tutorials listed on the site and the documentation isn't really helping me.

Cheers,
Luke.

by (50 points)

1 Answer

0 votes
by (272k points)
selected by
Best answer

Hello,

Active Directory objects that users can/cannot view in the Web Interface do not depend on the type of Web Interface they sign on to. Permissions to view/modify objects are granted by Security Roles. This rule is also spread on objects that can be selected as target objects for Home Page Actions. For information on how to check Security Roles assigned to a user, have a look at the following help article: http://www.adaxes.com/help/?ManageSecur ... forms.html.

Most probably, you are signed in to the Web Interface with the credentials of the default service administrator (specified during Adaxes installation). In this case you can view/modify all objects in the environment as service administrators do not undergo security checks. Other users can view/modify only the objects that they are allowed to by assigned Security Roles.

By default, the Domain User Security Role allows all users to view all objects. You can disable the role and grant users a limited range of permissions. For example, to grant users permissions to view Business Units, have a look at Delegating Rights to Manage Business Unit Members section of the following tutorial: http://www.adaxes.com/tutorials_Delegat ... sUnits.htm.

If you need HR operators to have Home Page Actions different from those available for Team Leaders, they must use different Web Interfaces (e.g. TeamLeader and built-in Help Desk interfaces).

Related questions

0 votes
1 answer
Is there a way for Scheduled tasks to NOT automatically run after being enabled?

When I enable a scheduled task, instead of running at the scheduled time they all run imeadiately. This is not good behavior as changes are written in a way to reflect the ... is being enabled. I am hoping there is a powershell command to stop this behavoir.

asked Jul 10, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Add Schedule Tasks for Active Directory Management to Web UI

I would like to add "Configuration > Scheduled Tasks" to the Adaxes Web UI. I canĀ“t find an option to impelement this. Any hints?

asked Feb 9, 2021 by MatthiasP (40 points)
0 votes
1 answer
Property Display Names for different languages

Hi, is it possible to copy Property Display Names from one language to another one? Or do I need to specify them all one by one?

asked Jul 4, 2023 by wintec01 (1.1k points)
0 votes
1 answer
On the built in Create User, how can I get the ability for the user to choose a different domain in the username field?

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14, 2023 by mightycabal (1.0k points)
0 votes
0 answers
How can this be adapted to account for a UPN with the same name just in a different case?

When the UPN being created is the same as an existing one except for the case. For instance, the new UPN is sally.fields but there's an existing Sally.Fields. The ... but then fails to create the AD account indicating that the UPN is not unique forestwide.

asked Jul 13, 2022 by sandramnc (870 points)
3,346 questions
3,047 answers
7,779 comments
544,979 users