Welcome to our support forum. :)
First of all, you need to check the Assignments of your Security Role. The Assignments of a Role define the Trustees, i.e. users who will be able able to apply the permissions granted by the Role. The Assignment Scope defines where the Trustees will be able to apply the permissions of the Role. You need to check whether the Role is assigned to your helpdesk users and whether the Assignment Scope of the Role includes the users they can modify.
For example, on the screenshot below, the Help Desk Role is assigned to the Help Desk group, and the members of the group are able to apply the permissions granted by the role within the OU called example.com\Offices.
To view Assignments of a Security Role, you need to select it in the Console Tree of Adaxes Administration Console. The Assignments will be displayed in the Result Pane (located to the right).
Also, you should always remember that Deny permissions always override the Allow permissions. That is, if a Security Role grants a user the right to modify a certain property of a certain object, but another Security Role denies the right to modify the same property, the user will not be able to modify the property. So, you need to check that there are no other Security Roles that would deny your helpdesk the right to modify the properties. To check this:
- Find all the Security Roles that are assigned to your helpdesk users. For information on how to do this, see Viewing Security Roles Assigned to Users or Groups.
- Check whether any of the Roles assigned to them deny the permission to modify the properties they need to modify.