0 votes

Not sure what I'm missing...but when I view accounts or my acct for that matter in the Self-Service console, the Member of section (security group and distribution list) are empty.

I tried adding the read permissions for group but no cigar.

by (1.7k points)

1 Answer

0 votes
by (215k points)

Hello,

To be able to view the groups in the Member Of section, a user must be granted the permission to read the groups. By default, the permission to read all objects in AD is provided by the built-in Security Role Domain User. However, if you disabled or changed the Activity Scope of the Role, you need to explicitly grant permissions to users to view the groups they need. For this purpose, you need to grant the permission to Read group objects and include the groups they need to view in the Assignment Scope of the Role. To create such a Role:

  1. Create a new Security Role.
  2. On the 2nd step of the Create Security Role wizard, click Add.
  3. Select the Group object type.
  4. In the General permissions section, select Read.
  5. Click OK.
  6. On the next step, assign the Role to the users who need to see the groups and include the necessary groups in the Assignment Scope.
0

So I'm thinking abt what you suggested...

If this is through self service and the 'my properties' contain member of fields, I wouldn't know everyone whos apart of a group, so how can I address this on a larger scale?
I'd like to configure so when a user views their properties in Self Service, they are able to see the groups they are apart of.

I added Security Role and added Read permissions and trustee is Authenticated Users assigned to the domain. Is this ideal? or is it giving the user to much freedom?

0

Hello,

Currently, this is, probably, the best way how you can implement your requirement. If you've configured the Security Role in the way as we've described in our previous post (that is, added the Read permission for Group objects only), your Security Role will allow all your users only to view all groups located in the domain. The Read permission allows users only to view objects, not modify anything, so they won't have access to changing something that they are not supposed to.

In the future, we are planning to add support for value references in Business Unit. That is, it will be possible to specify value references in Business Unit Membership Rules. When this is implemented, you will be able to create a Business Rule containing all groups that a user is a member of, and assign the Security Role over the Business Unit.

0

we are testing self-service and managed objects.
is there a way to allow the default for page size to set at a different number other than 10?

0

Hello,

Currently, this is impossible. But in our new version to be available on Thursday, this functionality will be added. :)

0

great.

I sent an email to support abt another issue(onprem MB creation). can someone take a look?

0

Hello,

We haven't yet received it. Did you send it to our support email (support[at]adaxes.com)?

0

I sent it to support[at]adaxes.com.

0

OK, received, expect a message from one of our Support Engineers in a couple of minutes.

Related questions

0 votes
1 answer

Is there anyway we can get an Adaxes administrator to be able to access the security the questions and answers from the “Password Self-Service Policies” portal for our users?

asked Feb 17 by JoeG (40 points)
0 votes
1 answer

Hello! We're using Duo for MFA on Windows 10 logins and understand this creates a new credential provider in Windows along side Adaxes' Password Self Service (PSS) credential ... 2FA with a Auth app or SMS code along with questions/answers. Thank you, Kyle

asked Feb 8 by KyleCascade (20 points)
0 votes
1 answer

Hello, We are looking to get our standard users to have permissions to edit their out of office (automatic replies) in the self-service portal. We have setup the settings ... users only see the below How do we make the exchange properties visible to the user?

asked Feb 3 by JoeG (40 points)
0 votes
1 answer

I would like to know/create daily report to know who conducted self password reset. How can I achieve that?

asked Dec 9, 2021 by fachmi (170 points)
0 votes
0 answers

Hi Evryone, I am trying to set up an external portal within a new webserver on dmz, and with only access to a webservice created from selfservice. The new webservice is only ... login, only reset password. What I am mising there that its not working? Thanks,

asked Nov 26, 2021 by yagoityd (20 points)
2,761 questions
2,494 answers
6,535 comments
1,481,188 users