0 votes

Not sure what I'm missing...but when I view accounts or my acct for that matter in the Self-Service console, the Member of section (security group and distribution list) are empty.

I tried adding the read permissions for group but no cigar.

by (1.7k points)

1 Answer

0 votes
by (216k points)

Hello,

To be able to view the groups in the Member Of section, a user must be granted the permission to read the groups. By default, the permission to read all objects in AD is provided by the built-in Security Role Domain User. However, if you disabled or changed the Activity Scope of the Role, you need to explicitly grant permissions to users to view the groups they need. For this purpose, you need to grant the permission to Read group objects and include the groups they need to view in the Assignment Scope of the Role. To create such a Role:

  1. Create a new Security Role.
  2. On the 2nd step of the Create Security Role wizard, click Add.
  3. Select the Group object type.
  4. In the General permissions section, select Read.
  5. Click OK.
  6. On the next step, assign the Role to the users who need to see the groups and include the necessary groups in the Assignment Scope.
0

So I'm thinking abt what you suggested...

If this is through self service and the 'my properties' contain member of fields, I wouldn't know everyone whos apart of a group, so how can I address this on a larger scale?
I'd like to configure so when a user views their properties in Self Service, they are able to see the groups they are apart of.

I added Security Role and added Read permissions and trustee is Authenticated Users assigned to the domain. Is this ideal? or is it giving the user to much freedom?

0

Hello,

Currently, this is, probably, the best way how you can implement your requirement. If you've configured the Security Role in the way as we've described in our previous post (that is, added the Read permission for Group objects only), your Security Role will allow all your users only to view all groups located in the domain. The Read permission allows users only to view objects, not modify anything, so they won't have access to changing something that they are not supposed to.

In the future, we are planning to add support for value references in Business Unit. That is, it will be possible to specify value references in Business Unit Membership Rules. When this is implemented, you will be able to create a Business Rule containing all groups that a user is a member of, and assign the Security Role over the Business Unit.

0

we are testing self-service and managed objects.
is there a way to allow the default for page size to set at a different number other than 10?

0

Hello,

Currently, this is impossible. But in our new version to be available on Thursday, this functionality will be added. :)

0

great.

I sent an email to support abt another issue(onprem MB creation). can someone take a look?

0

Hello,

We haven't yet received it. Did you send it to our support email (support[at]adaxes.com)?

0

I sent it to support[at]adaxes.com.

0

OK, received, expect a message from one of our Support Engineers in a couple of minutes.

Related questions

0 votes
0 answers

Upgraded to the latest adaxes release yesterday and now this morning we are not able to access our self-service portal. We have rebooted our server and verified our adaxes service is successfully connected our domains. Any help would be appreciated, thank you!

asked Mar 14 by dhodgin (40 points)
0 votes
1 answer

Hi, I'm trying to add an custom command under Actions. While I'm able to add them under UI editor, it is not visible when a user logs into self-service portal. However, other default actions are visible when I toggle them in UI editor.

asked Feb 5 by Renugopal (120 points)
0 votes
1 answer

Hi, I would like to setup the self-service with a list of required hardware, printers applications etc for someone to select when creating a new user. Then when the user is ... this can be done under custom forms but im not exactly sure how to do this.

asked Dec 4, 2023 by STIG (40 points)
0 votes
0 answers

Hi, Through the Adaxes Web Configurator i would like to be able to setup an action so a user can be added to a Microsoft Team through the self service portal. The ... then test again all the disribution groups show up. Any thories on why this is happening?

asked Nov 28, 2023 by STIG (40 points)
0 votes
1 answer

Can Self service client tool work on macbooks with local account setup. Our macbooks are managed by Kandji MDM, which have local accounts setup on each machine and not ... will sync local accounts with their AD password on macbooks setup with local accounts.

asked Mar 29, 2023 by Vish539 (310 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users