Adaxes

Delegating to manager

0 votes

Hi,

I'm trying to figure out a way to grant managers the rights to edit some of the properties of their teammate. I'd like them to use the My Team link on the Web Interface but the User Self-Service role doesn't give them necessary rights.

If you have an idea

Thanks in advance

Great product anyway, unlimited potential.

by (800 points)

1 Answer

0 votes
by (18.0k points)

Update 2015

You can use the Manager security principal as trustee in security roles to delegate permissions over direct reports of users. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_AllowManagersToManageTheirTeams.htm.

Original

Hello,

At the moment it is impossible to delegate permissions to a user over his/her subordinates. We are planning to implement this functionality in one of the nearest releases.

For a small number of managers, you can do the following:

  1. Create a Business Unit for each manager. Each Business Unit will include all subordinates of a specific manager using a search query like this: 

     (manager=CN=John Doe,CN=Users,DC=company,DC=com)

  2. Assign each manager to a Security Role over his/her Business Unit.

0

Great product anyway, unlimited potential.

Thank you! ;)

by (18.0k points)
0

Glad to hear that. What i really like in Adaxes is the fact that the product is growing constantly and you really take care of what your customers need.

by (800 points)

Related questions

0 votes
1 answer
Delegating access to custom command not changing web portal visibility

Hi We're experiencing some issues with showing and hiding custom commands when viewing user accounts. We have a number of commands in Adaxes, but no matter the permissions ... other custom commands shown. We're running the latest verison of 2021.1 Thanks Matt

asked Apr 5, 2022 by chappers77 (2.0k points)
0 votes
1 answer
directReports is a system read-only attribute. Script to clear subordinates from manager?

I have made a deprovision custom command. I cannot change the attribute directReports, so was thinking - i could take the people in the directReports field of the manager ... (and its subordinates) that im running the deprovision custom command from. Any tips?

asked Mar 21 by EdgarsABG (50 points)
0 votes
1 answer
Error clearing Manager due to Property ''Manager'' is required.

Hi, I am trying to clear the manager of disabled accounts and created a scheduled task for this Right now it is failing for all users (currently 4 in total) With error ... but it won't also remove/clear the manager. All user still have the attribute set.

asked Jan 30 by wintec01 (1.1k points)
0 votes
1 answer
Can we script granting a manager access to a user's mailbox?

We are developing a process to mange mailboxes for terminated users. At the time of termination we would like to: convert the mailbox to a shared mailbox. Send an approval ... would run script to grant the manger access to the mailbox. Can this be done?

asked Oct 27, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Whend creating and updating user via scrpt can we change this to find the manager via employeeID or SAMAccountName?

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
3,346 questions
3,047 answers
7,782 comments
544,986 users