0 votes

Hello!

2 questions today:

1) I have created a separate webgui for our HR department. http://<adaxesserver>/HR. They have two actions available, one for creating a new user, and one for setting expiry dates for current users. How can I create an enforcement rule which will only apply to this webgui/these actions?
The only way I have been able to do this now is to create a generic business rule which applies before creating/updating users, with only one action: Require Approval. However, this rule will obviously apply to every create/update action that I do in Adaxes, regardless of which web gui I am working in, so I will need another method of enforcing approval.

2) With my current (flawed) method of enforcing approval, I noticed that when they reach the "This operation requires approval" page, the page also lists all users in the OU which they are allowed to administer, and they can view/modify most of the information. IMHO, this summary page should not contain this user browser part.
I have removed basically every "Display" and "Browse" option in the web gui management tool for this particular "/HR" subsite, but still, this user browser shows up on the "Requires Approval" page. The accounts who are able to log in to this site, has the common permissions "Create, delete and manage user accounts", which I believe I cannot restrict further, since they should be able to create new users, and be able to select users from a list and set expiry dates.

by (160 points)
0

Bump

1 Answer

0 votes
by (1.8k points)

Question number 1:
I asume that you assign the security role to a AD group that allows members of HR to execute these two functions.
Therefore i would edit the business rule action that sends the approval request and add a condition "If the initiator is a member of <Group>", and connect it to the AD group giving access to the HR web interface. Then it will only trigger on actions executed by HR.

Question number 2:
No clue if it is even possible to hide this.
The best thing would be an option that you could set to direct them to the home screen, like other functions already do.
Support will need to answer this. :geek:

Related questions

0 votes
1 answer

Good Afternoon, Is it possible to move mailboxes to 365 using more advanced options? I am already using the documented script but we have a need to use other switches in the ... this. I see the native way only supports a couple of options that are documented.

asked Nov 22, 2023 by curtisa (210 points)
0 votes
1 answer

Hi I've added values to two attributes of an Oraganization Unit: adm-CustomAttributeText1 adm-CustomAttributeText2 I'm trying to extract these properties with a powershell ... But this does not provide the value set in adm-CustomAttributeText1. Any ideas?

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
1 answer

In the Adaxes GUI I see three forms of delegation: Send As Send on Behalf Of Mailbox Rights In the WEB GUI there are also three forms of delegation: Shared Mailbox Members Full ... Behalf Of" missing on the WEB? -- Morten A. Steien For reference GUI: WEB:

asked Jul 14, 2023 by Morten A. Steien (300 points)
0 votes
1 answer

Hi, is it possible to use custom Powershell script to determine, who will be able to modify AD object property (for example managedBy)? So it is not manager of given object who can edit this property, but anyone who pass checks in Powershell script..

asked Apr 7, 2020 by KIT (910 points)
0 votes
1 answer

Hi Our users are not exactly pleased with Adaxes Web GUI. Is there any in this forum who have developed their own GUI and uses Adaxes as engine ? If so - which development tools did you use - Visual Studio, SAPIEN, Xojo, or something else ? - Thanks

asked Nov 2, 2017 by Boxx.dk (2.6k points)
3,326 questions
3,025 answers
7,723 comments
544,675 users