0 votes

We have a specific group in AD that we do not want people to be able to modify in Adaxes. Is there a way to restrict the ability to modify a specific group in Adaxes?

by (130 points)

1 Answer

0 votes
by (223k points)

Hello,

Yes, it is possible. You will need to create a Security Role denying the permissions to modify properties of the group. The role disallowing midification of all group properties will look like the following: image.png If you want to restrict modification of only specific group properties, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToModifySpecificProperties.htm. On step 3, select the Group object type and then select the Write <Property Name> permission in the Deny column. Finally, the role will look like the following: image.png

0

I setup a Security Role as suggested and it does not appear to be working. For the Trustee I used the people I am testing with and the "Assigned Over" is the group I want to restrict. I tested with one of the people and they were still able to add users to this group. Here is was my Security Role looks like.

Adaxes Group Restriction.jpg

0

Hello,

Sorry for the confusion, the screenshot in the previous post was just an example. If you need to prohibit adding/removing members from the group, you need to add a deny permission for writing the Member property of the group. Finally, the Security Role will look like the following: image.png

Related questions

0 votes
1 answer

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (1.1k points)
0 votes
1 answer

Hi there, i know the multiple ways of copying the user groups - or all of them within the user creation wizard. I want to copy only a couple of groups ... is it possible to create an approval operation out of an powershellscript? Kind regards, Constantin

asked May 27, 2021 by Constey (190 points)
0 votes
1 answer

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (510 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (90 points)
0 votes
1 answer

Hello, I would like to use pre-defined security groups - Domain User - Authenticated User - Owner (Managed By) for the Access Control during the login. But I have no clue how to define this - all my attempts have failed :( Many thanks, Horst

asked Mar 23, 2018 by HorstR (460 points)
2,761 questions
2,494 answers
6,538 comments
1,482,583 users