Adaxes

Removing access to change specific groups

0 votes

We have a specific group in AD that we do not want people to be able to modify in Adaxes. Is there a way to restrict the ability to modify a specific group in Adaxes?

by (130 points)

1 Answer

0 votes
by (272k points)

Hello,

Yes, it is possible. You will need to create a Security Role denying the permissions to modify properties of the group. The role disallowing midification of all group properties will look like the following: image.png If you want to restrict modification of only specific group properties, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToModifySpecificProperties.htm. On step 3, select the Group object type and then select the Write <Property Name> permission in the Deny column. Finally, the role will look like the following: image.png

0

I setup a Security Role as suggested and it does not appear to be working. For the Trustee I used the people I am testing with and the "Assigned Over" is the group I want to restrict. I tested with one of the people and they were still able to add users to this group. Here is was my Security Role looks like.

Adaxes Group Restriction.jpg

by (130 points)
0

Hello,

Sorry for the confusion, the screenshot in the previous post was just an example. If you need to prohibit adding/removing members from the group, you need to add a deny permission for writing the Member property of the group. Finally, the Security Role will look like the following: image.png

by (272k points)

Related questions

0 votes
1 answer
Grant right to change membership of specific groups

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (1.1k points)
0 votes
1 answer
What specific permission is needed in a security role to grant access to enable a user account?

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
0 votes
1 answer
How can I change Self-Service page to display a specific Business Unit for a company directory by default?

We are replacing our Namescape rDirectory product with Adaxes because of the very flexible automation components. I've been able to replicate some of the pages previously ... vast majority of our users, that would function as the default company directory.

asked Aug 5, 2022 by MRBruce (110 points)
0 votes
1 answer
Copy only specific Groups of a user to another user - some with approval

Hi there, i know the multiple ways of copying the user groups - or all of them within the user creation wizard. I want to copy only a couple of groups ... is it possible to create an approval operation out of an powershellscript? Kind regards, Constantin

asked May 27, 2021 by Constey (190 points)
0 votes
1 answer
Get all groups with specific ExtensionAttribute1 using ADSI

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (510 points)
3,346 questions
3,047 answers
7,772 comments
544,967 users