0 votes

We have a specific group in AD that we do not want people to be able to modify in Adaxes. Is there a way to restrict the ability to modify a specific group in Adaxes?

by (880 points)

1 Answer

0 votes
by (182k points)

Hello,

Yes, it is possible. You will need to create a Security Role denying the permissions to modify properties of the group. The role disallowing midification of all group properties will look like the following: image.png If you want to restrict modification of only specific group properties, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToModifySpecificProperties.htm. On step 3, select the Group object type and then select the Write <Property Name> permission in the Deny column. Finally, the role will look like the following: image.png

0

I setup a Security Role as suggested and it does not appear to be working. For the Trustee I used the people I am testing with and the "Assigned Over" is the group I want to restrict. I tested with one of the people and they were still able to add users to this group. Here is was my Security Role looks like.

Adaxes Group Restriction.jpg

0

Hello,

Sorry for the confusion, the screenshot in the previous post was just an example. If you need to prohibit adding/removing members from the group, you need to add a deny permission for writing the Member property of the group. Finally, the Security Role will look like the following: image.png

Related questions

0 votes
1 answer

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (5.6k points)
0 votes
1 answer

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (2.7k points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (280 points)
0 votes
1 answer

Hello, I would like to use pre-defined security groups - Domain User - Authenticated User - Owner (Managed By) for the Access Control during the login. But I have no clue how to define this - all my attempts have failed :( Many thanks, Horst

asked Mar 23, 2018 by HorstR (2.5k points)
0 votes
1 answer

Hey there, Our users manage their distrubution group members via Outlook. Using native AD tools, our service desk technicians are accustomed to having a checkbox underneath the 'Managed ... via Outlook to the new object (Group or User). Thanks in advance! Kirk

asked May 24, 2012 by Kirk (650 points)
2,251 questions
2,011 answers
5,507 comments
25,637 users