0 votes

We have a specific group in AD that we do not want people to be able to modify in Adaxes. Is there a way to restrict the ability to modify a specific group in Adaxes?

by (130 points)

1 Answer

0 votes
by (226k points)

Hello,

Yes, it is possible. You will need to create a Security Role denying the permissions to modify properties of the group. The role disallowing midification of all group properties will look like the following: image.png If you want to restrict modification of only specific group properties, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToModifySpecificProperties.htm. On step 3, select the Group object type and then select the Write <Property Name> permission in the Deny column. Finally, the role will look like the following: image.png

0

I setup a Security Role as suggested and it does not appear to be working. For the Trustee I used the people I am testing with and the "Assigned Over" is the group I want to restrict. I tested with one of the people and they were still able to add users to this group. Here is was my Security Role looks like.

Adaxes Group Restriction.jpg

0

Hello,

Sorry for the confusion, the screenshot in the previous post was just an example. If you need to prohibit adding/removing members from the group, you need to add a deny permission for writing the Member property of the group. Finally, the Security Role will look like the following: image.png

Related questions

0 votes
1 answer

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (1.1k points)
0 votes
1 answer

Hi there, i know the multiple ways of copying the user groups - or all of them within the user creation wizard. I want to copy only a couple of groups ... is it possible to create an approval operation out of an powershellscript? Kind regards, Constantin

asked May 27, 2021 by Constey (190 points)
0 votes
1 answer

We are replacing our Namescape rDirectory product with Adaxes because of the very flexible automation components. I've been able to replicate some of the pages previously ... vast majority of our users, that would function as the default company directory.

asked 4 days ago by MRBruce (110 points)
0 votes
1 answer

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (510 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (90 points)
2,779 questions
2,512 answers
6,574 comments
25,886 users