Grant Rights to Execute Custom Commands
To execute Custom Commands, users must be granted appropriate permissions. The rights for Custom Command execution as well as any other rights in Adaxes are granted with the help of Security Roles. It enables you to granularly control who can perform which commands on which objects in Active Directory. For example, you can allow execution of a Custom Command only on members of a group, or objects located in a specific Organizational Unit. Rights can be granted for a particular Custom Command, all Custom Commands, or Custom Commands intended for Active Directory objects of a specific type.
In this tutorial, you will learn how to modify the permissions of an existing Security Role to:
- Allow execution of all Custom Commands on all types of Active Directory objects,
- Deny execution of all Custom Commands on Active Directory objects of a specific type,
- Deny execution of a particular Custom Command.
-
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.
-
In the Permissions section located to the right, click Add.
-
In the Add Permissions dialog, do the following:
To allow execution of all Custom Commands on all types of Active Directory objects:
- Select All object types.
-
In the General permissions list, check the Execute All Custom Commands permission in the Allow column.
To deny execution of all Custom Commands on computer objects:
- Select Computer in the list of object types on the left.
-
In the General permissions list, check the Execute All Custom Commands permission in the Deny column.
To deny execution of a specific Custom Command:
- In the list of object types on the left, select the type of objects the Custom Command is intended for.
-
In the General permissions list, check the Execute <Command Name> permission in the Deny column.
Click OK.
-
Click Save changes.
