Grant rights to execute custom commands

Users can execute custom commands only if they have the appropriate rights. A user can be granted the rights to execute a particular custom command, all custom commands, or custom commands intended for objects of a specific type (e.g. Group). Moreover, you can limit where such rights are applied. For example, you can allow executing a particular custom command only on members of the Helpdesk group, or deny the execution of all custom commands on computers located in the Servers organizational unit.

The rights to execute custom commands are granted with the help of security roles, just like any other rights in Adaxes. In this tutorial, you will learn how to modify an existing security role to:

  • Allow the execution of all custom commands on all types of directory objects.

  • Deny the execution of all custom commands on computer objects.

  • Deny the execution of a particular custom command.

Deny permissions always override the Allow permissions. For example, there can be two security roles assigned to a user, one of which allows executing a custom command and the other denies it. In this case, the execution of the custom command will be denied for the user.

  1. Launch Adaxes Administration console.

     How {id=collapse1}
    • On the computer where Adaxes Administration console is installed, open Windows Start menu.

    • Click Adaxes Administration Console.

  2. Expand Adaxes service \ Configuration \ Security Roles and select the security role you want to modify.

  3. In the Permissions section on the right, click Add.

  4. In the Add Permissions dialog, select the permissions you would like to grant.

    To allow execution of all custom commands on all types of directory objects

    • Select All object types.

    • In the General permissions list, select the Execute All Custom Commands permission in the Allow column.

    To deny execution of all custom commands on computer objects

    • In the list of object types on the left, select Computer.

    • In the General permissions section, select the Execute All Custom Commands permission in the Deny column.

    To deny execution of a specific custom command

    • In the list of object types on the left, select the type of objects the custom command is intended for.

    • In the General permissions section, select the Execute <command name> permission in the Deny column.

    Click OK.

  5. Click Save changes.

If a custom command is deleted, the permissions for its execution will be deleted from security roles automatically.