Using Security Roles, you can grant users the right to modify specific properties of Active Directory objects. For example, you can allow users to modify only the Description property of group objects, the Employee ID property of user accounts and nothing else.
This tutorial includes step-by-step instructions on how to create a Security Role that will grant the permission to modify a single property of AD objects, and how to assign the role to users and groups.
Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Security Role.
Enter a name for the new Security Role and click Next.
On the Permissions step, click Add.
To add the permission to modify a property of Active Directory objects:
Select the type of Active Directory objects which you want to apply the permission to.
Type the name or a part of the name of the desired property in the filter edit box located in the Property-specific permissions section.
Check the Write <Property Name> permission in the Allow column.
On the Assignments step, click Add to assign the Security Role to users.
Select the users and groups whom you want to assign the permissions to.
Click Next.
Select the scope of objects which you want to assign the permissions on.
Select the following items:
All Objects - select to allow modifying the property on all objects in all domains managed by Adaxes.
Specific Domain - select to allow modifying the property on all objects within a specific domain.
OU or Container - select to allow modifying the property on the objects located in an Organizational Unit or container.
Group - select to allow modifying the property on members of a group.
Business Unit - select to allow modifying the property on members of a Business Unit.
To select a Business Unit, open the Look in drop-down list and select the Business Units item.
You can exclude specific objects, Organizational Units, members of groups and Business Units from the assignment scope. For example, if you've assigned the Security Role on all objects in a domain, but do not want to users to be able to update the objects located in a specific Organizational Unit, you can exclude the Organizational Unit from the scope. To exclude an object, select the Exclude option in the Assignment Options dialog box.
Click the object you want to exclude.
In the Assignment Options dialog, select the Exclude option.
When done, click Finish to complete the Assign Role wizard.
Click Finish to complete the Create Security Role wizard.