Control what objects are displayed in Web interface

In Adaxes Web interface, users will never see directory objects they don't have the permissions to view. However, you might want to additionally restrict which objects are displayed in the Web interface. In this tutorial you will learn how to hide specific types of objects, how to hide objects that don't match your criteria, and how to allow users to view only objects located in a specific organizational unit or container.

Configure user permissions

By default, all users have the right to view all objects in all domains managed by Adaxes. To allow users to view only the objects they need, adjust their permissions. For details, see Hide directory objects from users.

Configure criteria for displaying objects

First of all, you can restrict which object types are displayed in the Web interface. For example, you may want to hide all computer and printer objects, and display only user accounts, contacts, and groups.

On top of that, you can specify detailed criteria for each visible object type. For example, you may want to hide disabled user accounts, accounts with names starting with an underscore, show only distribution groups that have the word Department in their names, etc.

 How to show only the objects that match certain criteria { #filtercriteria}
  • Open Adaxes Web interface configurator.

  • In the top left corner, select the Web interface you want to customize.

  • In the left navigation menu, click Browsing.

  • In the Filter options section, uncheck the types of objects you want to hide from the Web interface.

    To add a new object type to the list of object types displayed in the Web interface, click Add.

    For information on how to configure the Web interface to manage objects of a custom type, see Manage directory objects of a custom type.

  • To allow displaying only objects that match your criteria, select the Criteria checkbox next to an object type.

  • In the dialog that opens, configure the criteria for displaying objects of that type.

    Example 1 – Security and distribution groups

    Example 2 – Security and distribution groups that contain Department in their names

    To add a compound criteria item that combines several conditions together, click the arrow button next to Add, and then click Add compound.

    Example 3 – Enabled user accounts without an underscore at the beginning of their names

    Example 4 – Only users from a specific department

    You can configure the criteria so that it will be different depending on the logged in user. For this purpose, use value references (e.g. %department%, %company%. Value references will be replaced with corresponding property values of the logged in user's account.

    Example 5 – Only enabled users from the same department as the logged in user

    Example 6 – All direct and indirect subordinates of the logged in user

    If you need to use identical criteria for several object types, you can copy and paste it by pressing the arrow button next to Edit criteria.

     Screenshot

  • You can also specify common criteria for all object types. Only objects that match their type-specific criteria and common criteria will be displayed in the Web interface.

  • If you want an object type to be displayed as a container in the directory tree, enable the corresponding checkbox next to the Container column.

Change top level node

You can allow users to view only the objects located in a particular organizational unit or container. For example, you may want users to see only objects located in their own organizational unit and nothing else.

 How to change the top level node { #changetopnode}
  • Open Adaxes Web interface configurator.

  • In the top left corner, select the Web interface you want to customize.

  • In the left navigation menu, click Browsing.

  • In the Navigation section, specify an OU or domain in the Top level node field.

You can configure the top level node so that it will be different depending on the logged in user. For example, you may want it to be an OU that has the same name as the user's department, or the OU where the account of the user is located. For this purpose, instead of selecting a specific object, you need to use a template.

 How { #collapse1}
  • Click the button embedded into the Top level node field.

  • In the dialog that opens, click Template.

  • Specify a template for generating the distinguished name (DN) of the top level node. You can use value references in the template, e.g. %department%, %adm-ParentDN%, %adm-DomainDN%. The value references will be replaced with corresponding property values of the logged in user's account. To insert a value reference, click the button.

    For example, to limit users to view only their own organizational unit, use the %adm-ParentDN% value reference. It will be replaced with the DN of the organizational unit, where the account of the logged in user is located.

For more details on how to allow users to view only a part of the directory structure, see Limit access to the directory structure.