• State Verified Answer
  • Replies 2 replies
  • Subscribers 62 subscribers
  • Views 1449 views
  • Users 0 members are here
Options
Related

Web Interface 7.3.3 Any User Can Modify an AD Object

david.jenkins-photomask.com
over 4 years ago

I deployed Active Roles web interface according to the instructions.  I have found that any user can modify objects depending on how you get in.  This does not happen in the MMC.  What is wrong with Web Interface?  Did I miss something in setting it up?  The instructions were not very revealing.

Parents
  • +1 over 4 years ago

    I think I found my answer.  The access wasn't setup right.

    Authorize users to view or change the groups they are responsible for. When applying this template, select the "Primary Owner (Managed By)" or "Secondary Owners" built-in account as the trustee.

    Note that applying only this template does not give group owners the right to view the lists of group members. The group owners should also be given Read access to the group member objects. This could be accomplished by applying the "All Objects - Read All Properties" template to a scope containing those objects, with the "Authenticated Users" built-in account selected as the trustee.

Reply
  • +1 over 4 years ago

    I think I found my answer.  The access wasn't setup right.

    Authorize users to view or change the groups they are responsible for. When applying this template, select the "Primary Owner (Managed By)" or "Secondary Owners" built-in account as the trustee.

    Note that applying only this template does not give group owners the right to view the lists of group members. The group owners should also be given Read access to the group member objects. This could be accomplished by applying the "All Objects - Read All Properties" template to a scope containing those objects, with the "Authenticated Users" built-in account selected as the trustee.

Children
No Data