• State Not Answered
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 503 views
  • Users 0 members are here
Options
Related

Managing a managed unit

lee kirkwood
over 1 year ago

As the website is a bit clunky for managing and everyone is used to using ADUC for managing AD we are looking to give access to our helpdesk to the AR console. I have the AD permissions set and they can only do X amount. which is working well.

One of the good things about the website is they can set up personalised views and see desired attributes on one screen. To save them jumping back and forth from console to website, I was thinking about allocating each of them a managed unit that they could set up tweak as desired. I have the permission that allows them to see Managed Units and they can view the rules behind them but I can't find the permissions to allow them to edit it. Any ideas? 

thanks

Parents
  • 0 over 1 year ago

    I would caution you against allowing users to manage the membership rules for Managed Units.  I actually don't think you even can delegate this because I know you cannot delegate the management of Dynamic Groups' properties - i.e. you have to be an AR Admin and you absolutely don't want to hand that out like candy.

    Managed Units and dynamic groups are very expensive for the admin service to process.  The last thing you want to do is to have a user create a membership rule that bogs down your admin service.

    Your engineering time would be far better invested in adjusting the web ui to better suit the work habits of your users including moving attributes among properties tabs, creating new properties tabs and adding custom right pane commands (with accompanying properties pages / wizards and even supporting AR workflows) for frequently performed operations that are unique to your organization.  The opportunities for streamlining tasks in the web ui are huge when you really sit back and analyze what tasks you need your users to accomplish.

Reply
  • 0 over 1 year ago

    I would caution you against allowing users to manage the membership rules for Managed Units.  I actually don't think you even can delegate this because I know you cannot delegate the management of Dynamic Groups' properties - i.e. you have to be an AR Admin and you absolutely don't want to hand that out like candy.

    Managed Units and dynamic groups are very expensive for the admin service to process.  The last thing you want to do is to have a user create a membership rule that bogs down your admin service.

    Your engineering time would be far better invested in adjusting the web ui to better suit the work habits of your users including moving attributes among properties tabs, creating new properties tabs and adding custom right pane commands (with accompanying properties pages / wizards and even supporting AR workflows) for frequently performed operations that are unique to your organization.  The opportunities for streamlining tasks in the web ui are huge when you really sit back and analyze what tasks you need your users to accomplish.

Children
No Data