-
Title
How to delegate the permissions to Administer Groups and Managed Units -
Description
There is a requirement to grant access to an Active Roles Server user to Administer Managed Units from within either the Active Roles Web Interface or Active Roles MMC Console.
-
Cause
Some security delegation models do not grant the ability to Administer Managed Units by default.
-
Resolution
Delegations are required in 3 locations in Active Roles Server for Managed Unit Administration
1.) Managed Unit - On the container that stores the Managed Units for Active Roles Server (required for Managed Units skip this step for group only delegations)
'Groups - Read All properties'
'AR Server Security - Managed Units Container'2.) Group Location - Where the group resides that is part of the Managed Unit
'Groups - Add/Remove Members'3.) User Location(s) - Where the user accounts reside that are members or potential members of the Managed Unit
'Users - Read all properties'