There is a requirement to grant access to an Active Roles Server user to Administer Managed Units from within either the Active Roles Web Interface or Active Roles MMC Console.
Some security delegation models do not grant the ability to Administer Managed Units by default.
Delegations are required in 3 locations in Active Roles Server for Managed Unit Administration
1.) Managed Unit - On the container that stores the Managed Units for Active Roles Server (required for Managed Units skip this step for group only delegations)
'Groups - Read All properties'
'AR Server Security - Managed Units Container'
2.) Group Location - Where the group resides that is part of the Managed Unit
'Groups - Add/Remove Members'
3.) User Location(s) - Where the user accounts reside that are members or potential members of the Managed Unit
'Users - Read all properties'
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center