Active Roles 8.2 - Built-in Access Templates Reference Guide

The Configuration > Access Templates > User Interfaces container contains Access Templates (ATs) to delegate access permissions to the Active Roles Console (also called the Active Roles MMC Interface).

User Interfaces – General ATs

User Interfaces > User Interfaces – General ATs

To delegate Active Roles Console access permissions to administrators in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Interfaces container of the Active Roles Console.

Table 21: User Interfaces– General Access Templates
Access Template	Description
User Interface Management-MMC Full control	Grants permission to login to the Active Roles Console.

User Self-management

The Configuration > Access Templates > User Self-management container contains Access Templates (ATs) to delegate self-management tasks to users (for example, allowing users to view or modify specific properties of their accounts on the Active Roles Web Interface).

User Self-management – General ATs

User Self-management > User Self-management – General ATs

To delegate self-management permissions for users in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Self-management container of the Active Roles Console.

Table 22: User Self-management – General Access Templates
Access Template	Description
Self - Account Management	Grants permission to users to view or modify their profile information on the Active Roles Web Interface. TIP: When configuring this AT, specify the Self built-in account as the trustee. For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide.
Self - Group Management	Grants permission to users to view or modify the groups they manage. TIP: When configuring this AT, specify one of these built-in accounts as the trustee: Primary Owner (Managed By) Secondary Owners For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide. NOTE: Applying only this AT to group owners does not grant them permission to view the list of group members. To do so, group owners must also have read access to the group member objects as well. To grant that permission, apply the Active Directory > All Objects - Read All Properties AT to a scope containing the group member objects, then set the Authenticated Users built-in account as the trustee.
Self - Group Membership Approval Setting	Grants permission to users to modify group membership approval settings, that is, whether group membership changes, such as joining or leaving a group, requires approval from the group owner.
Self - Group Membership Management	Grants permission to users to add or remove their own user account to or from groups. TIP: When configuring this AT, consider the following recommendations: Apply this AT to a scope containing the groups, with the appropriate user accounts set as trustees. One Identity recommends adding the affected user accounts to a specific group, then selecting that group as the trustee for the AT. To allow users to view the groups they are members of, assign them the Self - Account Management AT as well. Apply this AT to a scope containing the user accounts for which you want to grant the permission, and specify the built-in Self account as the trustee. For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide.

Seleziona il prodotto:

Per una maggiore efficacia, compilare l'Obiettivo della chat:

Soluzioni consigliate per il problema

Active Roles 8.2 - Built-in Access Templates Reference Guide

User Interfaces

User Interfaces – General ATs

User Self-management

User Self-management – General ATs