Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Unable to remove the "Add" button from the MemberOf tab of a User or Group
Description
Even with a Deny-write permission applied to the MemberOf attribute of a User or Group object, an initiator can still click on the Add button on the MemberOf tab and browse for a Group (with the appropriate view permissions). Instead, an error is encountered when attempting to add the Group.
Cause
It is not possible to remove or grey-out the Add button on the MemberOf tab due to Active Directory design.
Resolution
The Members attribute is a true attribute, containing DN's of Users or Groups. MemberOf is a computed attribute, back-synced from Members. This means that in order to remove the Add button from MemberOf, Active Roles would have to query write permissions on the Members attribute for every Group in the Domain, every time the MemberOf tab is displayed. This operation would be too slow and too expensive to implement.
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to One Identity Support
You can find online support help for*product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The One Identity Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.