-
Title
How to: Access template to prevent Active Roles user modify Azure license -
Description
How to create an Access Template in Active Roles Server that prevents users from modifying the Azure license for a hybrid or cloud-only users? -
Resolution
- Launch the Active Roles Server MMC console
- Navigate to the following: Configuration | Access Templates
- Right-click on the Access Templates container and select New | Access Template
Provide a name for the access template such as, "Deny - Modify Azure License"
Click Add, select 'Only the following classes' and check off 'EDS-Azure-User', click Next.
Select 'Object property access', check off 'Deny permission', check off 'Write properties', click Next.
Select 'The following properties' and check off 'Show all possible properties', check off 'edsaAzureSubscribedSkus', click Finish.
Repeat the same steps for the class 'User'
it should be listed the permission as 'Deny, Write edsaAzureSubscribedSkus, User' and 'EDS-Azure-User', click Next.
Once the Access Template is created, it can be assigned to the appropriate scope and users/groups to deny access to the 'License from Azure Properties' for hybrid user accounts.
If the same is required for cloud-only users, assign it as well at the container Configuration from the Active Roles MMC.
