Explanation of ActiveRoles Server Self Service Manager Access Templates.
It can be confusing to configure the ActiveRoles Server Self Service Manager (ARS SSM) if you haven't had time yet to read the documentation.
Simply put, thare are four access templates that can be used for the ARS SSM pieces:
* Self-Service - My Account Management
Authorize users to view or change their own account information by using ARS SSM. When applying this access template, select the 'Self' built-in account as the trustee
* Self-Service - My Groups Management
Authorize group owners to view or change their groups by using ARS SSM. When applying this template, select the 'Primary Group Owner' (Managed by) or "Secondary Owners" built-in account as the trustee). Note: You still need to apply the rights to view and list groups. It is much easier to delegate 'All objects read all properties' to those group owners.
* Self-Service - My Memberships Management Properties
Authorizes users to add or remove their own accounts from groups by using ARS SSM. Apply this template to a scope containing the groups, with the rights assigned to the accounts of the self-service users. It is advisable to add the accounts to a certain group, and then select the group as the trustee when applying the template. In addition to this template, the 'Self-Service - My Account Management' template should be applied in order to allow the self-service users to view the groups in which they have memberships (the 'Member of' list). The template should be applied to a scope containing the user accounts, which the rights assigned to the 'Self' built-in account (select 'SELF' as the trustee when applying the template).
* Self-Service - Publish Groups Properties
Authorize group owners to view and publish their groups by using ActiveRoles Self-Service Manager. When applying this template, select the Primary Owner (Managed by) or Secondary Owners built-in account as the trustee.
For extremely simple demonstration purposes, you can assign the 'Self-Service - My Account Management' access template to the domains built-in SELF account and link to the domain level. This will allow your users the ability to modify their own telephone information on the ARS Self Service web site.