What are the minimum permissions required to allow delegated administrators to link Access Templates? (84805)

You may wish to allow delegated administrators to create and link access templates without granting them ARS Administrators permission.

1. In ARS MMC Console, select View | Mode and then select Raw Mode
2. Create a new Access Templates and add the following permissions to it:
   
   All Classes – Write Control


3. Create a new Access Templates and add the following permissions to it:
   
   All Classes – Read Control


4. Select the Access Templates container and grant the following permissions to the delegated administrators:
   
   All objects - read all properties.
   NOTE: This will allow your delegated admins vew all the Access Templates.
   If you want to limit the number of Access Templates visible to delegated administrators, apply the Special - Block Permission Inheritance Access Template to each Access Template container you want to hide.


5. Select the target domain and grant the following permissions to the delegated administrators:
   
   All objects - read all properties


6. For each OU where the delegated administrators will apply access templates, delegate the following permission using Access Template created in Step 2:
   
   All Classes – Write Control


7. For each OU where the delegated administrators need to view the applied Access Templates, grant the following permission using Access Template created in Step 3:
   
   All Classes – Read Control