To apply an Access Template

  1. In the console tree, under Configuration | Access Templates, locate and select the folder that contains the Access Template you want to apply.
  2. In the details pane, right-click the Access Template, and click Links.
  3. In the Links dialog box, click Add to start the Delegation of Control wizard.
  4. On the Welcome page of the wizard, click Next.
  5. On the Objects page, add or remove the objects on which you want to specify permission settings by using the Access Template:
    • To add objects, click Add, and then use the Select Objects dialog box to locate and select the objects.
    • To remove objects, select them from the list on the Objects page, and click Remove.
  6. Click Next.
  7. On the Users or Groups page, add or remove the users or groups (Trustees) to whom you want to assign the permissions defined by the Access Template on the objects that you have included on the Objects page:
    • To add users or groups, click Add, and then use the Select Objects dialog box to locate and select the users or groups.
    • To remove users or groups, select them from the list on the Users or Groups page, and click Remove.
  8. Click Next.
  9. On the Inheritance Options page, select or clear these check boxes as needed:
    • This directory object  Specify permission settings on the objects you have included on the Objects page.
    • Child objects of this directory object  Specify permission settings on all the child objects (or members, as applied to a Managed Unit) in the entire hierarchy under each of the objects you have included on the Objects page.
    • Immediate child objects only  Specify permission settings on only the child objects (or members, as applied to a Managed Unit) of which the objects that you have included on the Objects page are the direct ancestors.
  10. Click Next.
  11. On the Permissions Propagation page, if you want the Access Template-based permission settings to be synchronized to the native Active Directory access controls, select Propagate permissions to Active Directory. Doing so causes the authorization information on the objects to be modified in Active Directory based on the permission settings defined within Active Roles.
  12. Click Next.
  13. Click Finish.

To specify permission settings on an object by using an Access Template

  1. Open the Active Roles Security dialog box for the object:
    • Right-click the object, and click Delegate Control.

    OR

    • Right-click the object, and click Properties. Then, on the Administration tab in the Properties dialog box, click Security.
  2. In the Active Roles Security dialog box, click Add to start the Delegation of Control wizard.
  3. On the Welcome page of the wizard, click Next.
  4. On the Users or Groups page, add or remove the users or groups (Trustees) to whom you want to assign permissions on the object:
    • To add users or groups, click Add, and then use the Select Objects dialog box to locate and select the users or groups.
    • To remove users or groups, select them from the list on the Users or Groups page, and click Remove.
  5. Click Next.
  6. On the Access Templates page, select the Access Template to apply.

    You can select multiple Access Templates to apply.

  1. Click Next.
  2. On the Inheritance Options page, select or clear these check boxes as needed:
    • This directory object  Specify permission settings on the object itself.
    • Child objects of this directory object  Specify permission settings on all the child objects (or members, as applied to a Managed Unit) in the entire hierarchy under the object.
    • Immediate child objects only  Specify permission settings on only the child objects (or members, as applied to a Managed Unit) of which the object is the direct ancestor.
  3. Click Next.
  4. On the Permissions Propagation page, if you want the Access Template-based permission settings to be synchronized to the native Active Directory access controls, select Propagate permissions to Active Directory. Doing so causes the authorization information on the object to be modified in Active Directory based on the permission settings defined within Active Roles.
  5. Click Next.
  6. Click Finish.

To specify permissions for a user or group by using an Access Template

  1. Right-click the user or group, and click Delegated Rights.
  2. In the Delegated Rights dialog box, click Add to start the Delegation of Control wizard.
  3. On the Welcome page of the wizard, click Next.
  4. On the Objects page, add or remove the objects on which you want to specify permissions for the user or group:
    • To add objects, click Add, and then use the Select Objects dialog box to locate and select the objects.
    • To remove objects, select them from the list on the Objects page, and click Remove.
  5. Click Next.
  6. On the Access Templates page, select the Access Template to apply.
  7. You can select multiple Access Templates to apply.
  8. Click Next.
  9. On the Inheritance Options page, select or clear these check boxes as needed:
    • This directory object  Specify permissions on the objects you have included on the Objects page.
    • Child objects of this directory object  Specify permissions on all the child objects (or members, as applied to a Managed Unit) in the entire hierarchy under each of the objects you have included on the Objects page.
    • Immediate child objects only  Specify permissions on only the child objects (or members, as applied to a Managed Unit) of which the objects that you have included on the Objects page are the direct ancestors.
  10. Click Next.
  11. On the Permissions Propagation page, if you want the Access Template-based permission settings to be synchronized to the native Active Directory access controls, select Propagate permissions to Active Directory. Doing so causes the authorization information on the objects to be modified in Active Directory based on the permission settings defined within Active Roles.
  12. Click Next.
  13. Click Finish.

NOTE:

  • Active Roles allows Access Templates to be applied to any objects, including Managed Units, directory folders (containers), and individual (leaf) objects.
  • When applying an Access Template to an object, you designate a Trustee (user or group) and assign permissions to the Trustee for that object. As a result, the Trustee gains access to the object to the extent of the permissions defined by the Access Template.
  • To apply an Access Template, you use the Delegation of Control wizard. You can start the wizard as described in this topic. In addition, you can start the wizard from the Links or Active Roles Security tab in the advanced details pane: Right-click a blank area on the tab, and click Add. To display the advanced details pane, check Advanced Details Pane on the View menu (see Advanced pane earlier in this document).