The Configuration > Access Templates > User Interfaces container contains Access Templates (ATs) to delegate access permissions to the Active Roles Console (also called the Active Roles MMC Interface).
The Configuration > Access Templates > User Interfaces container contains Access Templates (ATs) to delegate access permissions to the Active Roles Console (also called the Active Roles MMC Interface).
To delegate Active Roles Console access permissions to administrators in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Interfaces container of the Active Roles Console.
Access Template |
Description |
User Interface Management-MMC Full control |
Grants permission to login to the Active Roles Console. |
The Configuration > Access Templates > User Self-management container contains Access Templates (ATs) to delegate self-management tasks to users (for example, allowing users to view or modify specific properties of their accounts on the Active Roles Web Interface).
To delegate self-management permissions for users in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Self-management container of the Active Roles Console.
Access Template |
Description |
Self - Account Management |
Grants permission to users to view or modify their profile information on the Active Roles Web Interface. TIP: When configuring this AT, specify the Self built-in account as the trustee. For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide. |
Self - Group Management |
Grants permission to users to view or modify the groups they manage. TIP: When configuring this AT, specify one of these built-in accounts as the trustee:
For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide. NOTE: Applying only this AT to group owners does not grant them permission to view the list of group members. To do so, group owners must also have read access to the group member objects as well. To grant that permission, apply the Active Directory > All Objects - Read All Properties AT to a scope containing the group member objects, then set the Authenticated Users built-in account as the trustee. |
Self - Group Membership Approval Setting |
Grants permission to users to modify group membership approval settings, that is, whether group membership changes, such as joining or leaving a group, requires approval from the group owner. |
Self - Group Membership Management |
Grants permission to users to add or remove their own user account to or from groups. TIP: When configuring this AT, consider the following recommendations:
For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center