Access Template |
Description |
Group Policy Container – Apply Group Policy |
Extended right used by the Group Policy engine to determine if a GPO applies to a user/computer or not (Apply-Group-Policy extended right); no other permissions are included. |
Access Template |
Description |
Groups – Add/Remove Self As Member |
Permission to enable updating membership of a group in terms of adding/removing one’s own account (Self-Membership validated write); no other permissions are included. |
Groups – Copy |
Create copies of existing groups; no other permissions are included. |
Groups – Create |
Create groups; no other permissions are included. |
Groups – Delete |
Delete groups; no other permissions are included. |
Groups - Deprovision |
Perform the deprovisioning operation on 'groups' objects; no other permissions are included. |
Groups – List |
List groups; no other permissions are included. |
Groups – Manage Membership Rules |
View and modify criteria used by Active Roles for rules-based control of group membership lists; no other permissions are included. |
Groups – Read Group Membership |
View a list of groups to which a given group belongs; no other permissions are included. |
Groups – Read/Write E-mail Address |
View and modify the list of email addresses for a group; no other permissions are included. |
Groups – Read/Write General Information |
View and modify properties that constitute general information for groups:
No other permissions are included. |
Groups – Read/Write Group Members |
Add or remove members from a group; no other permissions are included. |
Groups – Read/Write Group Type and Scope |
View and modify the type and scope settings for a group; no other permissions are included. |
Groups – Read/Write Manager |
View and modify what person is assigned to manage a given group (Managed-By attribute); no other permissions are included. |
Groups – Read/Write Phone and Mail Options |
View and modify properties that describe email related information for groups (Email-Information property set); no other permissions are included. Property set members: See “Email-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684362.aspx |
Groups – Rename |
Rename groups; no other permissions are included. |
Groups - Undo Deprovision |
Perform the undo deprovisioning operation on 'group' objects; no other permissions are included. |
Groups - Undo Deprovision - Deny |
Prohibit the undo deprovisioning operation on 'group' objects; no other permissions are included. |
Access Template |
Description |
Objects - Deny Deletion |
Deny deletion and sub-tree deletion of a given object; no other permissions are included. |
Objects - Deny Deletion of Child Objects |
Deny deletion of all child objects from a given container; no other permissions are included. |
Access Template |
Description |
OUs – Create |
Create Organizational Units; no other permissions are included. |
OUs – Delegate Control and Enforce Active Roles Policy |
Apply Active Roles Access Templates and Policy Objects to an Organizational Unit; no other permissions are included. |
OUs – Delete |
Delete Organizational Units; no other permissions are included. |
OUs – Generate Resultant Set of Policy (Logging) |
Generate Group Policy Results data for the users/computers within a given Organizational Unit; no other permissions are included. |
OUs – Generate Resultant Set of Policy (Planning) |
Generate Group Policy Modeling data for the users/computers within a given Organizational Unit; no other permissions are included. |
OUs – List |
List Organizational Units; no other permissions are included. |
OUs – Read/Write General Information |
View and modify properties that constitute general information for Organizational Units:
No other permissions are included. |
OUs – Read/Write Manager |
View and modify what person is assigned to manage a given Organizational Unit (Managed-By attribute); no other permissions are included. |
OUs – Rename |
Rename Organizational Units; no other permissions are included. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy