Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Active Roles 7.2 - Access Templates Available out of the Box

Table of Contents

Introduction Access Templates

Active Directory Service Management

Forest Configuration Operators Domain Configuration Operators Service Admin Managers Replication Management Admins Replication Monitoring Operators

Active Directory Data Management

Active Directory/Advanced: Computer Objects Active Directory/Advanced: Contacts Active Directory/Advanced: Domains Active Directory/Advanced: Group Policy Container Active Directory/Advanced: Groups Active Directory/Advanced: Objects Active Directory/Advanced: OUs Active Directory/Advanced: Printer Objects Active Directory/Advanced: Shared Folders Active Directory/Advanced: Users

Azure AD LDS (ADAM) Data Management Computer Resources

Computer Resources/Advanced

Configuration/Advanced

Exchange/Advanced

Lync Server User Self-management

Active Directory/Advanced: Group Policy Container

Access Templates > Active Directory Data Management > Active Directory/Advanced: Group Policy Container

Table 10: Active Directory/Advanced: Group Policy Container
Access Template	Description
Group Policy Container – Apply Group Policy	Extended right used by the Group Policy engine to determine if a GPO applies to a user/computer or not (Apply-Group-Policy extended right); no other permissions are included.

Active Directory/Advanced: Groups

Access Templates > Active Directory Data Management > Active Directory/Advanced: Groups

Table 11: Active Directory/Advanced: Groups
Access Template	Description
Groups – Add/Remove Self As Member	Permission to enable updating membership of a group in terms of adding/removing one’s own account (Self-Membership validated write); no other permissions are included.
Groups – Copy	Create copies of existing groups; no other permissions are included.
Groups – Create	Create groups; no other permissions are included.
Groups – Delete	Delete groups; no other permissions are included.
Groups - Deprovision	Perform the deprovisioning operation on 'groups' objects; no other permissions are included.
Groups – List	List groups; no other permissions are included.
Groups – Manage Membership Rules	View and modify criteria used by Active Roles for rules-based control of group membership lists; no other permissions are included.
Groups – Read Group Membership	View a list of groups to which a given group belongs; no other permissions are included.
Groups – Read/Write E-mail Address	View and modify the list of email addresses for a group; no other permissions are included.
Groups – Read/Write General Information	View and modify properties that constitute general information for groups: Group name (pre-Windows 2000) Description E-mail Group scope Group type Notes No other permissions are included.
Groups – Read/Write Group Members	Add or remove members from a group; no other permissions are included.
Groups – Read/Write Group Type and Scope	View and modify the type and scope settings for a group; no other permissions are included.
Groups – Read/Write Manager	View and modify what person is assigned to manage a given group (Managed-By attribute); no other permissions are included.
Groups – Read/Write Phone and Mail Options	View and modify properties that describe email related information for groups (Email-Information property set); no other permissions are included. Property set members: See “Email-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684362.aspx
Groups – Rename	Rename groups; no other permissions are included.
Groups - Undo Deprovision	Perform the undo deprovisioning operation on 'group' objects; no other permissions are included.
Groups - Undo Deprovision - Deny	Prohibit the undo deprovisioning operation on 'group' objects; no other permissions are included.

Active Directory/Advanced: Objects

Access Templates > Active Directory Data Management > Active Directory/Advanced: Objects

Table 12: Active Directory/Advanced: Objects
Access Template	Description
Objects - Deny Deletion	Deny deletion and sub-tree deletion of a given object; no other permissions are included.
Objects - Deny Deletion of Child Objects	Deny deletion of all child objects from a given container; no other permissions are included.

Active Directory/Advanced: OUs

Access Templates > Active Directory Data Management > Active Directory/Advanced: OUs

Table 13: Active Directory/Advanced: OUs
Access Template	Description
OUs – Create	Create Organizational Units; no other permissions are included.
OUs – Delegate Control and Enforce Active Roles Policy	Apply Active Roles Access Templates and Policy Objects to an Organizational Unit; no other permissions are included.
OUs – Delete	Delete Organizational Units; no other permissions are included.
OUs – Generate Resultant Set of Policy (Logging)	Generate Group Policy Results data for the users/computers within a given Organizational Unit; no other permissions are included.
OUs – Generate Resultant Set of Policy (Planning)	Generate Group Policy Modeling data for the users/computers within a given Organizational Unit; no other permissions are included.
OUs – List	List Organizational Units; no other permissions are included.
OUs – Read/Write General Information	View and modify properties that constitute general information for Organizational Units: Description Street City State/province Zip/Postal Code Country/region No other permissions are included.
OUs – Read/Write Manager	View and modify what person is assigned to manage a given Organizational Unit (Managed-By attribute); no other permissions are included.
OUs – Rename	Rename Organizational Units; no other permissions are included.

Related Documents

© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy