Chat now with support
Chat with Support

Active Roles 7.2 - Access Templates Available out of the Box

Active Directory/Advanced: Printer Objects

Access Templates > Active Directory Data Management > Active Directory/Advanced: Printer Objects
Table 14: Active Directory/Advanced: Printer Objects

Access Template

Description

Printer Objects – Create

Create printer queue objects; no other permissions are included.

Printer Objects – Delete

Delete printer queue objects; no other permissions are included.

Printer Objects – List

List printer queue objects; no other permissions are included.

Printer Objects – Read/Write General Information

View and modify properties that constitute general information for printer queue objects:

  • Location
  • Model
  • Description
  • Color
  • Staple
  • Double-sided
  • Printing speed
  • Maximum resolution

Printer Objects – Read/Write Manager

View or modify what person is assigned to manage a given printer (Managed-By attribute); no other permissions are included.

Printer Objects – Rename

Rename printer queue objects; no other permissions are included.

Active Directory/Advanced: Shared Folders

Access Templates > Active Directory Data Management > Active Directory/Advanced: Shared Folders
Table 15: Active Directory/Advanced: Shared Folders

Access Template

Description

Shared Folders – Create

Create shared folder objects; no other permissions are included.

Shared Folders – Delete

Delete shared folder objects; no other permissions are included.

Shared Folders – List

List shared folder objects; no other permissions are included.

Shared Folders – Read/Write General Information

View and modify properties that constitute general information for shared folder objects:

  • Description
  • UNC name

No other permissions are included.

Shared Folders – Read/Write Manager

View and modify what person is assigned to manage a given shared resource (Managed-By attribute); no other permissions are included.

Shared Folders – Rename

Rename shared folder objects; no other permissions are included.

Active Directory/Advanced: Users

Access Templates > Active Directory Data Management > Active Directory/Advanced: Users
Table 16: Active Directory/Advanced: Users

Access Template

Description

Users - Assign/Remove Digital Certificates

Assign or remove digital (X.509) certificates from the user in Active Directory (read/write the userCertificate attribute of user objects); no other permissions are included.

Users - Change Password (Extended Right)

Change password on user object (User-Change-Password extended right); no other permissions are included.

Users - Copy

Create copies of existing user objects; no other permissions are included.

Users - Create

Create user objects; no other permissions are included.

Users - Delete

Delete user objects; no other permissions are included.

Users - Deprovision

Perform the deprovisioning operation on user objects; no other permissions are included.

Users - Undo Deprovision

Perform the undo deprovisioning operation on user objects; no other permissions are included.

Users - Undo Deprovision - Deny

Prohibit the undo deprovisioning operation on user objects; no other permissions are included.

Users - Enable/Disable Account

Enable or disable user objects; no other permissions are included.

Users - List

List user objects; no other permissions are included.

Users - Read Group Membership

View a list of groups to which a given user belongs; no other permissions are included.

Users - Read/Write Logon Information

View and modify properties that describe logon information for user objects (User-Logon property set); no other permissions are included.

Property set members: See “User-Logon Property Set” at http://msdn.microsoft.com/en-us/library/ms684415.aspx

Users - Read/Write Account Information

View or modify properties that describe account information for user objects (no other permissions are included):

  • User logon name
  • User logon name (pre-Windows 2000)
  • Logon Hours
  • Last Logon
  • Account is locked out
  • Account options
  • Account expires

Users - Read/Write Account Restrictions

View and modify properties that describe account restrictions for user objects (User-Account-Restrictions property set); no other permissions are included.

Property set members: See “User-Account-Restrictions Property Set” at http://msdn.microsoft.com/en-us/library/ms684412.aspx

Users - Read/Write Dial-In Properties

View and modify properties that describe dial-in related information for user objects (no other permissions are included):

  • Remote Access Permission (Dial-in or VPN)
  • Verify Caller-ID
  • Callback Options
  • Assign a Static IP Address
  • Apply Static Routes settings

Users - Read/Write General Information

View and modify properties that constitute general information for user objects (General-Information property set); no other permissions are included.

Property set members: See “General-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684366.aspx

Users - Read/Write Personal Information

View and modify properties that describe personal information for user objects (Personal-Information property set); no other permissions are included.

Property set members: See “Personal-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684394.aspx

Users - Read/Write Organizational Information

View and modify properties that describe organization related information for user objects (no other permissions are included):

  • Title
  • Department
  • Company
  • Manager
  • Direct reports
  • Office (General tab)

Users - Read/Write Phone and Mail Options

View and modify properties that describe email related information for user objects (Email-Information property set); no other permissions are included.

Property set members: See “Email-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684362.aspx

Users - Read/Write Profile Properties

View and modify properties that describe profile related information for user objects (no other permissions are included):

  • User profile
  • Home folder

Users - Read/Write Public Information

View and modify properties that describe public information for user objects (Public-Information property set); no other permissions are included.

Property set members: See “Public-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684396.aspx

Users - Read/Write Web Information

View and modify properties that describe Web-related information for user objects (Web-Information property set); no other permissions are included.

Property set members: See “Web-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684418.aspx

Users - Read/Write WTS Properties

View and modify properties that describe Terminal Services related information for user objects (no other permissions are included):

  • Terminal Services User Profile
  • Terminal Services Home Folder
  • Allow logon to terminal server
  • Starting program
  • Client devices
  • Terminal Service timeout and reconnection settings

Users - Rename

Rename user objects; no other permissions are included.

Users - Reset Password (Extended Right)

Reset password on user object (User-Reset-Password extended right); no other permissions are included.

Users - Run Check Policy (Extended Right)

Use the 'Check Policy' command; no other permissions are included.

Users - Unlock Account

Unlock user objects that get locked due to a number of failed logon attempts; no other permissions are included.

Users - Write Password

Set password on user object; no other permissions are included.

Users - View Change History (Extended Right)

Use the 'Change History' and 'User Activity' commands; no other permissions are included.

Users - View Delegated Rights (Extended Right)

Use the 'Delegated Rights' command; no other permissions are included.

Users - View Digital Certificates

View digital (X.509) certificates assigned to the user in Active Directory (read the userCertificate attribute of user objects); no other permissions are included.

Users - View Entitlement Profile (Extended Right)

Use the 'Entitlement Profile' command, to view resources to which a given user is entitled. No other permissions are included.

Azure

Table 17: Azure

Access Template

Description

Azure - Full Control

Give permission to perform the following tasks:

  • Read Write Azure Configuration Objects.
  • Read Write Azure User Attributes.
  • Read Write Azure Group Attributes.

Azure - Group Full Control

Give permission to perform the following tasks:

  • Add and enable new Azure group.
  • View existing Azure groups.
  • Update existing Azure Group Properties.

Azure - Read All Attributes

Give Permission to read all Azure Attributes.

Azure - Read All Group Attributes

List all groups and view all properties of the Azure groups.

Azure - Read all User Attributes

Give Permission to read all User Azure Attributes.

Azure - User Full Control

Create new Azure user accounts and perform all administrative operations on existing Azure user accounts.

Related Documents