You can use Access Templates in this category to delegate management tasks on the content that is stored in Microsoft Active Directory Lightweight Directory Services (AD LDS) - an independent mode of Active Directory formerly known as Active Directory Application Mode (ADAM). The data management tasks include managing user accounts (users), groups, and container objects.
Access Template |
Description |
All AD LDS Objects - Full Control |
Perform any management task on any object in Active Directory Lightweight Directory Services. |
All AD LDS Objects - Read All Properties |
List all directory objects and view all properties of any object in Active Directory Lightweight Directory Services. |
AD LDS Users - Full Control |
Create new AD LDS user accounts; perform all management tasks on existing AD LDS user accounts. |
AD LDS Users - Modify All Properties |
List AD LDS user accounts; view and modify all properties of AD LDS user accounts. |
AD LDS Users - Read All Properties |
List AD LDS user accounts; view all properties of AD LDS user accounts. |
AD LDS Groups - Add/Remove Members |
List AD LDS groups; view and modify membership lists of AD LDS groups. |
AD LDS Groups - Full Control |
Create new AD LDS groups; perform all management tasks on existing AD LDS groups. |
AD LDS Groups - Modify All Properties |
List AD LDS groups; view and modify all properties of AD LDS groups. |
AD LDS Groups - Read All Properties |
List AD LDS groups; view all properties of AD LDS groups. |
AD LDS Containers - Full Control |
Create new AD LDS container objects; perform all administrative operations on existing AD LDS container objects. |
AD LDS Containers - Modify All Properties |
List AD LDS container objects; view and modify all properties of AD LDS container objects. |
AD LDS Containers - Read All Properties |
List AD LDS container objects; view all properties of AD LDS container objects. |
AD LDS OUs - Full Control |
Create new AD LDS organizational units; perform all management tasks on existing AD LDS organizational units. |
AD LDS OUs - Modify All Properties |
List AD LDS organizational units; view and modify all properties of AD LDS organizational units. |
AD LDS OUs - Read All Properties |
List AD LDS organizational units; view all properties of AD LDS organizational units. |
Access Template |
Description |
Computer Management - Full Control |
Perform all management tasks on any computer resource; list and select computers. |
Computer Management - Local Account Operator |
Create, modify, and delete local user accounts and groups on a computer; list and select computers. |
Computer Management - Network Share Operator |
Create, modify, and delete network shares on a computer; list and select computers. |
Computer Management - Print Operator |
View and modify properties of logical printers installed on a computer; list and select computers. |
Computer Management - Read-Only Access |
View properties of all computer resources; list and select computers. |
Computer Management - Server Operator |
Start/stop services, pause/resume/cancel printing, and create, modify and delete network shares on a computer; list and select computers; list local users and groups, view all properties of local user accounts and groups on a computer. |
Computer Management - Service Operator |
Perform all management tasks on services on a computer; list and select computers. |
Access Template |
Description |
Local Groups - Add/Remove Members |
Add or remove members from groups on a computer; no other permissions are included. |
Local Groups - Create |
Create groups on a computer; no other permissions are included. |
Local Groups - Delete |
Delete groups on a computer; no other permissions are included. |
Local Groups - List |
List groups stored locally on a computer; no other permissions are included. |
Local Groups - Read/Write General Information |
View and modify descriptions and membership lists of the groups stored locally on a computer; no other permissions are included. |
Local Groups - Rename |
Rename groups stored locally on a computer; no other permissions are included. |
Local Users - Create |
Create user accounts on a computer; no other permissions are included. |
Local Users - Delete |
Delete user accounts on a computer; no other permissions are included. |
Local Users - List |
List user accounts stored locally on a computer; no other permissions are included. |
Local Users - Read Group Membership |
View a list of groups to which the user account belongs; no other permissions are included. |
Local Users - Read/Write Account Options |
View and modify user account options such as the password options, 'Account is disabled' and 'Account is locked out'; no other permissions are included. |
Local Users - Read/Write General Information |
View and modify full names and descriptions of the user accounts stored locally on a computer; no other permissions are included. |
Local Users - Read/Write Profile Properties |
View and modify user profile and home folder settings for the user accounts stored locally on a computer; no other permissions are included. |
Local Users - Rename |
Rename user accounts stored locally on a computer; no other permissions are included. |
Local Users - Write Password |
Change passwords for the user accounts stored locally on a computer; no other permissions are included. |
Printer Resources - Read/Write Advanced Information |
View and modify information on the Ports and Advanced tabs in the Properties dialog box for logical printers; no other permissions are included. |
Printer Resources - Read/Write General Information |
View and modify Name, Location, and Comment for logical printers; no other permissions are included. |
Printer Resources - Read/Write Sharing Information |
View and modify the Not Shared and Shared As options for logical printers; no other permissions are included. |
Services - List |
List services defined on a computer; no other permissions are included. |
Services - Read/Write General Information |
View and modify Name, Display Name, Description, Path to Executable, and Startup Type for services; no other permissions are included. |
Services - Read/Write Log On Information |
View and modify the Log On As options for services; no other permissions are included. |
Services - Read/Write Start type |
View and modify Startup Type for services; no other permissions are included. |
Services - Start /Stop/ Pause/ Resume |
Start, stop, pause, and resume services; no other permissions are included. |
Shares - Create |
Create network shares on a computer; no other permissions are included. |
Shares - List |
List network shares defined on a computer; no other permissions are included. |
Shares - Read/Write General Information |
View and modify Share Name, Path, Comment, and User Limit for network shares; no other permissions are included. |
Shares - Read/Write Permissions |
View and modify share permissions on network shares; no other permissions are included. |
Shares - Stop Sharing |
Stop sharing folders on a computer; no other permissions are included. |
Access Template |
Description |
Access Rules - Full Control |
Use this Access Template to enable delegated administrators to create, view, modify and delete Access Rule objects. Apply this Access Template to containers that hold Access Rule objects. |
Access Rules - Modify |
Use this Access Template to enable delegated administrators to view and modify all properties of existing Access Rule objects. Apply this Access Template to individual Access Rule objects or containers that hold Access Rule objects. |
Access Rules - View |
Use this Access Template to enable delegated administrators to view all properties of existing Access Rule objects. Apply this Access Template to individual Access Rule objects or containers that hold Access Rule objects. |
Automation Workflow - Full Control |
Use this Access Template to give delegated administrators full control of automation workflow definitions, including the ability to view and modify workflow definitions, start automation workflow, and view run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects. |
Automation Workflow - View |
Use this Access Template to enable delegated administrators to view automation workflow definitions and run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects. |
Automation Workflow - View and Run |
Use this Access Template to enable delegated administrators to view automation workflow definitions, start automation workflow, and view run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects. |
Configuration - Add/Remove Managed Domains |
Register domains with Active Roles; view/modify registration information for managed domains. |
Configuration - Manage Access Templates |
Create, modify, and delete Access Templates and Access Template containers; add/remove permissions from Access Templates; list Access Templates and Access Template containers. |
Configuration - Manage Configuration |
View or change any configuration settings of Active Roles, except for the settings specific to Active Roles replication. |
Configuration - Manage Policy Objects |
Create, modify, and delete Active Roles Policy Objects and Policy Object containers; configure Active Roles policies; list Policy Objects and Policy Object containers. |
Configuration - Manage Script Modules |
Create, modify, and delete Active Roles Script Modules and Script Module containers; list Script Modules and Script Module containers. |
Configuration - View Configuration |
View any configuration settings of Active Roles, including the settings specific to Active Roles replication. |
Managed Object Statistics - View Report |
Use this Access Template to allow read access to statistical reports of the number of objects managed by the product (product usage statistics). |
Managed Object Statistics - Read Detailed Data |
Use this Access Template to allow read access to detailed statistical information about the number of objects managed by the product. |
Workflow - View Workflow Containers |
Use this Access Template to enable delegated administrators to view containers that hold workflow definition objects. Apply this Access Template to the Policies/Workflow node in the console tree. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy