Chat now with support
Chat with Support

Active Roles 7.2 - Access Templates Available out of the Box

AD LDS (ADAM) Data Management

Access Templates > AD LDS (ADAM) Data Management

You can use Access Templates in this category to delegate management tasks on the content that is stored in Microsoft Active Directory Lightweight Directory Services (AD LDS) - an independent mode of Active Directory formerly known as Active Directory Application Mode (ADAM). The data management tasks include managing user accounts (users), groups, and container objects.

Table 18: AD LDS (ADAM) Data Management

Access Template

Description

All AD LDS Objects - Full Control

Perform any management task on any object in Active Directory Lightweight Directory Services.

All AD LDS Objects - Read All Properties

List all directory objects and view all properties of any object in Active Directory Lightweight Directory Services.

AD LDS Users - Full Control

Create new AD LDS user accounts; perform all management tasks on existing AD LDS user accounts.

AD LDS Users - Modify All Properties

List AD LDS user accounts; view and modify all properties of AD LDS user accounts.

AD LDS Users - Read All Properties

List AD LDS user accounts; view all properties of AD LDS user accounts.

AD LDS Groups - Add/Remove Members

List AD LDS groups; view and modify membership lists of AD LDS groups.

AD LDS Groups - Full Control

Create new AD LDS groups; perform all management tasks on existing AD LDS groups.

AD LDS Groups - Modify All Properties

List AD LDS groups; view and modify all properties of AD LDS groups.

AD LDS Groups - Read All Properties

List AD LDS groups; view all properties of AD LDS groups.

AD LDS Containers - Full Control

Create new AD LDS container objects; perform all administrative operations on existing AD LDS container objects.

AD LDS Containers - Modify All Properties

List AD LDS container objects; view and modify all properties of AD LDS container objects.

AD LDS Containers - Read All Properties

List AD LDS container objects; view all properties of AD LDS container objects.

AD LDS OUs - Full Control

Create new AD LDS organizational units; perform all management tasks on existing AD LDS organizational units.

AD LDS OUs - Modify All Properties

List AD LDS organizational units; view and modify all properties of AD LDS organizational units.

AD LDS OUs - Read All Properties

List AD LDS organizational units; view all properties of AD LDS organizational units.

Computer Resources

Access Templates > Computer Resources
Table 19: Computer Resources

Access Template

Description

Computer Management - Full Control

Perform all management tasks on any computer resource; list and select computers.

Computer Management - Local Account Operator

Create, modify, and delete local user accounts and groups on a computer; list and select computers.

Computer Management - Network Share Operator

Create, modify, and delete network shares on a computer; list and select computers.

Computer Management - Print Operator

View and modify properties of logical printers installed on a computer; list and select computers.

Computer Management - Read-Only Access

View properties of all computer resources; list and select computers.

Computer Management - Server Operator

Start/stop services, pause/resume/cancel printing, and create, modify and delete network shares on a computer; list and select computers; list local users and groups, view all properties of local user accounts and groups on a computer.

Computer Management - Service Operator

Perform all management tasks on services on a computer; list and select computers.

Computer Resources/Advanced

Access Templates > Computer Resources > Computer Resources/Advanced
Table 20: Computer Resources/Advanced

Access Template

Description

Local Groups - Add/Remove Members

Add or remove members from groups on a computer; no other permissions are included.

Local Groups - Create

Create groups on a computer; no other permissions are included.

Local Groups - Delete

Delete groups on a computer; no other permissions are included.

Local Groups - List

List groups stored locally on a computer; no other permissions are included.

Local Groups - Read/Write General Information

View and modify descriptions and membership lists of the groups stored locally on a computer; no other permissions are included.

Local Groups - Rename

Rename groups stored locally on a computer; no other permissions are included.

Local Users - Create

Create user accounts on a computer; no other permissions are included.

Local Users - Delete

Delete user accounts on a computer; no other permissions are included.

Local Users - List

List user accounts stored locally on a computer; no other permissions are included.

Local Users - Read Group Membership

View a list of groups to which the user account belongs; no other permissions are included.

Local Users - Read/Write Account Options

View and modify user account options such as the password options, 'Account is disabled' and 'Account is locked out'; no other permissions are included.

Local Users - Read/Write General Information

View and modify full names and descriptions of the user accounts stored locally on a computer; no other permissions are included.

Local Users - Read/Write Profile Properties

View and modify user profile and home folder settings for the user accounts stored locally on a computer; no other permissions are included.

Local Users - Rename

Rename user accounts stored locally on a computer; no other permissions are included.

Local Users - Write Password

Change passwords for the user accounts stored locally on a computer; no other permissions are included.

Printer Resources - Read/Write Advanced Information

View and modify information on the Ports and Advanced tabs in the Properties dialog box for logical printers; no other permissions are included.

Printer Resources - Read/Write General Information

View and modify Name, Location, and Comment for logical printers; no other permissions are included.

Printer Resources - Read/Write Sharing Information

View and modify the Not Shared and Shared As options for logical printers; no other permissions are included.

Services - List

List services defined on a computer; no other permissions are included.

Services - Read/Write General Information

View and modify Name, Display Name, Description, Path to Executable, and Startup Type for services; no other permissions are included.

Services - Read/Write Log On Information

View and modify the Log On As options for services; no other permissions are included.

Services - Read/Write Start type

View and modify Startup Type for services; no other permissions are included.

Services - Start /Stop/ Pause/ Resume

Start, stop, pause, and resume services; no other permissions are included.

Shares - Create

Create network shares on a computer; no other permissions are included.

Shares - List

List network shares defined on a computer; no other permissions are included.

Shares - Read/Write General Information

View and modify Share Name, Path, Comment, and User Limit for network shares; no other permissions are included.

Shares - Read/Write Permissions

View and modify share permissions on network shares; no other permissions are included.

Shares - Stop Sharing

Stop sharing folders on a computer; no other permissions are included.

Configuration

Access Templates > Configuration
Table 21: Configuration

Access Template

Description

Access Rules - Full Control

Use this Access Template to enable delegated administrators to create, view, modify and delete Access Rule objects. Apply this Access Template to containers that hold Access Rule objects.

Access Rules - Modify

Use this Access Template to enable delegated administrators to view and modify all properties of existing Access Rule objects. Apply this Access Template to individual Access Rule objects or containers that hold Access Rule objects.

Access Rules - View

Use this Access Template to enable delegated administrators to view all properties of existing Access Rule objects. Apply this Access Template to individual Access Rule objects or containers that hold Access Rule objects.

Automation Workflow - Full Control

Use this Access Template to give delegated administrators full control of automation workflow definitions, including the ability to view and modify workflow definitions, start automation workflow, and view run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects.

Automation Workflow - View

Use this Access Template to enable delegated administrators to view automation workflow definitions and run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects.

Automation Workflow - View and Run

Use this Access Template to enable delegated administrators to view automation workflow definitions, start automation workflow, and view run history. Apply this Access Template to automation workflow definition objects or containers that hold automation workflow definition objects.

Configuration - Add/Remove Managed Domains

Register domains with Active Roles; view/modify registration information for managed domains.

Configuration - Manage Access Templates

Create, modify, and delete Access Templates and Access Template containers; add/remove permissions from Access Templates; list Access Templates and Access Template containers.

Configuration - Manage Configuration

View or change any configuration settings of Active Roles, except for the settings specific to Active Roles replication.

Configuration - Manage Policy Objects

Create, modify, and delete Active Roles Policy Objects and Policy Object containers; configure Active Roles policies; list Policy Objects and Policy Object containers.

Configuration - Manage Script Modules

Create, modify, and delete Active Roles Script Modules and Script Module containers; list Script Modules and Script Module containers.

Configuration - View Configuration

View any configuration settings of Active Roles, including the settings specific to Active Roles replication.

Managed Object Statistics - View Report

Use this Access Template to allow read access to statistical reports of the number of objects managed by the product (product usage statistics).

Managed Object Statistics - Read Detailed Data

Use this Access Template to allow read access to detailed statistical information about the number of objects managed by the product.

Workflow - View Workflow Containers

Use this Access Template to enable delegated administrators to view containers that hold workflow definition objects. Apply this Access Template to the Policies/Workflow node in the console tree.

Related Documents