Active Roles provides the option to keep Active Directory native security updated with selected permission settings that are specified by using Access Templates. This option, referred to as permissions propagation, is intended to provision users and applications with native permissions to Active Directory. The normal operation of Active Roles does not rely upon this option.
You can set the permissions propagation option as follows:
As an example, you can use the following instructions to set the permissions propagation option on the permission settings that are defined by applying a certain Access Template to an Organizational Unit:
To synchronize permission settings on an Organizational Unit
|
NOTE:
|
The Native Security tab in the advanced details pane lists the native Active Directory permission entries for the securable object (for example, an organizational unit) selected in the console tree.
By analyzing information in the Type and Source columns on the Native Security tab, you can determine whether a given entry is synchronized from Active Roles.
In the Type column, the synchronized entries are marked with the icon. This icon changes to
if synchronization of the entry is invalid or unfinished. For example, if you delete a synchronized entry from Active Directory, Active Roles detects the deletion and re-creates the entry. Until the entry is re-created, the Type column marks the entry with the
icon.
For each synchronized entry, the Source column displays the name of the Access Template that defines the permissions synchronized to that entry.
From the Native Security tab, you can manage permission entries: right-click an entry, and click Edit Native Security. This displays the Permissions dialog box where you can add, remove and modify Active Directory permission entries for the securable object you selected.
When you add, remove, or modify permissions in an Access Template, permission settings automatically change on all objects to which the Access Template is applied (linked), including those that are affected by the Access Template because of inheritance.
To add, remove, or modify permissions in an Access Template, open the Properties dialog box for the Access Template, and go to the Permissions tab.
Figure 19: Access Template - Manage permissions
The Permissions tab lists permission entries defined in the Access Template. Each entry in the list includes the following information:
To add a new permission, click Add and complete the Add Permission Entries wizard, as described in Add Permission Entries wizard earlier in this chapter.
To delete permissions, select them from the Access Template permission entries list, and click Remove.
To modify a permission, select it from the Access Template permission entries list, and click View/Edit. This displays the Modify Permission Entry dialog box, similar to the following figure.
Figure 20: Access Template - Modify permissions
You can use the tabs in that dialog box to modify the permission as needed. The tabs are similar to the pages in the Add Permission Entries wizard, discussed in Add Permission Entries wizard earlier in this chapter.
To add a permission entry to an Access Template
For detailed instructions on how to add a permission entry to an Access Template, see Steps for creating an Access Template earlier in this document.
|
NOTE: The Permissions tab lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template. Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly. Active Roles includes a suite of pre-defined Access Templates. The list of permission entries in a pre-defined Access Template cannot be modified. If you need to add, modify, or delete permission entries from a pre-defined Access Template, create a copy of that Access Template, and then make changes to the copy. Another option is to create an Access Template and nest the pre-defined Access Template into the newly created Access Template. For instructions, see Steps for creating an Access Template, Steps for copying an Access Template, and Steps for managing nested Access Templates. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy