Active Roles provides the option to keep Active Directory native security updated with selected permission settings that are specified by using Access Templates. This option, referred to as permissions propagation, is intended to provision users and applications with native permissions to Active Directory. The normal operation of Active Roles does not rely upon this option.
You can set the permissions propagation option as follows:
As an example, you can use the following instructions to set the permissions propagation option on the permission settings that are defined by applying a certain Access Template to an Organizational Unit:
To synchronize permission settings on an Organizational Unit
In the Type column, the synchronized entries are marked with the icon. This icon changes to if synchronization of the entry is invalid or unfinished. For example, if you delete a synchronized entry from Active Directory, Active Roles detects the deletion and re-creates the entry. Until the entry is re-created, the Type column marks the entry with the icon.
From the Native Security tab, you can manage permission entries: right-click an entry, and click Edit Native Security. This displays the Permissions dialog box where you can add, remove and modify Active Directory permission entries for the securable object you selected.
When you add, remove, or modify permissions in an Access Template, permission settings automatically change on all objects to which the Access Template is applied (linked), including those that are affected by the Access Template because of inheritance.
Figure 19: Access Template - Manage permissions
To add a new permission, click Add and complete the Add Permission Entries wizard, as described in Add Permission Entries wizard earlier in this chapter.
To modify a permission, select it from the Access Template permission entries list, and click View/Edit. This displays the Modify Permission Entry dialog box, similar to the following figure.
Figure 20: Access Template - Modify permissions
You can use the tabs in that dialog box to modify the permission as needed. The tabs are similar to the pages in the Add Permission Entries wizard, discussed in Add Permission Entries wizard earlier in this chapter.
For detailed instructions on how to add a permission entry to an Access Template, see Steps for creating an Access Template earlier in this document.
NOTE: The Permissions tab lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template.
Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly.
Active Roles includes a suite of pre-defined Access Templates. The list of permission entries in a pre-defined Access Template cannot be modified. If you need to add, modify, or delete permission entries from a pre-defined Access Template, create a copy of that Access Template, and then make changes to the copy. Another option is to create an Access Template and nest the pre-defined Access Template into the newly created Access Template. For instructions, see Steps for creating an Access Template, Steps for copying an Access Template, and Steps for managing nested Access Templates.