Active Roles 7.5 - Access Templates Available out of the Box

Table 14: Active Directory/Advanced: Printer Objects
Access Template	Description
Printer Objects – Create	Create printer queue objects; no other permissions are included.
Printer Objects – Delete	Delete printer queue objects; no other permissions are included.
Printer Objects – List	List printer queue objects; no other permissions are included.
Printer Objects – Read/Write General Information	View and modify properties that constitute general information for printer queue objects: Location Model Description Color Staple Double-sided Printing speed Maximum resolution
Printer Objects – Read/Write Manager	View or modify what person is assigned to manage a given printer (Managed-By attribute); no other permissions are included.
Printer Objects – Rename	Rename printer queue objects; no other permissions are included.

Table 15: Active Directory/Advanced: Shared Folders
Access Template	Description
Shared Folders – Create	Create shared folder objects; no other permissions are included.
Shared Folders – Delete	Delete shared folder objects; no other permissions are included.
Shared Folders – List	List shared folder objects; no other permissions are included.
Shared Folders – Read/Write General Information	View and modify properties that constitute general information for shared folder objects: Description UNC name No other permissions are included.
Shared Folders – Read/Write Manager	View and modify what person is assigned to manage a given shared resource (Managed-By attribute); no other permissions are included.
Shared Folders – Rename	Rename shared folder objects; no other permissions are included.

Table 16: Active Directory/Advanced: Users
Access Template	Description
Users - Assign/Remove Digital Certificates	Assign or remove digital (X.509) certificates from the user in Active Directory (read/write the userCertificate attribute of user objects); no other permissions are included.
Users - Change Password (Extended Right)	Change password on user object (User-Change-Password extended right); no other permissions are included.
Users - Copy	Create copies of existing user objects; no other permissions are included.
Users - Create	Create user objects; no other permissions are included.
Users - Delete	Delete user objects; no other permissions are included.
Users - Deprovision	Perform the deprovisioning operation on user objects; no other permissions are included.
Users - Undo Deprovision	Perform the undo deprovisioning operation on user objects; no other permissions are included.
Users - Undo Deprovision - Deny	Prohibit the undo deprovisioning operation on user objects; no other permissions are included.
Users - Enable/Disable Account	Enable or disable user objects; no other permissions are included.
Users - List	List user objects; no other permissions are included.
Users - Read Group Membership	View a list of groups to which a given user belongs; no other permissions are included.
Users - Read/Write Logon Information	View and modify properties that describe logon information for user objects (User-Logon property set); no other permissions are included. Property set members: See “User-Logon Property Set” at http://msdn.microsoft.com/en-us/library/ms684415.aspx
Users - Read/Write Account Information	View or modify properties that describe account information for user objects (no other permissions are included): User logon name User logon name (pre-Windows 2000) Logon Hours Last Logon Account is locked out Account options Account expires
Users - Read/Write Account Restrictions	View and modify properties that describe account restrictions for user objects (User-Account-Restrictions property set); no other permissions are included. Property set members: See “User-Account-Restrictions Property Set” at http://msdn.microsoft.com/en-us/library/ms684412.aspx
Users - Read/Write Dial-In Properties	View and modify properties that describe dial-in related information for user objects (no other permissions are included): Remote Access Permission (Dial-in or VPN) Verify Caller-ID Callback Options Assign a Static IP Address Apply Static Routes settings
Users - Read/Write General Information	View and modify properties that constitute general information for user objects (General-Information property set); no other permissions are included. Property set members: See “General-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684366.aspx
Users - Read/Write Personal Information	View and modify properties that describe personal information for user objects (Personal-Information property set); no other permissions are included. Property set members: See “Personal-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684394.aspx
Users - Read/Write Organizational Information	View and modify properties that describe organization related information for user objects (no other permissions are included): Title Department Company Manager Direct reports Office (General tab)
Users - Read/Write Phone and Mail Options	View and modify properties that describe email related information for user objects (Email-Information property set); no other permissions are included. Property set members: See “Email-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684362.aspx
Users - Read/Write Profile Properties	View and modify properties that describe profile related information for user objects (no other permissions are included): User profile Home folder
Users - Read/Write Public Information	View and modify properties that describe public information for user objects (Public-Information property set); no other permissions are included. Property set members: See “Public-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684396.aspx
Users - Read/Write Web Information	View and modify properties that describe Web-related information for user objects (Web-Information property set); no other permissions are included. Property set members: See “Web-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684418.aspx
Users - Read/Write WTS Properties	View and modify properties that describe Terminal Services related information for user objects (no other permissions are included): Terminal Services User Profile Terminal Services Home Folder Allow logon to terminal server Starting program Client devices Terminal Service timeout and reconnection settings
Users - Rename	Rename user objects; no other permissions are included.
Users - Reset Password (Extended Right)	Reset password on user object (User-Reset-Password extended right); no other permissions are included.
Users - Run Check Policy (Extended Right)	Use the 'Check Policy' command; no other permissions are included.
Users - Unlock Account	Unlock user objects that get locked due to a number of failed logon attempts; no other permissions are included.
Users - Write Password	Set password on user object; no other permissions are included.
Users - View Change History (Extended Right)	Use the 'Change History' and 'User Activity' commands; no other permissions are included.
Users - View Delegated Rights (Extended Right)	Use the 'Delegated Rights' command; no other permissions are included.
Users - View Digital Certificates	View digital (X.509) certificates assigned to the user in Active Directory (read the userCertificate attribute of user objects); no other permissions are included.
Users - View Entitlement Profile (Extended Right)	Use the 'Entitlement Profile' command, to view resources to which a given user is entitled. No other permissions are included.

Table 17: Azure
Access Template	Description
Azure - Configuration Administrator	Gives permission to perform the following tasks: Read and write Azure Tenants. Read and write Azure Applications. Read Azure Health Check Reports. Read Azure License Reports. Read Azure Roles Reports.
Azure - Contact Full Control	Gives permission to perform the following tasks: Add and enable new Azure Contacts. View existing Azure Contacts. Update the properties of existing Azure Contacts.
Azure - Full Control	Gives permission to perform the following tasks: Read and write Azure Configuration objects. Read and write Azure User attributes. Read and write Azure Group attributes. Read and write Azure O365 Group objects.
Azure - Group Full Control	Gives permission to perform the following tasks: Add and enable new Azure Groups. View existing Azure Groups. Update the properties of existing Azure Groups.
Azure - Health Check, O365 Roles Report and License Report	Gives access to the Azure Health Check, O365 Roles and License Reports. NOTE: This Access Template must be applied on a Configuration container.
Azure - O365 Groups Full Control	Gives permission to perform the following tasks: Add and enable new Azure O365 Groups. View existing Azure O365 Group. Update the properties of existing Azure O365 Groups.
Azure - Read All Attributes	Gives permission to read all Azure attributes.
Azure - Read All Contact Attributes	Gives permission to read all Azure Contact Attributes.
Azure - Read All Group Attributes	Gives permission to list all Azure Groups and view all Azure Group properties.
Azure - Read All O365 Group Attributes	Gives permission to list all Azure O365 Groups and view all Azure O365 Group properties.
Azure - Read All User Attributes	Gives permission to read all Azure User and Guest User attributes.
Azure - User Full Control	Gives permission to perform the following tasks: Create new Azure User and Guest User accounts. Perform all administrative operations on existing Azure User and Guest User accounts.
Azure Cloud Contact- Create Objects	Gives permission to create Azure Cloud Contact accounts.
Azure Cloud Contact - Delete Objects	Gives permission to delete Azure Cloud Contact accounts.
Azure Cloud Contact - Full Control	Gives permission to create new Azure Cloud Contact accounts, and perform all administrative operations on existing Azure Cloud Contact accounts.
Azure Cloud Contact - Modify Objects	Gives permission to modify Azure Cloud Contact accounts.
Azure Cloud Contact - Read All Attributes	Gives permission to read all Azure Cloud Contact attributes.
Azure Cloud User - Create Objects	Gives permission to create Azure Cloud User accounts.
Azure Cloud User - Delete Objects	Gives permission to delete Azure Cloud User accounts.
Azure Cloud User - Full Control	Gives permission to create new Azure Cloud User accounts, and perform all administrative operations on existing Azure Cloud User accounts.
Azure Cloud User - Modify Objects	Gives permission to modify Azure Cloud User accounts.
Azure Cloud User - Read All Attributes	Gives permission to read all Azure Cloud User attributes.
Azure Create O365 Groups	Gives permission to create O365 Groups.
Azure Guest User - Create Objects	Gives permission to create Azure Guest User accounts.
Azure Guest User - Delete Objects	Gives permission to delete Azure Guest User accounts.
Azure Guest User - Full Control	Gives permission to create new Azure Guest User accounts, and perform all administrative operations on existing Azure Guest User accounts.
Azure Guest User - Modify Objects	Gives permission to modify Azure Guest User accounts.
Azure Guest User - Read All Attributes	Gives permission to read all Azure Guest User attributes.
Azure Health Check Report	Gives permission to access Azure Health Check Reports. NOTE: This Access Template must be applied on a Configuration container.
Azure License Report	Gives permission to access Azure License Reports. NOTE: This Access Template must be applied on a Configuration container.
Azure Modify O365 Group Members	Gives permission to modify O365 Groups.
Azure O365 Roles Report	Gives permission to access O365 Roles Reports. NOTE: This Access Template must be applied on a Configuration container.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Active Roles 7.5 - Access Templates Available out of the Box

Active Directory/Advanced: Printer Objects

Active Directory/Advanced: Shared Folders

Active Directory/Advanced: Users

Azure