This section discusses scenarios to help you understand and use the role-based administration features available in Active Roles. The following scenarios are covered:
This section discusses scenarios to help you understand and use the role-based administration features available in Active Roles. The following scenarios are covered:
This scenario shows how to use an Access Template that allows a Help Desk service to perform day-to-day operations on user accounts, such as resetting passwords, viewing user properties, locking and unlocking user accounts.
The scenario also involves a group to hold Help Desk operators. The Access Template is applied so that the group is designated as a Trustee, thus giving the administrative rights to the Help desk operators. When both the Access Template and group are prepared, you can implement a Help Desk administration in your enterprise.
Suppose you need to authorize the Help Desk to manage user accounts in the Sales organizational unit. To implement this scenario, you should perform the following steps:
As a result of these steps, each member of the Help Desk group is authorized to perform management tasks on user accounts in the Sales organizational unit. The Help Desk Access Template determines the scope of the tasks.
The following sections elaborate on each of these steps.
For the purposes of this scenario, you can use the predefined Access Template Users – Help Desk, located in the folder Configuration/Access Templates/Active Directory. The Users – Help Desk Access Template specifies the necessary permissions to reset user passwords, unlock user accounts, and view properties of user accounts.
If you want to add or remove permissions from the Users – Help Desk Access Template, you need to first create a copy of that Access Template and then modify and apply the copy.
This scenario assumes that you apply the predefined Access Template Users – Help Desk.
To create a group, right-click an organizational unit in the console tree, select New | Group, and then follow the instructions in the New Object – Group wizard. The wizard includes the page where you can add members (Help Desk operators) to the group you are creating.
For step-by-step instructions on how to create groups, see “Steps for Creating a Group” in the Active Roles User Guide or Active Roles Help.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center