Chat now with support
Chat with Support

Active Roles 8.1.1 - Built-in Access Templates Reference Guide

User Interfaces

The Configuration > Access Templates > User Interfaces container contains Access Templates (ATs) to delegate access permissions to the Active Roles Console (also called the Active Roles MMC Interface).

User Interfaces – General ATs

To delegate Active Roles Console access permissions to administrators in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Interfaces container of the Active Roles Console.

Table 21: User Interfaces– General Access Templates

Access Template

Description

User Interface Management-MMC Full control

Grants permission to login to the Active Roles Console.

User Self-management

The Configuration > Access Templates > User Self-management container contains Access Templates (ATs) to delegate self-management tasks to users (for example, allowing users to view or modify specific properties of their accounts on the Active Roles Web Interface).

User Self-management – General ATs

To delegate self-management permissions for users in your organization, use the Access Templates (ATs) in the root of the Configuration > Access Templates > User Self-management container of the Active Roles Console.

Table 22: User Self-management – General Access Templates

Access Template

Description

Self - Account Management

Grants permission to users to view or modify their profile information on the Active Roles Web Interface.

TIP: When configuring this AT, specify the Self built-in account as the trustee.

For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide.

Self - Group Management

Grants permission to users to view or modify the groups they manage.

TIP: When configuring this AT, specify one of these built-in accounts as the trustee:

  • Primary Owner (Managed By)

  • Secondary Owners

For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide.

NOTE: Applying only this AT to group owners does not grant them permission to view the list of group members. To do so, group owners must also have read access to the group member objects as well.

To grant that permission, apply the Active Directory > All Objects - Read All Properties AT to a scope containing the group member objects, then set the Authenticated Users built-in account as the trustee.

Self - Group Membership Approval Setting

Grants permission to users to modify group membership approval settings, that is, whether group membership changes, such as joining or leaving a group, requires approval from the group owner.

Self - Group Membership Management

Grants permission to users to add or remove their own user account to or from groups.

TIP: When configuring this AT, consider the following recommendations:

  • Apply this AT to a scope containing the groups, with the appropriate user accounts set as trustees. One Identity recommends adding the affected user accounts to a specific group, then selecting that group as the trustee for the AT.

  • To allow users to view the groups they are members of, assign them the Self - Account Management AT as well. Apply this AT to a scope containing the user accounts for which you want to grant the permission, and specify the built-in Self account as the trustee.

For more information on applying ATs on resources, see Applying Access Templates on a securable object in the Active Roles Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating