This section discusses scenarios to help you understand and use the role-based administration features available in Active Roles. The following scenarios are covered:
This section discusses scenarios to help you understand and use the role-based administration features available in Active Roles. The following scenarios are covered:
This scenario shows how to use an Access Template that allows a helpdesk service to perform day-to-day operations on user accounts, such as resetting passwords, viewing user properties, locking and unlocking user accounts.
The scenario also involves a group to hold helpdesk operators. The Access Template is applied so that the group is designated as a Trustee, thus giving the administrative rights to the helpdesk operators. When both the Access Template and group are prepared, you can implement a helpdesk administration in your organization.
For example, if you need to authorize the helpdesk to manage user accounts in the Sales Organizational Unit, you must perform the following steps:
Prepare a Helpdesk Access Template that defines the help desk operator permissions on user accounts.
Create and populate a Helpdesk group to hold the helpdesk operators.
Apply the Helpdesk Access Template to the Sales Organizational Unit, selecting the Helpdesk group as a Trustee.
As a result of these steps, each member of the Helpdesk group is authorized to perform management tasks on user accounts in the Sales Organizational Unit. The Helpdesk Access Template determines the scope of the tasks.
The following sections elaborate on each of these steps.
For the purposes of this scenario, you can use the predefined Access Template Users – Help Desk, located in the Configuration > Access Templates > Active Directory container. The Users – Help Desk Access Template specifies the necessary permissions to reset user passwords, unlock user accounts, and view properties of user accounts.
If you want to add or remove permissions from the Users – Help Desk Access Template, you need to first create a copy of that Access Template, then modify and apply the copy.
This scenario assumes that you apply the predefined Access Template Users – Help Desk.
To create a group, right-click an Organizational Unit (OU) in the Console tree, select New > Group, and follow the instructions of the New Object - Group wizard. The wizard includes the page where you can add members (in this case, helpdesk operators) to the group you are creating.
For step-by-step instructions on how to create groups, see Creating a Group in the Active Roles User Guide.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center