Chat now with support
Chat with Support

Safeguard Authentication Services 6.0 LTS - ARS IP Administration Guide

Delegating Rights to Manage Unix Objects

Use Access Templates to grant permissions to users and groups. When you add a user to an Access Template, you add all the attributes and permissions of that template to that user. When you apply Access Templates to a folder, you configure the permission settings to propagate from the folder to its child objects, down the directory structure.

You can implement a delegation scheme by applying Access Templates (ATs) included with the Integration Pack. For example, to delegate all UNIX-related management tasks on Windows user accounts, link the Users - Modify All UNIX Properties AT to a certain Organizational Unit and select the appropriate group as Trustee. As a result, any member of that group is authorized to perform the tasks on any user account held in that Organizational Unit.

To delegate rights to manage UNIX objects

  1. In the ActiveRoles Server Console, navigate to Active Directory.

  2. From the Action menu, choose Delegate Control.

  3. On the Access Template links page, click Add.

  4. When the Delegation of Control Wizard starts, click Next.

    The Delegation of Control Wizard helps you delegate control of directory objects. Give permission to manage users, groups, computers, organizational units, and other objects administered with ActiveRoles Server.

  5. On the Users or Groups page, click Add.

  6. On the Select Objects page, click the link to display the objects.

  7. Select objects you want to add, click Add, then OK.

  8. On the Users or Groups page, click Next.

  9. On the Access Templates page, expand Safeguard Authentication Services Integration v2.x, and select Group or User or both and click Next.

  10. On the Inheritance Options page, specify whether you want child objects to inherit the permission settings from the selected Access Templates and click Next.

  11. On the Permissions Propagation page, leave the Propagate permissions to Active Directory option clear and click Next.

  12. On the Complete page, click Finish.

  13. To return to the Console, on the Access Template links page, click OK.

Users or groups with delegated rights to manage UNIX objects can block, unblock, or change UNIX attributes on users and groups in either the ActiveRoles Server Console or the Web Interface.

NOTE: Each delegated user must have read access to the application configuration.

Locating Unix Objects

Managed Units allow you to locate the UNIX users and groups in your ActiveRoles Server managed environment.

To locate UNIX objects

  1. From the ActiveRoles Server Console, navigate to Configuration > Managed Units > Safeguard Authentication Services Integration v2.x.

  2. Right-click either UNIX-enabled Groups or UNIX-enabled Users and choose Find....

  3. You use standard ActiveRoles Server functionality to search for objects of different types. For details on using the Find Users, Contacts, and Group dialog, open the Help menu, choose Help Topics, and open the Finding Objects topic.

Using the Web Interface Extensions

Safeguard Authentication Services provides Microsoft Management Console (MMC) extensions that support the ActiveRoles Server Web Interface allowing you to:

  • Block, unblock, or clear the UNIX properties for a Windows user account.

  • View or modify UNIX-related properties of a Windows user account.

  • Enable or clear the UNIX group properties for a Windows group.

  • View or modify UNIX-related properties of a Windows group.

After you install the Integration Pack, you must publish the Web Interface extensions.

Configure New Web Sites for the Web Interface

Every time you create and configure a new website for the ActiveRoles Server Web Interface, you must run the ActiveRoles Integration Configuration Wizard.

To configure new websites for the Web Interface

  1. To start a wizard that will help you configure newly created websites for the ActiveRoles Server Web Interface, from the Start menu, navigate to All Programs > Quest Software > Authentication Service ActiveRoles Integration > ActiveRoles Integration Configuration Wizard

  2. When the configuration setup wizard completes, click Restart ActiveRoles Now.

  3. Click Close when the button becomes available, and wait for a minute while ActiveRoles Server loads the startup information.

NOTE: Once the service restarts, wait a few minutes before you open the ActiveRoles Server Console.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating