The Native Security tab in the advanced details pane lists the native Active Directory permission entries for the securable object (for example, an Organizational Unit) selected in the Console tree.
By analyzing information in the Type and Source columns on the Native Security tab, you can determine whether a given entry is synchronized from Active Roles.
In the Type column, the synchronized entries are marked with the icon. This icon changes to if synchronization of the entry is invalid or unfinished. For example, if you delete a synchronized entry from Active Directory, Active Roles detects the deletion and re-creates the entry. Until the entry is re-created, the Type column marks the entry with the icon.
For each synchronized entry, the Source column displays the name of the Access Template that defines the permissions synchronized to that entry.
From the Native Security tab, you can manage permission entries: right-click an entry, and click Edit Native Security. This displays the Permissions dialog where you can add, remove and modify Active Directory permission entries for the securable object you selected.
When you add, remove, or modify permissions in an Access Template, permission settings automatically change on all objects to which the Access Template is applied (linked), including those that are affected by the Access Template because of inheritance.
To add, remove, or modify permissions in an Access Template, open the Properties dialog for the Access Template, and go to the Permissions tab.
Figure 33: Access Template - Manage permissions
The Permissions tab lists permission entries defined in the Access Template. Each entry in the list includes the following information:
-
Type: Specifies whether the permission allows or denies access.
-
Permission: Name of the permission.
-
Apply To: Type of objects that are subject to the permission.
To add a new permission, click Add and complete the Add Permission Entries wizard, as described in Add Permission Entries wizard earlier in this chapter.
To delete permissions, select them from the Access Template permission entries list, and click Remove.
To modify a permission, select it from the Access Template permission entries list, and click View/Edit. This displays the Modify Permission Entry dialog box, similar to the following figure.
Figure 34: Access Template - Modify permissions
You can use the tabs in that dialog box to modify the permission as needed. The tabs are similar to the pages in the Add Permission Entries Wizard, discussed in Add Permission Entries wizard.
To add a permission entry to an Access Template
-
In the Console tree, under Configuration > Access Templates, locate and select the folder that contains the Access Template you want to modify.
-
In the details pane, right-click the Access Template, and click Properties.
-
On the Permissions tab, click Add, and then use the Add Permission Entries Wizard to configure a permission entry.
For detailed instructions on how to add a permission entry to an Access Template, see Steps for creating an Access Template.
NOTE: The Permissions tab lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template.
Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly.
Active Roles includes a suite of predefined Access Templates. The list of permission entries in a predefined Access Template cannot be modified. If you need to add, modify, or delete permission entries from a predefined Access Template, create a copy of that Access Template, and then make changes to the copy. Another option is to create an Access Template and nest the predefined Access Template into the newly created Access Template. For instructions, see Steps for creating an Access Template, Steps for copying an Access Template, and Steps for managing nested Access Templates.
To modify a permission entry in an Access Template
-
In the Console tree, under Configuration > Access Templates, locate and select the folder that contains the Access Template you want to modify.
-
In the details pane, right-click the Access Template, and click Properties.
-
On the Permissions tab, select the permission entry you want to modify, click View/Edit, and then use the tabs in the Modify Permission Entry dialog to make changes to the permission entry.
For detailed instructions on how to view or modify a permission entry in an Access Template, see Steps for creating an Access Template.
NOTE: Consider the following when modifying the permissions of an Access Template:
-
The Permissions tab in the Properties dialog lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template.
-
The options on the Permissions tab in the Modify Permission Entry dialog are read-only. If you need to choose a different option for the permission entry, delete the permission entry and then add a new permission entry with the option you need. For more information, see Steps for adding permissions to an Access Template.
-
Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly.
-
Active Roles includes a suite of predefined Access Templates. The permission entries in a predefined Access Template cannot be modified. If you need to modify a permission entry in a predefined Access Template, create a copy of that Access Template, and then make changes to the copy. For more information, see Steps for copying an Access Template.