立即与支持人员聊天
与支持团队交流

Active Roles 8.2 - Feature Guide

Introduction About Active Roles
Main Active Roles features Technical overview of Active Roles
About presentation components Overview of service components About network data sources About security and administration elements About Active Directory security management Customization using ADSI Provider and script policies About dynamic groups About workflows Operation in multi-forest environments
Examples of use
Administrative rules and roles
About Managed Units About Access Templates About Access Rules About rule-based autoprovisioning and deprovisioning
Configuring and administering Active Roles Overview of Active Roles Synchronization Service Support for AWS Managed Microsoft AD FIPS compliance LSA protection support STIG compliance

Examples of using Access Templates

This section discusses scenarios to help you understand and use the role-based administration features available in Active Roles. The following scenarios are covered:

Example 1: Implementing a helpdesk

This scenario shows how to use an Access Template that allows a helpdesk service to perform day-to-day operations on user accounts, such as resetting passwords, viewing user properties, locking and unlocking user accounts.

The scenario also involves a group to hold helpdesk operators. The Access Template is applied so that the group is designated as a Trustee, thus giving the administrative rights to the helpdesk operators. When both the Access Template and group are prepared, you can implement a helpdesk administration in your organization.

For example, if you need to authorize the helpdesk to manage user accounts in the Sales Organizational Unit, you must perform the following steps:

  1. Prepare a Helpdesk Access Template that defines the help desk operator permissions on user accounts.

  2. Create and populate a Helpdesk group to hold the helpdesk operators.

  3. Apply the Helpdesk Access Template to the Sales Organizational Unit, selecting the Helpdesk group as a Trustee.

As a result of these steps, each member of the Helpdesk group is authorized to perform management tasks on user accounts in the Sales Organizational Unit. The Helpdesk Access Template determines the scope of the tasks.

The following sections elaborate on each of these steps.

Preparing a helpdesk Access Template

For the purposes of this scenario, you can use the predefined Access Template Users – Help Desk, located in the Configuration > Access Templates > Active Directory container. The Users – Help Desk Access Template specifies the necessary permissions to reset user passwords, unlock user accounts, and view properties of user accounts.

If you want to add or remove permissions from the Users – Help Desk Access Template, you need to first create a copy of that Access Template, then modify and apply the copy.

This scenario assumes that you apply the predefined Access Template Users – Help Desk.

Creating a helpdesk group

To create a group, right-click an Organizational Unit (OU) in the Console tree, select New > Group, and follow the instructions of the New Object - Group wizard. The wizard includes the page where you can add members (in this case, helpdesk operators) to the group you are creating.

For step-by-step instructions on how to create groups, see Creating a Group in the Active Roles User Guide.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级