Grant rights to move objects
To move objects from one organizational unit to another, a user must be granted two rights:
-
Move Objects From Container
-
Move Objects To Container
If a user has the Move Objects From Container right for an object, they can move the object out of its current OU. If a user has the Move Objects To Container right for an OU, they can move objects to the OU.
The Move Objects From Container right must be assigned over the objects that you want to allow moving. The Move Objects To Container right must be assigned over the organizational units you want to allow moving objects to. Depending on your requirements, sometimes it is better to use two security roles to delegate the rights – one role will grant the Move Objects From Container right, and another role will grant the The Move Objects To Container right.
Permissions granted by security roles are effective only within Adaxes.
To create a security role that grants the rights to move objects:
-
Launch Adaxes Administration console.
How { #collapse1}
-
On the computer where Adaxes Administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
Right-click your Adaxes service, point to New and click Security Role.
-
Enter a name for the new security role and click Next.
-
On the Permissions step, click Add.
-
To add the permission to move objects out of OUs (Move Objects From Container):
-
In the list of object types on the left, select the required object type (e.g. User).
-
In the General permissions section, select the Move Objects From Container permission in the Allow column.
-
Click OK.
-
-
To add the permission to move objects to OUs (Move Objects To Container):
-
In the list of object types on the left, select Organizational Unit.
To allow moving objects to containers (e.g. built-in container Users), also select the Container object type.
-
In the Operations on child objects section, select the Move Objects To Container permission in the Allow column.
-
To allow moving only specific types of directory objects, click Select object types and select the object types you need.
-
Click OK.
-
-
Click Next.
-
On the Assignments step, click Add.
-
Select the users and groups you want to assign the permissions to, and click Next.
-
Select the objects you want to assign the permissions over.
Select from the following items:
-
All Objects – select to allow moving any object to any organizational unit in all domains managed by Adaxes.
-
Domain – select to allow moving any object to any organizational unit within a specific domain.
-
OU or Container – select to apply the permissions to a container or organizational unit. The Move Objects From Container permission will allow moving objects located in the selected container or OU out of it. The Move Objects To Container permission will allow moving objects to the selected container or OU.
-
Group – select to allow moving members of a group out of their organizational unit or container.
-
Business Unit – select to allow moving members of a business unit out of their organizational unit or container. If the selected business unit includes containers (e.g. organizational units), the assignment will allow moving objects to the containers. To select a business unit, open the Look in drop-down list and select the Business Units item.
Click Finish to complete the Assign Role wizard.
-
-
Click Finish to complete the Create Security Role wizard.