0 votes

I followed these instructions but still don't see the edit button unless I log in with my full adaxes administrator account.

https://www.adaxes.com/tutorials_AutomatingDailyTasks_AddUsersToGroupsByDepartment.htm#dynamicgroups

I granted the permission "Write Rule-Based Membership" to the Group Manager built in security role.

What am I missing?

by (2.3k points)

1 Answer

0 votes
by (3.6k points)
selected by
Best answer

Hello Mark,

If you can see the Edit button when you log in with the administrator account, it means that there is an issue with the security role assigned to the user that doesn’t see the button. By default, the Group Manager security role is applied to the Owner (ManagedBy) well-known security principal and is assigned over All Objects. This means that the permissions granted by this role apply to the user who is specified in the managedBy attribute of each group.

Make sure that the user that you are logged in with is specified in the managedBy attribute of the group you are trying to edit. Should the issue persist, please, post the screenshot of the security role here or send it to support@adaxes.com. Make sure that the screenshot includes the assignments of the role.

0

Group that I am trying to change to rule-based with my non-admin account as the manager: image.png

No edit button in self service interface: image.png

Web Interface configured: image.png

Security Role: image.png

+1

Hello Mark,

The thing is, your group currently has the Assigned membership type. The Edit button will not be displayed as long as the group is of the Assigned type because the security role doesn’t grant the rights to change the membership type (the Write ‘Membership Type’ Property permission is missing).

With your current security role, trustees are able to change the membership rules of a group only if it is already Rule-based. You can either add the above permission to the security role to allow trustees of the role to change the membership type, or change the membership type to Rule-based using another account that has sufficient permissions.

0

That did it. Thank you!

Related questions

0 votes
1 answer

When setting up a rule based group, GMSA objects are not visible. Is there a setting or view I need to add to make these availabe to rule based groups, or is it simply not an option?

asked Sep 16 by ajmilic (100 points)
0 votes
1 answer

I created a group Business Rule that triggers "After adding or removing a member from a group". On its Activity Scope I added a test group, and set it for "The group ... does not trigger. What should I do to make the BR detect this (admittedly rare) case?

asked Mar 16, 2023 by alex.vanderwoude (60 points)
0 votes
1 answer

Hi there, I've a business unit containing all shared mailboxes. In The Admin Console the filter is okay and the affected objects show the accounts: But when ... provide a list of all shared mailboxes (which are disabled aswell). Kind regards Constantin

asked May 28, 2021 by Constey (190 points)
0 votes
1 answer

Hello, I have 3 groups in my AD environment and want to show all the users that belong to each group. For example - Group 1 Group 2 Group 3 The existing report in the Adaxes ... -Usser D etc. Is there a way to create a report like this? Thank you in advance!

asked Nov 6, 2020 by sirslimjim (480 points)
0 votes
1 answer

Hi, I need business rule that will forbid changing group membership type to rule-based for selected groups. Additionally I need PowerShell script for adding more groups to be watched by this rule. Thanks in advance!

asked Mar 9, 2023 by KIT (960 points)
3,588 questions
3,277 answers
8,303 comments
548,091 users