0 votes

Morning,

I have an issue with self service users being able to modify the properties of other users, my permissions look like this:

(Role permissions)
I assume it's my assignments: entry that needs to be set to "self" not my user group is that correct?

Thanks,
John.

by (840 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello John,

Yes, to allow users to perform operations on their own accounts, the role must be assigned to Self.

However, as far as we can see, the role contains not only permissions for User objects, but also permissions for operations on objects of other types. For example, it allows writing all properties of groups and creating child objects. If you assign it to Self, users will not be able to use such permissions. We recommend splitting your Security Role into 2 roles:

  1. A role that contains permissions only for the operations that users can perform on their own accounts;
  2. Another role that contains permissions for operations on other objects.

The 1st role must be assigned to Self, and the 2nd role must be assigned only to users who can modify groups or create child objects and include the parts of AD where they can perform such operations in the Assignment Scope.

0

All separated out now and assigned the minimal required. Thanks for the help.

Related questions

0 votes
1 answer

Actually it's a test account that's showing this issue. I logon as a test account that has recently been created so has not reports in AD. When I logon as that user ... members who are not managed by that account. Any ideas where I should look for a solution?

asked Mar 10, 2016 by bistromath (840 points)
0 votes
1 answer

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
0 answers

I have applied a security role to a group at the top of a Business Unit Container and set it to apply to the subtree and it does, all Containers and Business Units do ... Unit. Did I apply the permissions wrong or is there some setting I need to change?

asked Aug 9 by ajmilic (100 points)
0 votes
1 answer

How can I grant read only rights for Configuration items in the Adaxes Admin Console?

asked Jan 26 by mark.it.admin (2.3k points)
0 votes
1 answer

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
3,550 questions
3,241 answers
8,235 comments
547,827 users