Adaxes Search Features for Self Service Users

Question

As Always thank you guys for such an excellent product, I have could not have so few IT admins for such a large organization as I do without this tool. As they say it is worth its weight in gold!!

I have been toying with the idea of allowing end users to utilize the search functionality as an alternative to Outlook or Lync's contact cards. As you very well know there is greater flexibility and general user experience to display information in the WebGui ./SelfService site.

My one issues is that currently when doing a search within the web GUI the results returned will also include users that are disabled.

Should this be limited by the role of "User Self Service" and their role's visibility or should I be doing something else?

Answer 1

Hello,

First of all, thank you for your good words, we really appreciate that.

As to your question, no, the User Self Service role doesn't limit users from viewing disabling user accounts. Moreover its name doesn't mean that it applies only in the Web interface for Self-Service. The name only means that the role contains permissions for users to perform various self-service tasks, such as changing own password, updating personal information etc. Any Security Role applies everywhere in Adaxes.

To implement what you want, you need to use the Blind User Security Role. This role denies the permissions to view objects.

Note, however, that if permissions to view an object are denied to a user with the help of Security Roles, the user won't be able to view the object anywhere, neither in the Administration Console, nor in any of the Web interfaces.

To implement what you need, you want, you need to:

• Create a Business Unit that contains all disabled users;
• Assign the Blind User role to your users, including the Business Unit in the Assignment Scope.

i. Create a Business Unit that contains all disabled users

To create such a Business Unit:

1. Create a new Business Unit.
2. On step 2 of the Create Business Unit wizard, click Add.
3. Select Query Results.
4. In the Filter edit box, specify:
   (&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))
   
5. Click OK, then click Finish.

ii. Assign the Blind User Security Role to your users

To do this:

1. Launch Adaxes Administration Console.
2. Select the Blind User role in the Console Tree.
3. Right-click the Assignments section and click Add Assignment.
   
4. Select Authenticated Users and click OK.
   
5. Select the Business Units item in the Look in drop-down list.
6. Select the Business Unit you created and click Add.
   
7. Select the Members of this Business Unit and This Business Unit object options.
   
8. Click OK 2 times. This will hide disabled accounts from all users.
9. Now, if you want to allow certain users to view disabled accounts, you can exclude them from the Security Roles Assignments. For example, to exclude the Administrators group from the assignments, right-click in the Assignments section and click Add Assignment.
10. Select Administrators group and click OK.
    
11. Select the Business Units item in the Look in drop-down list.
12. Select the Business Unit you created and click Add.
    
13. Select the Members of this Business Unit and This Business Unit object options.
    
14. Select Exclude the selection.
    
15. Click OK.
16. When done, save the changes.