Hello,
Yes, there is. First of all, you need to create a Business Unit that will include, for each manager, all objects managed by them. Then, you need to assign a Security Role to the managers including the Business Unit in the Activity Scope.
I. Create Business Unit that includes all objects managed by a user
For information on how to create a Business Unit that includes all objects managed by a user, see see Example 3 under Query Results in the following tutorial: http://www.adaxes.com/tutorials_ActiveD ... InUser.htm. In the LDAP Filter field, you need to specify a value reference for the property you used in your script. For example, if you specified adm-CustomAttributeText1 in propertyForFilter, then you need to specify %adm-CustomAttributeText1%.
II. Assign the Security Role
To grant the managers permissions for their subordinates, you need to assign them a Security Role that grants sufficient permissions and include the Business Unit you created on step I in the Assignment Scope. For example, you can use one of the built-in roles for this purpose, such as Account Manager or Super Manager, or create your own Security Role for this purpose.
To assign an existing role:
- Locate and select the role you need in the Console Tree.
- Right-click in the Assignments section and select Add Assignment.
- If you want to grant the permissions to all managers, select Authenticated Users.
*- or -*
If you want to grant the permissions to a specific user or group, select it in the list.
- Click OK.
- In the Specify Activity Scope dialog that opens, select the Business Units item in the Look in drop-down list.
- Select the Business Unit you created on step I.
- Click Add, then click OK 2 times.
- Save the changes.