Adaxes

Custom Command Question

0 votes

I have noticed, and maybe I am doing something wrong, but it appears even though i have a Security Role that deny's full control to all objects (your blind role modified), users can still run custom commands via the web interface. But, if i deny them the ' Execute all custom commands' in any other rule it works like its supposed to. i don't understand. Why doesn't the full control cover executing custom commands.

the problem is that everytime we add a new rule, we don't want to go exclude it somewhere.

by (80 points)

1 Answer

0 votes
by (18.0k points)

Hello,

If you deny the Full Control permission for a user, the user will not be able to neither perform any operation in AD (including execution of Custom Commands), nor view any object in Active Directory. In your case, I think something is wrong with the user assignment. Could you send me a screenshot with the assignments of the role?

the problem is that everytime we add a new rule, we don't want to go exclude it somewhere.

Do you mean Custom Command (not rule)? When you create a Custom Command, by default, users don't have the right to execute it. However, some built-in Security Roles (e.g. Help Desk) grant the Execute All Custom Commands permission. If you don't want users to be able to execute Custom Commands, just delete that permission from the Security Roles assigned to the users.

Related questions

0 votes
1 answer
Pass variables to a custom command (Powershell script)

I have a number of custom Powershell scripts that add users to Teams, groups, etc. I re-use these scripts dozens of times for different conditions and only change one ... possible to convert this script to a custom command and pass parameters to it instead?

asked Dec 16, 2024 by cwyant-hfg (40 points)
0 votes
1 answer
Add group to Business Unit by executing custom command

Dear, I'm having issue in adding a group to a Business Unit. The situation is as following: We have given our IT ServiceDesk access to manage certain groups. This is ... Unit.", "Information") Can you please verify what is preventing the addition? Thank you.

asked Nov 29, 2024 by alexalex (40 points)
0 votes
1 answer
Custom command parameters with multi value attributes

Is there a way to configure a Custom Command parameter to accept multiple values so I can then add them to a multi value attribute such as adm-CustomAttributeObjectMultiValue1 ... in my specific case I'm looking to use a directory object picker parameter

asked Nov 27, 2024 by AM (50 points)
0 votes
1 answer
Open the user in the tree after completion of a custom command

We have a series of transforms we use for users including moving to different OU's. Is there a way to open the user's object after the command completes much in the same way a user creation does?

asked Nov 22, 2024 by msheppard (660 points)
0 votes
1 answer
Is it possible to use a property pattern as a parameter in a custom command?

The use case we are looking for is providing a list of titles for users to choose from when initiating a re-hire. We already have a title property pattern established and would ... that we can manage the list in one place. Let me know and as always, thanks.

asked Nov 22, 2024 by msheppard (660 points)
3,600 questions
3,288 answers
8,326 comments
548,301 users