Adaxes

Group Manager Security Role

0 votes

How would I define a "Group Manager" role that only allows the trustee to add direct users (not groups) to a managed group?

Thanks

by (950 points)

1 Answer

0 votes
by (18.0k points)
selected by
Best answer

Hello,

Unfortunately it is impossible to do it with the help of Security Roles. However, you can control the type of group members using Business Rules:

  1. Create a Business Rule that is triggered before adding a member to a group.

  2. Add Run a program or PowerShell script action to the Business Rule.

  3. Enter the following PowerShell script for the action: 

     Import-Module Adaxes
 $Context.GetModifiedPropertyValues("member") |  Get-AdmObject | Foreach-Object { if ($_.ObjectClass -ne "user") {$Context.Cancel("Only users can be added to the group.")} }

    Please note: to use this script, you need to install the Adaxes PowerShell Module on the computer, where the Adaxes service is running. Adaxes PowerShell Module is installed with the same installation package as used to install Adaxes service.

  4. Add conditions for the action. For example:

For more details, please see Validate/Modify User Input Using a Script.

0

That is perfect. It works as expected. Thanks!

by (950 points)

Related questions

0 votes
1 answer
Is it better to grant access via multiple OU and group assignments in the security role or use a business unit?

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (100 points)
0 votes
0 answers
Security role is not propagating to objects within the Business Unit

I have applied a security role to a group at the top of a Business Unit Container and set it to apply to the subtree and it does, all Containers and Business Units do ... Unit. Did I apply the permissions wrong or is there some setting I need to change?

asked Aug 9 by ajmilic (100 points)
0 votes
1 answer
Security Role for Read Only Configuration Items

How can I grant read only rights for Configuration items in the Adaxes Admin Console?

asked Jan 26 by mark.it.admin (2.3k points)
0 votes
1 answer
What specific permission is needed in a security role to grant access to enable a user account?

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Assign permission other than 'Account Options' to a security role

I only want to allow a security role to write 'user must change password at next logon' and not all options they have under 'Account Options'. The only permission I can see in ... ". I'd rather not assign permissions to all these settings if I don't have to.

asked Apr 6, 2021 by cfrazier (20 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users