Write member property

Question

Hi

How do I design one or more Security Roles to meet the following criterias:

A user can only be added to a group within a given scope when:

1 - The user requests membership to a given group for himself.
- or -
2 - A user, that is member of (for example) "All user managers", requests membership to a given group for another user.

Actually #2 is working, but I cannot get the "self" to work, without giving the user rights to add other users to groups too :?
Membership may requires approval by the group manager, but that workflow is working too.

- Thanks

Answer 1

Hello,

The user requests membership to a given group for himself.

To achieve this, you will need to do the following:

• Grant users rights to modify Member property of required groups
• Create a Business Rule that will trigger Before Adding a member to a Group and cancel the operation if the initiator is trying to add another account to the group rather than their own one.

To create the Business Rule:

1. Launch Adaxes Administration Console.
2. Right-click your Adaxes service node, navigate to New and click Business Rule.
   
3. On step 2 of the Create Business Rule wizard select Group object type.
   
4. Select Before Adding a member to a Group and click Next.
   
5. Click Add Action and select Cancel this operation.
6. Enter an optional reason for cancelling and click OK.
   
7. Double-click Always and select If the initiator is a member of <Group>.
8. Select is not and click Select Group.
9. Select the group and click OK twice.
   
10. Right-click the action you have created and click Add Condition.
    
11. Select If the initiator is <User> , select is not and click Select User.
    
12. Activate the Template tab, enter %member% into the Template field and click OK twice.
    
13. Click Next and finish creating the Business Rule.