Service Admins?

Question

I have been testing with setting up a business rule to deny modify if the initiator is not in the managed by attribute of the object. I have an OU with users in it. I have created a role that allows authenticated users to modify group membership and reset passwords to this OU. I set up a business rule that would cancel the operation with access denied if the initiator is not in the managed by attribute for the object and assigned it to the OU. I was surprise to be effected by this rule as a Service Admin. I am set up as an administrator for Adaxes via the Administrators tab in the server properties. Would this be considered a normal function or should I had unrestricted access? If it is normal, is there a way to indicate in the business rule 'if initiator is a service admin'?

Thanks

Answer 1

Hello,

Yes, it's a normal function. It is possible to check whether the initiator is a service admin using the If PowerShell script returns true condition.

Today we are releasing a minor update that will allow you to assign Security Roles to group owners. There will be two new security principals:
- Owner (Managed By)
- Manager

So, if you want to grant permissions to the user or security group specified in the Managed By property of a group, you'll need to assign your role to Owner (Managed By):

Comments

Has this update been released yet? I have been checking frequently and have not seen it yet. Not that I want to be a pest, but this is something that we are very excited about and we can't wait to get the update.

Thanks

---

Hello,

We are in the process of building installation packages. I'll update this post as soon as the new version is available.

---

Hello,

The update has been released today.

You can download it here.
Note that you need to perform additional steps to preserve Approval Requests after the upgrade. For details, see upgrade instructions.