Adaxes

Service Admins?

0 votes

I have been testing with setting up a business rule to deny modify if the initiator is not in the managed by attribute of the object. I have an OU with users in it. I have created a role that allows authenticated users to modify group membership and reset passwords to this OU. I set up a business rule that would cancel the operation with access denied if the initiator is not in the managed by attribute for the object and assigned it to the OU. I was surprise to be effected by this rule as a Service Admin. I am set up as an administrator for Adaxes via the Administrators tab in the server properties. Would this be considered a normal function or should I had unrestricted access? If it is normal, is there a way to indicate in the business rule 'if initiator is a service admin'?

Thanks

by (1.2k points)

1 Answer

0 votes
by (18.0k points)

Hello,

Yes, it's a normal function. It is possible to check whether the initiator is a service admin using the If PowerShell script returns true condition.

Today we are releasing a minor update that will allow you to assign Security Roles to group owners. There will be two new security principals:
- Owner (Managed By)
- Manager

So, if you want to grant permissions to the user or security group specified in the Managed By property of a group, you'll need to assign your role to Owner (Managed By):

0

Has this update been released yet? I have been checking frequently and have not seen it yet. Not that I want to be a pest, but this is something that we are very excited about and we can't wait to get the update.

Thanks

by (1.2k points)
0

Hello,

We are in the process of building installation packages. I'll update this post as soon as the new version is available.

by (18.0k points)
0

Hello,

The update has been released today.

You can download it here.
Note that you need to perform additional steps to preserve Approval Requests after the upgrade. For details, see upgrade instructions.

by (216k points)

Related questions

0 votes
1 answer
How to provide a button in web UI for Admins to reset Q&A for users enrolled Self-Service portal

would like to know the method to provide a button to security Q&A reset for enrolled users to Adaxes Admins via Web UI

asked Mar 21, 2023 by Vish539 (460 points)
0 votes
1 answer
Group domain-admins

How do I get domain-admins? Which permission do I need to configure to appear in the group? https://imgur.com/4Wy6rOb

asked Dec 20, 2018 by tiagotoledo (360 points)
0 votes
1 answer
Adaxes is slow for "regular users" but not for admins

Hi again :-) It seems that Web interafces is very slow for any kind of operation (search, modifiy) when the user is part of several ACL in Adaxes. It took me some time ... i'm afraid they stop using the tool if nothing is done. Thanks for your help. Stephen

asked Mar 29, 2012 by sroux (800 points)
0 votes
1 answer
Populate a User Attribute with Yes/No if enrolled in Password Self-Service

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked 4 days ago by msheppard (470 points)
0 votes
1 answer
Is there a way to add group managed service accounts, GMSA, to rule based groups?

When setting up a rule based group, GMSA objects are not visible. Is there a setting or view I need to add to make these availabe to rule based groups, or is it simply not an option?

asked Sep 16 by ajmilic (100 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users