Adaxes

permissions to read properties of your account error

0 votes

The following error is displayed on the top of the screen, after one of my users logs into Adaxes...

"You don't have any permissions to read properties of your account. Some features of the Web Interface will not be available."

I am not sure what is causing this. I have already set the security role for the user in Adexes to the equivalent of an admin just to test, it made no difference. The user has "Full Control" assigned over "All Objects" for the entire domain. Can someone tell me what is triggering this error and how to resolve it?

by (380 points)

1 Answer

0 votes
by (216k points)

Hello,

When assigning permissions, you should always remember that the Deny permissions always override the Allow permissions. That is, if a user has both the Deny and Allow permissions to perform a certain operation, this user will not be able to perform this operation as the Deny permission has a higher priority. So, if the user is assigned both the Allow and Deny permissions for certain properties of his own account, he will not be able to read the properties of his account.

To remedy the issue, you can have a look at the Security Roles assigned to this user and check whether they contain any Deny permissions for reading properties of user accounts and include his own account in the Assignment Scope. To do this:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand the service node that represents your service.
  3. Expand Active Directory.
  4. Locate the user you need and select Properties from the context menu.
  5. In the Properties dialog box that opens, click the Security Roles tab.
  6. In the Security Roles tab, you will see a list of Roles assigned to this user. To view/edit the permissions that the Role contains and its Assignment Scope, you can right-click any Role and select Locate Role in Tree. The Role will be selected in the Console Tree of the Administration Console.

Related questions

0 votes
1 answer
How can we minimize permissions of Domain Service Account and still retain Adaxes functionality?

Hello, We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. ... account is also given the appropriate Security Role within the Adaxes administrative console.

asked Sep 12, 2023 by just.kon (20 points)
0 votes
1 answer
What permissions does the service account need to make changes to active directory?

I am working with Adaxes for the first time. Looking to set up the service account so it can actually make changes to AD not just to register the Adaxes Service. I would rather ... the Adaxes service. What I am unable to do is have adaxes make changes to AD.

asked Sep 21, 2022 by mightycabal (1.0k points)
0 votes
1 answer
Redirect to Home Screen instead of My Properties

Is it possible after a user logs in to be Redirect to the Home Page (if enabled) ? If so where would that need to be changed? I've found multiple difference Web Config ... where or how it gets redirected to the My Properties page so it can be changed. Thanks

asked Jul 23, 2019 by Helios5287 (100 points)
0 votes
0 answers
Permissions to allow a self-service user to set out-of-office replies on mailboxes they have direct full control over

Good Afternoon, I'm looking for some clarification on what security settings I would need to apply to the Self-Service Users to allow them to update both their own ... accounts they have full access to. Please let me know if this requires more clarification.

asked Jul 22, 2021 by jtop (700 points)
0 votes
1 answer
How to get rid of this Exchange error msg.
asked Jul 25 by hhsmith (100 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users