Hello Rodney,
You should always remember that Deny permissions always have a higher priority than Allow permissions, so there is no way how you can override the Deny permissions that you defined.
Basing on your letter and screenshots that you've sent us by email, what we can suggest is that you modify modify the Assignments of the Domain User Security Role that you currently have by assigning it to the users/groups who need to gain access to the Private Data property and exclude All Objects from the Assignment Scope of the Role. Thus, the permissions of the Role will no longer be delegated to those users/groups. Because of this, you also need to modify the permissions of the AD Support Dispatch Security Role and grant the right to Read All object types to that Role for the users to be able to browse your AD. Then, you need to assign the Role to the users/groups who need to gain access to the Private Data property and include All Objects in the Assignment Scope. To implement such a solution:
I. Modify the assignments of the Domain User Security Role
-
Open Adaxes Administration Console.
-
Locate and select the Domain User Security Role.
-
Right-click in the Assignments section and click Add Assignment.
-
In the dialog box that appears, double-click a user/group who needs to access to the Private Data property.
-
In the dialog box that appears, add All Objects to the Assignment Scope of the Role.
-
In the Assignment Options dialog, select the Exclude this selection option.
-
Click OK 2 times
-
If necessary, repeat steps 3-5 for as many users/groups as you need.
-
Save the Security Role.
II. Modify the permissions of the AD Support Dispatch Security Role and assign it to the necessary users/groups
- Open Adaxes Administration Console.
- Locate and select the AD Support Dispatch Security Role.
- Click the Add button above the Permissions list.
- In the dialog that appears, select the Read permission in the Allow column and click OK.
- Right-click in the Assignments section and click Add Assignment.
- In the dialog box that appears, double-click a user/group who needs to access to the Private Data property.
- In the dialog box that appears, add All Objects to the Assignment Scope of the Role.
- Save the Security Role.
P.S. Rodney, please check your PM inbox!