Self Service

Question

Not sure what I'm missing...but when I view accounts or my acct for that matter in the Self-Service console, the Member of section (security group and distribution list) are empty.

I tried adding the read permissions for group but no cigar.

Answer 1

Hello,

To be able to view the groups in the Member Of section, a user must be granted the permission to read the groups. By default, the permission to read all objects in AD is provided by the built-in Security Role Domain User. However, if you disabled or changed the Activity Scope of the Role, you need to explicitly grant permissions to users to view the groups they need. For this purpose, you need to grant the permission to Read group objects and include the groups they need to view in the Assignment Scope of the Role. To create such a Role:

1. Create a new Security Role.
2. On the 2nd step of the Create Security Role wizard, click Add.
3. Select the Group object type.
4. In the General permissions section, select Read.
   
5. Click OK.
6. On the next step, assign the Role to the users who need to see the groups and include the necessary groups in the Assignment Scope.

Comments

So I'm thinking abt what you suggested...

If this is through self service and the 'my properties' contain member of fields, I wouldn't know everyone whos apart of a group, so how can I address this on a larger scale?
I'd like to configure so when a user views their properties in Self Service, they are able to see the groups they are apart of.

I added Security Role and added Read permissions and trustee is Authenticated Users assigned to the domain. Is this ideal? or is it giving the user to much freedom?

---

Hello,

Currently, this is, probably, the best way how you can implement your requirement. If you've configured the Security Role in the way as we've described in our previous post (that is, added the Read permission for Group objects only), your Security Role will allow all your users only to view all groups located in the domain. The Read permission allows users only to view objects, not modify anything, so they won't have access to changing something that they are not supposed to.

In the future, we are planning to add support for value references in Business Unit. That is, it will be possible to specify value references in Business Unit Membership Rules. When this is implemented, you will be able to create a Business Rule containing all groups that a user is a member of, and assign the Security Role over the Business Unit.

---

we are testing self-service and managed objects.
is there a way to allow the default for page size to set at a different number other than 10?

---

Hello,

Currently, this is impossible. But in our new version to be available on Thursday, this functionality will be added. :)

---

great.

I sent an email to support abt another issue(onprem MB creation). can someone take a look?

---

Hello,

We haven't yet received it. Did you send it to our support email (support[at]adaxes.com)?

---

I sent it to support[at]adaxes.com.

---

OK, received, expect a message from one of our Support Engineers in a couple of minutes.