Adaxes

Blind users role and default container

0 votes

Hi there !

I use the blind users role to hide objects to web operators but it seems that default containers (builtin, computers, users) are always visible, when i use group management features (so i always see groups like Users, Pre Windows 2000...)
Even if the user do not have the rights to edit these objects, i'd like these to be really hidden.

Any clue ?

by (800 points)

1 Answer

0 votes
by (216k points)

Hello,

This happens because you excluded security principal Self from the activity scope of the Blind User role. The security principal Self also includes all groups a user is a member of.

To fix your problem you can do the following:

  1. Create a new Security Role.

  2. Add Deny Read Groups permission to this role.

  3. Assign this role to Everyone over the groups that you what to hide.

  4. Exclude the users that you want to allow to view these groups from the activity scope.

We are considering changing this behaviour, and probably in the next version, the security principal Self will be treated as the self user account only.

0

Thanks a lot !

by (800 points)

Related questions

0 votes
1 answer
Blind users role and add to group problem

Hi again, It seems that there is a problem with the Blind Users role and the add to group features : i configured a user as he can see only a specific OU through blind ... " (Where My User stands for the real user name obviously). Am i doing something wrong ?

asked Jul 5, 2011 by sroux (800 points)
0 votes
1 answer
Blind user role and configuration object

Hi, Still struggling with blind user role :-) i found out that i cannot exclude configuration object from the role (this is greyed) so users cannot use "My Approval" "My requests" features Is this normal ? TIA

asked Jul 21, 2011 by sroux (800 points)
0 votes
1 answer
Is it better to grant access via multiple OU and group assignments in the security role or use a business unit?

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (100 points)
0 votes
1 answer
Scripting: Security Role - Enumerate and change assignments

I need to replace one Active Directory security group that has been given rights over many OUs within several Security Roles. There are likely ~300 entries that need ... in the SDK documentation appears to be broken - http://adaxes.com/scriptrepository

asked May 1, 2013 by SomeUser (90 points)
0 votes
1 answer
Security Role - Enabling and Disabling User Accounts

Is it possible to create a security role that would only allow disabling accounts, but not enabling?

asked Feb 21, 2012 by BradG (950 points)
3,634 questions
3,322 answers
8,398 comments
548,787 users