0 votes

Hello!

2 questions today:

1) I have created a separate webgui for our HR department. http://<adaxesserver>/HR. They have two actions available, one for creating a new user, and one for setting expiry dates for current users. How can I create an enforcement rule which will only apply to this webgui/these actions?
The only way I have been able to do this now is to create a generic business rule which applies before creating/updating users, with only one action: Require Approval. However, this rule will obviously apply to every create/update action that I do in Adaxes, regardless of which web gui I am working in, so I will need another method of enforcing approval.

2) With my current (flawed) method of enforcing approval, I noticed that when they reach the "This operation requires approval" page, the page also lists all users in the OU which they are allowed to administer, and they can view/modify most of the information. IMHO, this summary page should not contain this user browser part.
I have removed basically every "Display" and "Browse" option in the web gui management tool for this particular "/HR" subsite, but still, this user browser shows up on the "Requires Approval" page. The accounts who are able to log in to this site, has the common permissions "Create, delete and manage user accounts", which I believe I cannot restrict further, since they should be able to create new users, and be able to select users from a list and set expiry dates.

by (160 points)
0

Bump

1 Answer

0 votes
by (1.8k points)

Question number 1:
I asume that you assign the security role to a AD group that allows members of HR to execute these two functions.
Therefore i would edit the business rule action that sends the approval request and add a condition "If the initiator is a member of <Group>", and connect it to the AD group giving access to the HR web interface. Then it will only trigger on actions executed by HR.

Question number 2:
No clue if it is even possible to hide this.
The best thing would be an option that you could set to direct them to the home screen, like other functions already do.
Support will need to answer this. :geek:

Related questions

0 votes
1 answer

Good Afternoon, Is it possible to move mailboxes to 365 using more advanced options? I am already using the documented script but we have a need to use other switches in the ... this. I see the native way only supports a couple of options that are documented.

asked Nov 22, 2023 by curtisa (290 points)
0 votes
1 answer

Hi I've added values to two attributes of an Oraganization Unit: adm-CustomAttributeText1 adm-CustomAttributeText2 I'm trying to extract these properties with a powershell ... But this does not provide the value set in adm-CustomAttributeText1. Any ideas?

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
1 answer

Hi, I am trying to setup a Home Page action in the Help Desk portal to modify a User account, for this i want to specify the default value of a property to be the ... the user account i am modifying to get the default value? Thanks in advance for any help!

asked Dec 1, 2016 by sam.webster (370 points)
0 votes
1 answer

We have a problem with customizing the WebUI: 1. We need to hide the "Exchange-Tasks" link when an object ist in view or is in edit mode 2. We need to deactivate the "add" button when attribute phoneother is used in edit mode is this possible?

asked Aug 31, 2015 by viktor.reim (120 points)
0 votes
1 answer

We're experiencing an error opening the Web Interface Customization module. There don't seem to be any relevant posts here, nor can I find any obvious problems in the event ... will be empty. You can add a property name manually by clicking Add Extra button."

asked May 13, 2014 by theckel (520 points)
3,589 questions
3,278 answers
8,303 comments
548,130 users