Deleting rights

To delete right definitions in a zone, users must have the following permissions:

Select this target object	To apply these permissions
Authorization	Click the Properties tab, then select Allow for the following properties: Write msDS-AzApplicationData
msDS-AzOpObjectContainer/CN=pam‑rightName or msDS-AzOpObjectContainer/CN=pc‑rightName This object is listed under a globally unique identifier (GUID) for the Authorization object and a specific PAM access right name or privileged command name.	Click the Properties tab, then select Allow for the following properties: Read Name Read name Allow Delete

Select this target object

To apply these permissions

Authorization

Click the Properties tab, then select Allow for the following properties:

Write msDS-AzApplicationData

msDS-AzOpObjectContainer/CN=pam‑rightName

msDS-AzOpObjectContainer/CN=pc‑rightName

This object is listed under a globally unique identifier (GUID) for the Authorization object and a specific PAM access right name or privileged command name.

Click the Properties tab, then select Allow for the following properties:

Read Name
Read name
Allow Delete