Deleting rights

To delete right definitions in a zone, users must have the following permissions:

Select this target object To apply these permissions

Authorization

Click the Properties tab, then select Allow for the following properties:

  • Write msDS-AzApplicationData

msDS-AzOpObjectContainer/CN=pam‑rightName

or

msDS-AzOpObjectContainer/CN=pc‑rightName

This object is listed under a globally unique identifier (GUID) for the Authorization object and a specific PAM access right name or privileged command name.

Click the Properties tab, then select Allow for the following properties:

  • Read Name
  • Read name
  • Allow Delete