Modifying role assignments
To modify role assignments, users must have the following permissions:
Select this target object | To apply these permissions |
Authorization |
Click the Properties tab, then select Allow for the following properties:
|
msDS-AzRoleObjectContainer This object is listed under a globally unique identifier (GUID) for the Authorization object. |
On the Object tab, select Allow to apply the following permissions to this object:
|
msDS-AzRoleObjectContainer/CN=CRA_guid This object is listed under a globally unique identifier (GUID) for the Authorization object and a unique identifier for the role assignment. |
Click the Properties tab, then select Allow for the following properties to allow changes to the assigned user or groups:
Click the Properties tab, then select Allow for the following properties to allow changes to the available time for a role assignment:
|