Creating the authorization store
All of the information about rights, roles, and role assignments is held in an authorization store for each zone in Active Directory. The name of authorization store object is CN=Authorization under the zone object’s DN. For example, the authorization store for the zone named EMEA_Territories in the Arcade.Net forest is:
cn=Authorization, cn=EMEA_Territories, cn=Zones, cn=UNIX, dc=Arcade, dc=Net
To create the authorization store for a zone, users must have the following permissions:
Select this target object | To apply these permissions |
Parent container for an individual zone For example, a ZoneName container object, such as: domain/Centrify/Zones/arcade |
On the Object tab, select Allow to apply the following permissions to this object and all child objects:
Select Allow to apply the following permissions to this object only:
|