Licenses container permission requirements

The following table describes the minimum rights that must be applied to the Centrify‑specific container objects or other users to successfully complete the configuration of Centrify software.

This target object Requires these permissions Applied to

Licenses container
  • Read all properties
  • Create classStore Objects
  • Modify permissions

This object only
  • Write Description property
  • Write displayName property

This object and all child objects

The Setup Wizard requires you to create or select at least one parent container for license keys. By default, this container object is:

domain/Program Data/Centrify/Licenses

You can create additional License containers, if needed, through the Manage Licenses dialog box.

By default, all Authenticated Users have read and list contents permission for the Licenses container and all of its child objects. You can change these permissions if you want to restrict access to Access Manager.

Zones container or any container used as a destination for a new zone
  • Read all properties
  • Create classStore Objects
  • Create container objects

This object only
  • Write displayName property

This object and all child objects

The Setup Wizard requires you to create or select a parent container object for creating new zones. By default, this container object is: 

domain/Program Data/Centrify/Zones

You can use other containers for zones, if needed. For example, if you have created a separate high-level organizational unit called UNIX as the parent container:

domain/UNIX/Zones

ZoneName/Computers container
  • Create group objects
  • Write Description property

This object only

These permissions are only needed if you are supporting “agentless” authentication in a zone.

Computers container

For example, the generic Computers container: domain.com/Computers
  • Write operatingSystem property
  • Write operatingSystemVersion property
  • Write operatingSystemHotfix property
  • Write operatingSystemServicePack property

SELF on Computer objects

These permission are granted to each computer’s SELF account when you select the Grant computer accounts in the Computers container permission to update their own account information option in the Setup Wizard.