Zones container permissions

The following table describes the minimum rights that must be applied to the Centrify Zones container.

This target object Requires these permissions Applied to

Zones container or any container used as a destination for a new zone
  • Read all properties
  • Create classStore Objects
  • Create container objects

This object only
  • Write displayName property

This object and all child objects

Change the default zone container
  • Delete

Previous zone container

The Setup Wizard requires you to create or select a parent Zones container object for new zones. The default location for the parent container for new zones depends on the organizational structure you deploy. For example, if you use the recommended organizational structure, the default location for new zones would be domain/Centrify/Zones. You can use other containers for zones or create multiple parent containers for zones to separate administrative duties for different groups.