Modifying users in standard zones

In a standard zone, modifying user account properties for a user with a standard Active Directory security group as the primary group requires the following permissions:

Select this target object To apply these permissions

The serviceConnectionPoint object for the user account

For example, if you are using classic zones and the UNIX user name is chris:

domain/UNIX/Zones/Finance/Users/chris

then select

serviceConnectionPoint objects

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read allowedAttributesEffective
  • Read objectGUID
  • Write keywords

If you are changing the UNIX user name for the user, you need the following additional permissions applied to this object:

  • Read name
  • Write name
  • Write Name property

Note The Name property is the common name (cn) of the serviceConnectionPoint object.

Note:   You can set the permissions for modifying user accounts by clicking Permissions when you are viewing the Centrify Profile for a user.