Modifying users in standard zones

In a standard zone, modifying user account properties for a user with a standard Active Directory security group as the primary group requires the following permissions:

Select this target object	To apply these permissions
The serviceConnectionPoint object for the user account For example, if you are using classic zones and the UNIX user name is chris: domain/UNIX/Zones/Finance/Users/chris then select serviceConnectionPoint objects	Click the Properties tab and select Allow to apply the following properties to this object only: Read allowedAttributesEffective Read objectGUID Write keywords If you are changing the UNIX user name for the user, you need the following additional permissions applied to this object: Read name Write name Write Name property Note The Name property is the common name (cn) of the serviceConnectionPoint object.

Select this target object

To apply these permissions

The serviceConnectionPoint object for the user account

For example, if you are using classic zones and the UNIX user name is chris:

domain/UNIX/Zones/Finance/Users/chris

then select

serviceConnectionPoint objects

Click the Properties tab and select Allow to apply the following properties to this object only:

Read allowedAttributesEffective
Read objectGUID
Write keywords

If you are changing the UNIX user name for the user, you need the following additional permissions applied to this object:

Read name
Write name
Write Name property

Note The Name property is the common name (cn) of the serviceConnectionPoint object.

Note: You can set the permissions for modifying user accounts by clicking Permissions when you are viewing the Centrify Profile for a user.