To manage role assignments in a zone, your user account must be set with the following permissions:
| Select this target object | To apply these permissions |
|
Container for the authorization store For example: domain/UNIX/Zones/arcade/Authorization
|
On the Object tab, select Allow to apply the following properties to this object only:
Click the Properties tab and select Allow to apply the following properties to this object only:
Click the Properties tab and select Allow to apply the following properties to msDS-AzRole objects:
|
|
Computers container in the zone |
On the Object tab, select Allow to apply the following properties to this object only:
This permission is required to allow a delegated user to make the first role assignment after a computer is joined to Active Directory. |
AzRoleObjectContainer |
On the Object tab, select Allow to apply the following properties to the msDS-AzApplication object and all child objects:
Click the Properties tab and select Allow to apply the following properties to msDS-AzRole objects:
Click the Properties tab and select Allow to apply the following properties to msDS-AzAdminManager objects:
|
AzOpObjectContainer |
On the Object tab, select Allow to apply the following properties to this object only:
Click the Properties tab and select Allow to apply the following properties to msDS-AzRole objects:
Click the Properties tab and select Allow to apply the following properties to msDS-AzOperation objects:
|
Doc Feedback