Managing roles and rights in a zone

To manage rights and roles in a zone, including creating and deleting role definitions and updating time constraints, your user account must be set with the following permissions:

Select this target object To apply these permissions

Container for the authorization store

For example:

domain/UNIX/Zones/arcade/Authorization

On the Object tab, select Allow to apply the following properties to this object and all child objects:

  • List contents
  • Read all properties

Click the Properties tab and select Allow to apply the following properties to the msDS-AzAdminManager object:

  • Write msDS-AzApplicationData
AzTaskObjectContainer

On the Object tab, select Allow to apply the following properties to this object and all child objects:

  • List contents
  • Read all properties
  • Create msDS-AzTask objects
  • Delete msDS-AzTask objects

Click the Properties tab and select Allow to apply the following properties to msDS-AzTask objects:

  • Write msDS-AzApplicationData
  • Write cn
  • Write name
  • Write description
  • Write msDs-OperationsForAzTask
AzOpObjectContainer

On the Object tab, select Allow to apply the following properties to this object and all child objects:

  • List contents
  • Read all properties
  • Create msDS-AzOperation objects
  • Delete msDS-AzOperation objects

Click the Properties tab and select Allow to apply the following properties to msDS-AzOperation objects:

  • Write msDS-AzApplicationData
  • Write cn
  • Write name
  • Write description