Delegating control for authorization managers

The AuthorizationManagers security group is intended for members of the security team who are responsible for managing role-based access rights. You should add members to the group to grant specific users the rights required to manage user roles, computer roles, access privileges, and role assignments.

You can delegate tasks to the AuthorizationManagers group on the User Roles and Computer Roles organizational units using Active Directory Users and Computers. You can delegate zone administration tasks to the group in Access Manager.

Delegating tasks for user role groups

In Active Directory Users and Computers, select the User Roles organizational unit, right‑click, then select Delegate Control to start the Delegation of Control Wizard. Select the security group you are using for authorization managers and delegate the following tasks:

  • Create, delete and manage groups
  • Modify the membership of a group

Delegating tasks for computer role groups

In Active Directory Users and Computers, select the User Roles organizational unit, right‑click, then select Delegate Control to start the Delegation of Control Wizard. Select the security group you are using for authorization managers and delegate the following tasks:

  • Create, delete and manage groups
  • Modify the membership of a group

Delegating zone-specific tasks

As a member of the CentrifyAdministrators security group, you can grant zone-specific permissions to the members of the AuthorizationManagers group. After you have created the appropriate zones, you can delegate the following zone administration tasks to authorization managers:

  • Manage roles and rights
  • Manage role assignments
  • Modify computer roles
  • Add computer roles