 Account Manager |
Enables trustees to create, delete and modify users and groups.
|
This Role should be assigned ON user or group accounts or on containers, groups, organizational units,
Business Units or domains that contain user or group accounts.
|
| Blind User |
Disallows trustees to view AD objects or Business Units included in the assignment scope of this Security Role.
|
This Role should be assigned TO users or groups, which you want to disallow viewing specific
objects, ON the objects they are not allowed to view.
|
| Computer Manager |
Enables trustees to create, delete and modify computer accounts.
|
This Role should be assigned ON computer accounts or on containers, groups, organizational units,
Business Units or domains that contain computer accounts.
|
| Contact Manager |
Enables trustees to create, delete and modify contacts.
|
This Role should be assigned ON contacts or on containers, groups, organizational units, Business Units
or domains that contain contacts.
|
 Domain User |
Enables trustees to read all object properties. This Role allows users from Managed Domains
to view objects in all domains managed by the service.
|
This Role should be assigned TO the Authenticated Users security principal
ON the resources access to which you want to allow or deny for all users from Managed Domains.
|
| Exchange Recipient Manager |
Enables trustees to create, move and delete Exchange mailboxes, mail-enable and
mail-disable users, contacts, and groups.
|
This Role should be assigned ON users, contacts and groups, or on containers, groups,
organizational units, Business Units or domains that contain users, contacts and groups.
|
| Group Manager |
Enables trustees to modify properties and add/remove members to/from existing groups.
|
This Role should be assigned ON group accounts or on containers, groups, organizational units,
Business Units or domains that contain group accounts.
|
| Help Desk |
Enables trustees to reset user passwords, enable or disable user accounts and change other user account options.
|
This Role should be assigned ON user accounts or on containers, groups, organizational units,
Business Units or domains that contain user accounts.
|
| HR Manager |
Enables trustees to create, delete and modify user accounts, add/remove members from groups.
|
This Role should be assigned ON user or group accounts or on containers, groups, organizational units,
Business Units or domains that contain user or group accounts.
|
| Service Log Inspector |
Enables trustees to read the logging information on any operation performed via the Adaxes service.
|
This Role should be assigned TO users or groups, which you want to allow read all logging information.
|
| Super Manager |
Enables trustees to create, modify and delete all objects.
|
This Role should be assigned ON objects, for which you want to grant the corresponding elevated permissions.
When assigned over Configuration Objects it allows trustees to manage all configuration objects (Business Rules, Security Roles, Property Patterns,
Custom Commands, Business Units, Scheduled Tasks, and Managed Domains).
|
| User Self-Service |
Enables trustees to modify some properties and change passwords of their own accounts.
Also allows users to view logging information on their own user accounts and configure auto-replies for themselves.
|
This Role should be assigned TO the Self security principal ON those user accounts,
for which you want to allow self-service.
|