Resolution
What powers will apply if an Assistant Admin has been delegated powers over multiple ActiveViews?
fact
Directory and Resource Administrator 6.x
Directory and Resource Administrator 7.x
Directory and Resource Administrator 8.x
fix
If an Assistant Admin is delegated powers over multiple ActiveViews, he or she can perform only the operations over the objects included in the same ActiveView definition. In order for an ActiveView to properly function, the ActiveView must include the following:
- Assistant Admin
- Roles and\or Powers
- Objects
The Assistant Admin must be assigned to the ActiveView and must be delegated roles and\or powers to perform functions over the objects which are included in the ActiveView.
For example:
An Assistant Admin is assigned to two ActiveViews, AV1 and AV2. AV1 includes all user accounts in the domain and the Assistant Admin has the powers to update the 'All user account properties' power. AV2 includes all groups in the domain and only includes users from a single Organizational Unit called OU1, the Assistant Admin has the powers to the power to modify group membership in this ActiveView.
If the ActiveViews are configured as mentioned above, the Assistant Admin will NOT be able to add a user account from any Organizational Unit except users from OU1, to groups. This is because the users are not included in the ActiveView defination in AV2. In order for the Assistant Admin to be able to add users from any Organizational Unit in the domain to groups AV2 must be configured to include all user accounts in the domain as well.
Objects and Powers assigned to an Assistant Admin do not span ActiveViews.