Directory and Resource Administrator 6.60
Assistant Admins can enable user accounts via the Web console when they are only delegated the power to disable user accounts.
The 6.6 Web Console allows a user account that is disabled to be enabled when only the power "Disable Account - Modify a User Account" has been granted. The MMC grays out this option and works correctly. The Web Console allows full control over the account disable/enable.
This issue is due to a bug in the web console and server:
1) The server code for authorizing user enable/disable is not verifying correct powers.
2) The web console is not checking for the appropriate custom attributes that are needed to enable/disable a user.
This issue is corrected with the release of Directory and Resource Administrator (DRA) 7.0. Install the latest version of DRA to resolve this issue.