Resolution
Directory and Resource Administrator 7.x
symptom
When attempting to add a user account to a group, DRA displays an 'Authorization failed, power escalation has occurred' error message.
symptom
After upgrading from DRA 7.0 or DRA 7.0 SP1 to DRA 7.5, an Assistant Admin who could previously add a user account to a group in an ActiveView in DRA 7.0 or DRA 7.0 SP1 now receives a power escalation error message when attempting to add a user account to a group in the same ActiveView in DRA 7.5.
symptom
Error: 'Authorization failed, power escalation has occurred. An attempt was made to add a power/role that the user does not have, or the operation would have resulted in the user having more powers over the object.'
cause
Power escalation occurs when an Assistant Admin, by adding a user account to a group, gains additional powers over the user account that the Assistant Admin previously did not have. If an Assistant Admin attempts to add a user account to a group, and this addition will result in the Assistant Admin obtaining additional powers over the user account, DRA displays an 'Authorization failed, power escalation has occurred' error message.
fix
DRA 7.0 and DRA 7.0 SP1 do not check for power escalation each time an Assistant Admin adds a user account to a group. However, DRA 7.5 enhances the security of your environment by checking for power escalation each time an Assistant Admin adds a user account to a group. If, by adding a user account to the group, the Assistant Admin performing the operation gains additional power over the user account, DRA 7.5 does not allow the operation and displays an 'Authorization failed, power escalation has occurred' error message.