How do I delegate the appropriate powers to an Assistant Admin to set the Manager field of a user? (NETIQKB55723)

How do I delegate the appropriate powers to an Assistant Admin to set the Manager field of a user account?


What are the minimum powers an Assistant Admin needs in order to set the Manager field of a user account?

To delegate this ability to an Assistant Admin, 2 powers are required:

• The "View All User Properties" power
• A custom power that allows for modifying the "manager" property of the user account

To create the custom power:

• Open up the Delegation and Configuration console logged in as a DRA Admin (or an account that has the ability to create custom powers)
• Expand Delegation Management and highlight the Powers category
• Right click the Powers category and select New Power
• Select the object type as User and select the Action as Sets the Properties of a User
• If so desired, configure addition permissions assigned to the AA, if not, leave this area at its defaults and click Next
• Check the radio button for Include only listed properties and click Add
• Add the "manager" property to the power
• Give the power a name and description and click finish

Once the custom power is created, assign both the custom power and the "View All User Properties" power to the Assistant Admin from within the Active View.

When the needing to grant an Assitant Admin permissions to update the "Manager" feild of a user account, there can often be a need to restrict the permissions to ONLY this ability.

Formerly known as NETIQKB55723