AzMan/ADAM store permissions

Discussion in 'ASP .Net Security' started by Guest, Jun 29, 2009.

  1. Guest

    Guest Guest

    Firstly, I'm not sure this is the best place to be asking this
    question, so if you know of a better location then please let me know.

    I've recently configured an ADAM instance to hold an AzMan application
    store to authorise my users to perform specific actions within my web
    app. This works just great and everyone is happy. That's the good
    news. The bad news is that whilst managing the store locally on my PC
    I decided (based on lack of information) to delete the store rather
    than close it through my AzMan snap-in. The result? Not entirely
    unexpected as it deleted the store from ADAM and hence stopped all
    authorisation requests. It took me an hour to rebuild the store as
    backups were not what they should have been (that's another issue).

    So on to my question: Is it possible to grant some administrator users
    access to a store, but amend their permissions so that they can not
    delete it? I would envisage that another administator user still
    remain defined who does have permissions, but that this account would
    be a special setup and not a day to day account.

    Regards,

    mike
     
    Guest, Jun 29, 2009
    #1
    1. Advertising

  2. Guest

    Joe Kaplan Guest

    Yes, although you can't use the actual Adminstrators role group for this.
    You'd need to create your own group and delegate specific permissions in
    ADAM. Essentially, you want to ensure that you grant the appropriate create
    and modify permissions without delete or delete tree. Don't give "full
    control".

    Permissions in ADAM use the same model as AD which is very granular.
    However, it can be a little confusing figuring out what exactly you need to
    grant to get the behavior you want. Testing with test objects you create is
    a good idea. :)

    Use the ACL editor in LDP to get the most control/visibility into what you
    are actually setting.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "<M>" <> wrote in message
    news:...
    > Firstly, I'm not sure this is the best place to be asking this
    > question, so if you know of a better location then please let me know.
    >
    > I've recently configured an ADAM instance to hold an AzMan application
    > store to authorise my users to perform specific actions within my web
    > app. This works just great and everyone is happy. That's the good
    > news. The bad news is that whilst managing the store locally on my PC
    > I decided (based on lack of information) to delete the store rather
    > than close it through my AzMan snap-in. The result? Not entirely
    > unexpected as it deleted the store from ADAM and hence stopped all
    > authorisation requests. It took me an hour to rebuild the store as
    > backups were not what they should have been (that's another issue).
    >
    > So on to my question: Is it possible to grant some administrator users
    > access to a store, but amend their permissions so that they can not
    > delete it? I would envisage that another administator user still
    > remain defined who does have permissions, but that this account would
    > be a special setup and not a day to day account.
    >
    > Regards,
    >
    > mike
     
    Joe Kaplan, Jul 10, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Herman \(Parallelspace\)

    ASP.NET 2.0, MS AD/ADAM and Authorization Manager (AzMan)

    Michael Herman \(Parallelspace\), Jul 6, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    895
    Michael Herman \(Parallelspace\)
    Jul 9, 2005
  2. =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=

    ADAM and AzMan with ASP.NET 2.0

    =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=, Feb 24, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    596
    =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=
    Feb 24, 2006
  3. Bais

    Specify user for Azman/ADAM role manager

    Bais, Jan 11, 2006, in forum: ASP .Net Security
    Replies:
    5
    Views:
    187
  4. James Coleman

    ADAM & AzMan with ASP.NET 2.0

    James Coleman, Feb 25, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    155
    DeadOnArrival
    Mar 8, 2006
  5. tm
    Replies:
    1
    Views:
    246
    Dominick Baier
    Aug 21, 2006
Loading...

Share This Page