Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > AzMan/ADAM store permissions

Reply
Thread Tools

AzMan/ADAM store permissions

 
 
Guest
Posts: n/a
 
      06-29-2009
Firstly, I'm not sure this is the best place to be asking this
question, so if you know of a better location then please let me know.

I've recently configured an ADAM instance to hold an AzMan application
store to authorise my users to perform specific actions within my web
app. This works just great and everyone is happy. That's the good
news. The bad news is that whilst managing the store locally on my PC
I decided (based on lack of information) to delete the store rather
than close it through my AzMan snap-in. The result? Not entirely
unexpected as it deleted the store from ADAM and hence stopped all
authorisation requests. It took me an hour to rebuild the store as
backups were not what they should have been (that's another issue).

So on to my question: Is it possible to grant some administrator users
access to a store, but amend their permissions so that they can not
delete it? I would envisage that another administator user still
remain defined who does have permissions, but that this account would
be a special setup and not a day to day account.

Regards,

mike
 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      07-10-2009
Yes, although you can't use the actual Adminstrators role group for this.
You'd need to create your own group and delegate specific permissions in
ADAM. Essentially, you want to ensure that you grant the appropriate create
and modify permissions without delete or delete tree. Don't give "full
control".

Permissions in ADAM use the same model as AD which is very granular.
However, it can be a little confusing figuring out what exactly you need to
grant to get the behavior you want. Testing with test objects you create is
a good idea.

Use the ACL editor in LDP to get the most control/visibility into what you
are actually setting.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"<M>" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Firstly, I'm not sure this is the best place to be asking this
> question, so if you know of a better location then please let me know.
>
> I've recently configured an ADAM instance to hold an AzMan application
> store to authorise my users to perform specific actions within my web
> app. This works just great and everyone is happy. That's the good
> news. The bad news is that whilst managing the store locally on my PC
> I decided (based on lack of information) to delete the store rather
> than close it through my AzMan snap-in. The result? Not entirely
> unexpected as it deleted the store from ADAM and hence stopped all
> authorisation requests. It took me an hour to rebuild the store as
> backups were not what they should have been (that's another issue).
>
> So on to my question: Is it possible to grant some administrator users
> access to a store, but amend their permissions so that they can not
> delete it? I would envisage that another administator user still
> remain defined who does have permissions, but that this account would
> be a special setup and not a day to day account.
>
> Regards,
>
> mike


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
In-depth documenation on User Permissions, Group Permissions, ACLs, DCLs etc. Curt K ASP .Net 0 11-03-2006 04:54 PM
to store or not to store an image =?Utf-8?B?UnVkeQ==?= ASP .Net 6 03-30-2005 05:51 AM
ASPX file returning obscur runtime error - after changing permissions to a subweb (.net app) to different permissions than on its parent ? Isabelle ASP .Net 0 08-11-2004 02:04 PM
Re: Permissions - giving "everyone" full permissions is bad ? Scott Allen ASP .Net 0 07-13-2004 08:54 PM
File shaing - how to set permissions? HowburyPete Wireless Networking 2 07-07-2004 03:22 PM



Advertisments