Applies to: Cayosoft Administrator 5.x or later.
When you creating a new Web Administrator role, you can define which actions will be available for certain trustees.
If you want to make some attributes read only within a form or even hide them, you need to use Attribute policies.
This article will help you to setup delegation role and attribute policy so your delegation admins will be able to have access to view the User Properties action, but not have access to make any changes within this form.
Make read only all controls on User Properties form
This is step by step instructions how to make read only all controls on User Properties form using Attribute Policy. Same steps can be applied on other forms, the only thing that need to do - change policy scope to use another web query and actions in step 7.
Note: it is assumed that you have already created a role with necessary trustee permissions in HOME > CONFIGURATION > Roles > Web Administrators. How to create a new web administrator role you can read here: https://www.cayosoft.com/documentation-role-based-delegation-attribute_security/#_Delegating_the_Web_Administrators_Role
- Open Cayosoft Administrator Console and navigate to HOME > CONFIGURATION > Web Interface > Attribute Policies
- Click the button Add Attribute Policy in the upper right corner
- Enter the name of the new policy
- Expand the Policy Details of the new policy
- If you need the policy to be applied to everyone who is using Cayosoft Web Interface leave radio button ‘Policies Applied to everyone’ selected. Overwise, select ‘Policies applied only to specific Trustees’, then click Add button and select required users or groups
- Click Add scope at the bottom right of the Policy Scope section
- In Specify Policy Scope dialog do the following:
a) Select the Active Directory admin unit in the first column (you can select any others AD units if needed)
b) Select the AD Users Web Query in the second column (you can select additional web queries if needed like, AD User Templates, AD Users (Inactive), etc)
c) Select Properties in the third column
d) Click OK
- Click the scope in the policy to select it
- Select Enable multi-selection checkbox
- Click on topmost checkbox to select all attributes
- Click on Edit Policy button
- Select first checkbox near 'Is Read-only' option so it become available for edit
- Select seconnd checkbox near 'Is Read-only' option to turn it on
- Click OK to close the dialog
- Save Changes