To effectively use Authorization Manager to control access to resources, you must define which groups of users are associated with which roles. To assign a Windows user or group to a role, use the following procedure.
You must be assigned to the Authorization Manager Administrator user role to complete this procedure. By default, Administrators is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.
|Assign a Windows user or group to a role|
If necessary, open Authorization Manager.
If necessary, open or create an authorization store.
In the console tree, right-click Role Assignments, under either an application or a scope, and click New role assignment. The Role Assignments folder is used as a container to link groups to roles. Not all roles have groups associated with them because roles can be combined into larger roles.
Select the role to which you want to assign groups by selecting the check box beside the name of the appropriate role definition, and then click OK. The same role definition can be added to the Role Assignments container more than once. This allows flexibility in managing your assignments.
If desired, change the display name of the role assignment by right-clicking it in the list of role assignments, click Properties, and type the new display name.
In the list of role assignments, right-click the role assignment from the previous steps, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the user names of the desired members. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
- To perform this procedure, you need to have access to an authorization store. By default, members of the Administrators group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.