RE: ADAM, AzMan question

From: Reza (Reza_at_discussions.microsoft.com)
Date: 04/29/05


Date: Fri, 29 Apr 2005 13:04:04 -0700

Hi

 When you add a role definition it is actually a task with an attribute of
RoleDefinition="True". This is IsRoleDefinition property of IAzRole in fact.
Authorization Manager application of microsoft restricts us to create a role
definition
first then put it in Role Assignments folder. This is actually not a must.
By APIs you can add a role to an application and you can see that role is in
Role Assignments folder without anything in Role Definition folder.

 Regards.
 Reza.

"Morten Overgaard" wrote:

> Hi Sirs.
>
> Sorry for the cross posting but I did not no in what group to put this
> question :-)
>
> Anybody knows if the following setup will work:
> Use ADAM (win2003 Server) as a policy store for AzMan where users/groups
> will be assigned from a Windows2003 AD?
>
> And another one
>
> It seems that "Role definitions" created in AzMan is stored in ADAM as
> "msDS-AzTask". Why??? and when a role has been assigned a windows user
> account it also appears as a "msDS-Az-Role" in ADAM. How come??
>
>
> Regards Morten.
>
>
>