Previous Topic: Users, Groups, and Administrative RolesNext Topic: Create a User


Active Directory Restrictions

If you use Active Directory as your user store, you cannot create and delete users and groups in CA ControlMinder Enterprise Management. You do not see the following tasks in the interface, and you cannot assign these tasks to an admin role or a privileged access role:

When you assign admin roles to an Active Directory user, CA ControlMinder Enterprise Management modifies the user profile and notes the admin roles that are assigned to this user in the registered address field.

Note: You can choose to define a user with read-only privileges in the User DN: parameter. However, if you define a user with read-only privileges, you cannot assign admin roles or privileged access roles to users in CA Access Control Enterprise Management. Instead, you modify the member policy for each role to point to an Active Directory group.)