Nope, can't do it, requires being able to write a blob to
the nTSecurityDescriptor attribute. No insert into function
available.
ActiveRoles *might* allow something like that, Darren
would have to speak to it.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Monday, January 30, 2006 4:56 PM
To: [email protected]
Subject: [ActiveDir] Selectively grant permission modification?
Hi,
Just wanted to double check on
this:
Is it possible to delegate someone
the ability to modify permissions of an object, but only allow them to modify
SOME of those permissions? For example, an email admin who
normally does not modify object ACLs, but who may need to grant
the "SEND AS" object permission to random security
principals throughout the org.
Sorry if this is a repeat question
or answer is obvious (I can take a stab at it!).
Thanks,
DaveC
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
