Access control settings are organized per account. For each account,
permissions are specified. To start setting up a permission entry, you
need to specify an account first. Then, you can set the permissions for
the new account. To add an account, press the Add button in the Directory
security properties window.
See Security - Overview
for more information and how to access this window.
The Specify
input name window is used to
specify the name of an account for which permission settings are setup.
The name can be specified as:
An existing account
name of a user or group: Enter
the name or press the Search button to search for the account name. Example:
the administrators group of domain SEASONS, e.g. SEASONS/Administrators. Note: at run time, User Management Resource
Administrator converts the actual name into it's Windows 2003/2000/NT
Security Identifier (SID). In order for this conversion to succeed, User
Management Resource Administrator must be able to access a domain controller
that maintains the specified account name.
A name containing
a variable(s): In this case
the variable name is resolved at runtime. This construction is often used
for names containing 2 components with one well-known name. Examples:
%Domain%\Administrators, %Domain%\Users. To select a variable, select
it from the Variables list or enter the variable name and press
Insert.
A single variable
name: In this case, the name
corresponds with the value of a single variable. The type of the variable
can differ from the regular text type. For instance, when a user is created
by User Management Resource Administrator in Active Directory, a specific
object is created, which is the Security Identifier (SID) of the user
account. This object uniquely identifies the new user account and where
possible you should use the variable that holds this object. The object
is by default stored in an output property variable - %UserSid%
- and it should be used to identify
the user account in subsequent script action properties. So if you create a user account in Active Directory
and want to setup permissions for a directory that include the user account,
use the variable %UserSid%.
