Directory Administration Tool - Tutorials - Administrator Guide

Begin by selecting the Administration tab as shown below:

figure1

Notice the Lookup Person button under DAT Users located within the Access section.

Click Lookup Person and enter the PID of the person you wish to assign access to (you may also click the person's pid from the DAT Users list if they already have any DAT access assigned).

figure2

Click Search to continue.

Assigning Permissions

After query completes, you will be shown a list of available permissions to assign to this person on the left column, and a list of already assigned permissions on the right column. Here you may drag and drop multiple permissions from one side to the other which will perform the assignment operations. Lets assign Query Person & Manage Account permission to this person.

figure3

Simply click and hold the Query Person & Manage Account permission, and drag it across to the column on the right as shown below:

figure4

And drop it on the right hand side column. Once the permission is on the right hand side, the permission has been successfully assigned.

Red Permissions

Permissions shown in red are special permissions meant for restricting the already assigned permissions on the right hand column.

For example, Restrict - Query Person restricts the Query Person portion of any access assigned on the right hand column. Referring to the example above, Query Person & Manage Account combined with the Restrict - Query Person restriction will result in an access combination where the user will be restricted to only being able to query for the accounts of people restricted by the criteria Restrict - Query Person was assigned with.

In this case Restrict - Query Person will restrict all query operations by an Organization Code.

Right click Restrict - Query Person on the left hand side column to continue:

Red permissions must be assigned by right clicking them and providing the filtering information required by the individual permission.

Click Put Restrict - Query Person to continue:

figure5

Notice the pop-up box asking you to provide the Organization Code(s) needed for this restriction scope. Enter one or multiple (comma separated) organization codes in the text box as shown below, then click OK to continue.

figure6

The restriction criteria has now been applied to all permissions on the right hand column beginning with Query Person. You may hover over the Restrict - Query Person permission assigned on the right hand column to view the Organization Code(s) it was assigned with as shown below:

figure7

Important: In the case of combining Query Person & Manage Account with Restrict - Query Person alone, it will not be enough to limit a person to manage accounts restricted by the criteria set with the assigned Restrict - Query Person permission. Having only the two permissions assigned will only restrict the person from querying all persons. A Restrict - Manage Person permission will need to be assigned alongside the Restrict - Query Person to fully achieve assigning the set of permissions required to only allow a person to query and manage persons in a given criteria.

Removing Permissions

To remove a permission, simply hold and drag the permission back onto the left hand side column as shown below:

figure8

Hold, drag to the left, and drop.

figure9

Once you have finished assigning permissions, click Close to continue.

To assign access to services, first find the Service you'd like to assign access to. (Use the QuickFind feature to locate a Service by its uusid or uid as shown below):

figure10

Scroll down to Web Service Permissions section to see all the roles already assigned or may be assigned to the Service as shown below:

figure11

Note that in the figure above, the Authorized End-Point Operations: header lists nothing.

To assign access to this service (for the sake of this tutorial we will assign Guest management access) locate the role in the Available Permissions box, drag and drop it to the Active Permissions box as shown below:

figure11

Notice how the Authorized End-Point Operations: was updated to list all endpoints available using this Service.

To remove access, simply drag and drop the role to the Available Permissions box from the Active Permissions box.

Once the role is removed Authorized End-Point Operations: will be updated to reflect the changes as shown below:

figure11