You may want to allow additional people to manage your authorization store without granting them additional rights in the operating system. To do so, use the following procedure.
You must be assigned to the Authorization Manager Administrator user role to complete this procedure. By default, Administrators is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.
|Allow other users to administer an authorization store|
If necessary, open Authorization Manager.
If necessary, create or open an authorization store.
In the console tree, right-click the authorization store, and then click Properties.
In the Properties dialog box, click the Security tab.
Under Authorization Manager user role, click Administrator.
Under Users and groups that are assigned to this role, click Add or Remove to add or remove users and groups to which you want to assign the Administrator role.
- To perform this procedure, you need to have
access to an authorization store. By default, members of the
Administrators group have the required access, but
Authorization Manager allows you to delegate responsibility. For
more information, see "Additional references" in this topic.
- Any user or group who is assigned to the
Policy Administrator, Policy Reader, or Policy
Delegated User role at any level (store, application, or scope)
for an Authorization Manager store that is stored in an Active
Directory Lightweight Directory Services (AD LDS) partition
must also be added to the AD LDS Reader role of that
AD LDS partition. AD LDS was formerly known as Active
Directory/Application Mode (ADAM).