Giving users control over their groups

  • Thread starter Thread starter bryars
  • Start date Start date
B

bryars

Hi,

I'm writing an application in .net and I want to provide a user the
ability to add users in and out of just two specific groups. Is this
possible? If it is then I can add a nice little front end in the
application to control the AD groups programatically.

Here's the scenario

The app uses these groups to manage SQL2005 Stored Procedure
permissions, as an example lets call them the

"Booking Application I can delete bookings delete invoices etc Group"

and the

"Booking Application I'm a normal user who has limited functionality
Group"

The scenario is the "Team Leader/Manager" of a booking application
should be able to move "team member" into and out of these groups. But
clearly shouldn't be able to move himself into the Doman Admin group
etc etc.

Regards,

Daniel
 
Create two groups one the group that you want for grouping your users (Call
this group_users) and a second that controls membership of group_users (Call
this group_jr_admins). Place the user(s) that you want to be able to manage
group_users in group_jr_admins. Go to the properties of group group_users,
select the security tab and add group_jr_admins and give them full control
over group_users. The only issue is group_jr_admins could delete the group
group_users since they have full control but this is the only drawback, you
could go into the advanced features and nail it down to specific security
attributes but for something this small I wouldn't worry about it.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Great Thank you!


Paul said:
Create two groups one the group that you want for grouping your users (Call
this group_users) and a second that controls membership of group_users (Call
this group_jr_admins). Place the user(s) that you want to be able to manage
group_users in group_jr_admins. Go to the properties of group group_users,
select the security tab and add group_jr_admins and give them full control
over group_users. The only issue is group_jr_admins could delete the group
group_users since they have full control but this is the only drawback, you
could go into the advanced features and nail it down to specific security
attributes but for something this small I wouldn't worry about it.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Back
Top