Update description field on a managed unit fail

Hi

In the Helpdesk site I have created custom form with access to the description attribute and linked this to the directory object type of a Managed Unit. I have also created a user account with limited permissions in ARS but enough to allow changes to the Description attribute on the managed unit as far as I can see. The link to this custom form is visible to the user when in the web interface but when I open up the form the description attribute  is visible but greyed out.

At first I thought there was some issues with the web interface but narrow things down I opened up a Powershell command prompt running as this user and tried to change the description attribute from there like this:

$conn = Connect-QADService -Proxy

$strMU = "CN=Managed Units,CN=Configuration"

$mu = Get-QADObject -SearchRoot $strMU -Connection $conn -Type edsManagedUnit | where {$_.Name -eq "MyManagedUnit"}

$mu | Set-QADObject -Description "NewDescription" -Proxy

Set-QADObject : Administrative Policy returned an error.
Attempted to perform an unauthorized operation.
At line:1 char:8
+ $mu | Set-QADObject -Description "NewDescription" -Proxy
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=MyManagedUnit,...N=Configuration:String) [Set-QADObject], ObjectAlreadyExistsException
+ FullyQualifiedErrorId : ActiveRoles.ManagementShell.Powershell.Cmdlets.SetObjectCmdlet

I have tried to give this user more or less full access permission to "CN=Managed Units,CN=Configuration" but I still don't succed with this operation unless I use my ARS Admin account. I also find see three events in the "Active Roles Admin Service" eventog that confirms that the update operation is unsuccessful:

EventID 2002 (Information)

Operation on an object failed due to the 'Access is denied' error.
Object: CN=MyManagedUnit,CN=Test,CN=Managed Units,CN=Configuration
Object type: edsManagedUnit
Action: SetInfo
Attributes involved in the operation: description 

EventID 2001 (Information)

Pre-processing operation on object caused a policy violation
Policy: AccessCheck
Object: CN=MyManagedUnit,CN=Test,CN=Managed Units,CN=Configuration
Details: Administrative Policy returned an error. Attempted to perform an unauthorized operation.

EventID 2693 (Error)

Operation failed
Operation ID:
Operation GUID: 00000000-0000-0000-0000-000000000000
Details:
Administrative Policy returned an error.
Attempted to perform an unauthorized operation.

Additional information on my environment:

The version of ARS I'm using is 7.3.1.47

Everything works as expected with my ARS Admin account

What type of permission am I missing here? Has anyone seen this behaviour before?

Regards

Staffan

Parents Reply Children
No Data