Delegation with ADAM

Yokohama Platform security

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Delegation with ADAM

Release version: Yokohama

Updated January 30, 2025

1 minute to read

Once the OU structure is created, define the permission delegations to properly secure the objects to limited users.

As with Active Directory, there are two general ways to grant permissions:

Add users to a group that already has the appropriate permissions assigned.
Define new permissions on the ADAM objects.

For this task, we discuss object level permissions. Refer to the Group Administration section for information on group memberships.

Since we don’t have a Users and Computers console for ADAM, all object level permissions are defined using the Active Directory utility DSACLS.exe. This file is found in the ADAM program directory. When running ADAM utilities it is best to launch the ADAM Tools Command Prompt. This ensures the proper versions of the tools. DSALCS is used to view and set object access rights.

Example: "dsacls \\localhost:50010\dc=myCompany,dc=adam" displays the permissions assigned to the root of partition dc=myCompany,dc=adam running on the localhost, port 50010. DSACLS is a complex tool used to create complex delegation. Run "DSACLS /?" for usage notes.