Assign an Application Group to a Role

Applies To: Windows Server 2008


Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.

To effectively use Authorization Manager to control access to resources, you must define which groups of users are associated with which roles. To assign an application group to a role, use the following procedure.

You must be assigned to the Authorization Manager Administrator user role to complete this procedure. By default, Administrators is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.

Assign an Application group to a role

  1. If necessary, open Authorization Manager.

  2. If necessary, open or create an authorization store.

  3. In the console tree, right-click Role Assignments, under either an application or a scope, and choose New role assignment. The Role Assignments folder is used as a container to link groups to roles. Not all roles have groups associated with them since roles can be combined into larger roles.

  4. Select the role to which you want to assign groups by selecting the check box beside the name of the role definitions, then clicking OK. The same role definition can be added to the Role Assignments container more than once. This allows flexibility in managing your assignments.

  5. If desired, change the display name of the role assignment by right-clicking it in the list of role assignments, and choosing Properties.

  6. In the list of role assignments, right-click the role assignment from the previous steps, and choose Assign Users and Groups.

  7. From the fly-out menu, choose From Authorization Manager.

    • A list of Authorization Manager application groups will appear in an Add Groups dialog box.
  8. Select the desired members from the Add Groups dialog box by clicking the checkbox beside each desired member.

  9. Click OK.

Additional considerations

To perform this procedure, you need to have access to an authorization store. By default, members of the Administrators group have the required access, but Authorization manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.

Additional references