{"id":218,"date":"2026-04-01T09:25:59","date_gmt":"2026-04-01T08:25:59","guid":{"rendered":"https:\/\/overlaps.co.uk\/docs\/?page_id=218"},"modified":"2026-04-01T09:35:30","modified_gmt":"2026-04-01T08:35:30","slug":"individual-permissions","status":"publish","type":"page","link":"https:\/\/overlaps.co.uk\/docs\/overlaps-documentation\/configuration\/container-permissions\/individual-permissions\/","title":{"rendered":"Individual Permissions"},"content":{"rendered":"\n

The permissions available to each user are split into sections:<\/p>\n\n\n\n

Computer Information Permissions<\/h3>\n\n\n\n
Icon<\/th>Permission<\/th>Description<\/th><\/tr><\/thead>
\"Read<\/td>Read Computer Information<\/td>Allows the user to bring up the Computer Information window for computers in this container. Computer Information includes common attributes from Active Directory, such as Operating System information.<\/td><\/tr>
\"Write<\/td>Write Computer Information<\/td>(Requires the Read Computer Information permission) This allows the user to edit the description of the computer from the Computer Information window. This requires OVERLAPS to have write permission to the Description property.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Computer Management Tools<\/h3>\n\n\n\n

This list of permissions require Computer Management Tools to be enabled and configured (see Computer Management Settings<\/a> for information on enabling the tools, and Computer Management Tool Permissions<\/a> for information on the required permissions setup.)<\/p>\n\n\n\n

Icon<\/th>Permission<\/th>Description<\/th><\/tr><\/thead>
\"Permission<\/td>Trigger Group Policy Update<\/td>Allows the user to run a Group Policy Update Computer Management Tool on the selected computers in this container.<\/td><\/tr>
\"Permission<\/td>Ping Computer<\/td>Permits the user to run an ICMP Ping on any computers selected in this container.<\/td><\/tr>
\"Permission<\/td>Restart Computer<\/td>Permits the user to remotely restart any computers in this container.<\/td><\/tr>
\"Permission<\/td>Shutdown Computer<\/td>Permits the user to remotely shutdown computers in this container.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Read Password Permissions<\/h3>\n\n\n\n
Icon<\/th>Permission<\/th>Description<\/th><\/tr><\/thead>
\"Permission<\/td>Read Passwords<\/td>With this option checked, the user\/group can read the password of any computer in this Organizational Unit.<\/td><\/tr>
\"Permission<\/td>Read Passwords with Authorisation<\/td>Alternatively, checking this option will allow the user\/group to read the password of any computer in this Organizational Unit, but they will need to submit an Authorisation Request first which must be authorised by one or more nominated Authorisers.<\/td><\/tr>
\"Permission<\/td>Read Passwords with Justificaton<\/td>This option acts much like the “Read Passwords with Authorisation” setting, but instead of going through an entire authorisation process, the user must simply provide some information about why they needed access to the password, which is recorded in the History Log.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Reset\/Expire Password Permissions<\/h3>\n\n\n\n
Icon<\/th>Permission<\/th>Description<\/th><\/tr><\/thead>
\"Permission<\/td>Expire Passwords<\/td>With this option checked, the user\/group can expire the password of any computer in this Organizational Unit. This will trigger the computer to reset its password when it next runs a Group Policy update.<\/td><\/tr>
\"Permission<\/td>Expire Passwords with Authorisation<\/td>As with the Read Password permissions, this also allows users to expire passwords, but will require them to submit an Authorisation Request first.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Authorisation Request Authoriser Permissions<\/h3>\n\n\n\n
Icon<\/th>Permission<\/th>Description<\/th><\/tr><\/thead>
\"Permission<\/td>Authoriser for Normal User Requests<\/td>Checking this option nominates this user\/group as an Authoriser for normal user requests. When a user who requires authorisation attempts to perform a relevant action, these users will be notified by email and must login to OVERLAPS to authorise the action. In order to have users who require authorisation to read or expire passwords, the container must also have at least one Authoriser.<\/td><\/tr>
\"Permission<\/td>Authorise Self-Service Requests<\/td>As with the regular Authoriser permissions, except this user has permission to authorise Self-Service users to read computer passwords.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Rules for Permissions<\/h2>\n\n\n\n

There are a few rules to consider when settings permissions on a container:<\/p>\n\n\n\n

    \n
  1. Users can either have “Read<\/strong>” permission or “Read with Authorisation<\/strong>” permission, you cannot check both.<\/li>\n\n\n\n
  2. Users cannot have both “Read with Authorisation<\/strong>” and “Read with Justification<\/strong>” permissions.<\/li>\n\n\n\n
  3. Similarly, users can only have “Expire<\/strong>” or “Expire with Authorisation<\/strong>” permissions.<\/li>\n\n\n\n
  4. In order to add users who require authorisation, the container must have at least one nominated Authoriser user.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    The permissions available to each user are split into sections: Computer Information Permissions Icon Permission Description Read Computer Information Allows the user to bring up the Computer Information window for computers in this container. Computer Information includes common attributes from Active Directory, such as Operating System information. Write Computer Information (Requires the Read Computer Information […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":66,"menu_order":100,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-218","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/comments?post=218"}],"version-history":[{"count":2,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/218\/revisions"}],"predecessor-version":[{"id":234,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/218\/revisions\/234"}],"up":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/66"}],"wp:attachment":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/media?parent=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}