If you delete a Federation™ or Active Directory role, you can release ownership of the entities to your local Security Center system. If you recreate the role, it can reclaim ownership of entities that were previously released.
Releasing ownership of entities from a role to a local Security Center system
- When you delete a Federation or Active Directory role, a dialog box opens to inform you that deleting the role will delete all of its entities. To release entities from the role to your local Security Center system upon role deletion, select the Keep dependent entities option.
- For the following entity types, ownership can be released or reclaimed by their role:
Entity type Role Cardholder Federation and Active Directory Cardholder groups Federation and Active Directory Credentials Federation and Active Directory Visitors Federation Users Active Directory User groups Active Directory - To release or reclaim an Active Directory cardholder or user, you must also reclaim the cardholder group or user group.
- You cannot reclaim ownership of the following:
- Entities that were modified after being released to your local Security Center system.
- Credentials related to a released cardholder that was deleted.
- Local credentials that were assigned to a released cardholder.
Reclaiming entities
When you create a Federation or Active Directory role, you can reclaim the ownership of entities that were previously released to the local Security Center system. To enable this, select the Reclaim ownership of local entities option on the Specific info page is selected when you create a new role.
Selecting specific entity types to release and reclaim
By default, all supported entities types are released or reclaimed by their role. To release or reclaim ownership of specific entity types:
- Click Add an item (
).
- In the Name field, enter FederationReclaimReleaseEntityTypesInclusion.
- In the Value field, enter the values that represent the entity
types that you want to release or reclaim, separated by a semi-colon:
Role Entity type Value Federation and Active Directory Cardholder Cardholder Federation and Active Directory Cardholder group CardholderGroup Federation and Active Directory Credential Credentials Federation Visitor Visitor Active Directory User User Active Directory User group UserGroup
Disabling the option to release and reclaim ownership of entities
To stop users from being able to release and reclaim ownership of entities:
- Go to .
- Click Add an item (
).
- In the Name field, enter AllowKeepOwnedEntityOnRoleDelete.
- In the Value field, enter False.
- Click Apply.