About releasing or reclaiming ownership of entities from a role - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
ft:locale
en-US
Last updated
2025-01-28

If you delete a Federation™ or Active Directory role, you can release ownership of the entities to your local Security Center system. If you recreate the role, it can reclaim ownership of entities that were previously released.

Releasing ownership of entities from a role to a local Security Center system

  • When you delete a Federation or Active Directory role, a dialog box opens to inform you that deleting the role will delete all of its entities. To release entities from the role to your local Security Center system upon role deletion, select the Keep dependent entities option.
  • For the following entity types, ownership can be released or reclaimed by their role:
    Entity type Role
    Cardholder Federation and Active Directory
    Cardholder groups Federation and Active Directory
    Credentials Federation and Active Directory
    Visitors Federation
    Users Active Directory
    User groups Active Directory
  • To release or reclaim an Active Directory cardholder or user, you must also reclaim the cardholder group or user group.
  • You cannot reclaim ownership of the following:
    • Entities that were modified after being released to your local Security Center system.
    • Credentials related to a released cardholder that was deleted.
    • Local credentials that were assigned to a released cardholder.

Reclaiming entities

When you create a Federation or Active Directory role, you can reclaim the ownership of entities that were previously released to the local Security Center system. To enable this, select the Reclaim ownership of local entities option on the Specific info page is selected when you create a new role.

The Specific info page of the dialog box for creating a Security Center Federation role, with the Reclaim ownership of local entities option highlighted.

Selecting specific entity types to release and reclaim

By default, all supported entities types are released or reclaimed by their role. To release or reclaim ownership of specific entity types:

  1. Click Add an item ().
  2. In the Name field, enter FederationReclaimReleaseEntityTypesInclusion.
  3. In the Value field, enter the values that represent the entity types that you want to release or reclaim, separated by a semi-colon:
    Role Entity type Value
    Federation and Active Directory Cardholder Cardholder
    Federation and Active Directory Cardholder group CardholderGroup
    Federation and Active Directory Credential Credentials
    Federation Visitor Visitor
    Active Directory User User
    Active Directory User group UserGroup

Disabling the option to release and reclaim ownership of entities

To stop users from being able to release and reclaim ownership of entities:
  1. Go to System > General settings > Advanced settings.
  2. Click Add an item ().
  3. In the Name field, enter AllowKeepOwnedEntityOnRoleDelete.
  4. In the Value field, enter False.
  5. Click Apply.