I'm trying to set permissions on an Active Directory security group to allow users to add/remove themselves from the group,but only themselves. The reading I have done has lead me to believe the 'SELF' principal is basically a place holder and becomes whatever the object is that is authenticated against AD for that context. I.E. when a user authenticates, 'SELF' becomes the permissions for that user object. (Please correct me if I'm wrong on that, but that's what I understood.)
From this then I have assumed that for the specific group I want the permissions on, I have gone into the security tab and allowed 'Add/remove self as member' for that group. This doesn't seem to work though, I still get 'Access Denied' when trying to add to the group as the user.
A little further information; I am using a simple VBScript to add users to the group, which works fine for administrators. The group type is Security Group - Global. If I check the 'Effective Access' tool (under 'Advanced' on the security tab) in the users context I get the following;
Not sure why this would be disallowed having set the permissions I explained above?
James
