Custom Controls read permissions
We are using FIM RC1 and we have modified the "Resource Control Display Configurations" for create/edit users. We have created custom controls for custom user attributes that we have created in the schema. In a management policy rule, we have restricted a group of users from reading all attributes of other users except display name and account name. However, when a user from this group, clicks to edit a user, he can see the two attributes to which he has read permissions but also he can see the custom controls (the text boxes and drop down menus that we added using RCDC.) although the user cannot read the correct values of the attributes in thesecontrols but he can see these controls and it is worse because he cannot read the correct values so it is misleading. My question is: why are these custom controls appearing and is there a default security to set on them while creating them in the xml file for RCDC. Thanks for any helpMM
December 1st, 2009 10:36am

Hi! Have you tried using the Visible property and bound it to the rights data source? For example like this: <my:Property my:Name="Visible" my:Value="{Binding Source=rights, Path=DisplayName}"/> If you don't have a rights data source in your RCDC add one with this row: <my:ObjectDataSource my:TypeName="PrimaryResourceRightsDataSource" my:Name="rights"/> I can't promise it works but I believe it should and unless it doesn't I recommend we add a feature request to the Connect site for allowing the RCDC visible property to handle the NoAccess value as a false. The problem with the rights data source is that it stores values as Unknown, NoAccess, ReadOnly and ReadWrite strings. //HenrikHenrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2009 12:51pm

Thanks Henrik, I tried the Visible property as you advised but it did not change in the ouput. however your reply gave me an idea to use the my:RightsLevel="{Binding Source=rights, Path=DisplayName}" in the definition of the control and it worked. now if the user does not have read permission on teh attribute, the corresponding control is not appearing. Thanks for the hintMM
December 1st, 2009 2:58pm

Ok! I thought you have tried that already and the RCDC reference says the controls will only be enabled/disabled when using the rights level. If the controls are hidden when read access is denied then a feature request for handling this with the Visible property is pretty useless. //HenrikHenrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2009 6:47pm

Hi Henrik, do you know of a method to disable a text box using XML in the FIM porta when another control(for example checkbox ) is selected. for example i have checkbox A textbox A and textbox B. I want when the user selects checkbox A, to disable textbox B. is this doable? ThanksMM
January 5th, 2010 9:13am

Hi! Unfortunately thats not possible since there's no way to hook event handlers to RCDC's. Hopefully that's something the product team plans to implement in the future. //Henrik Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2010 11:24am

ok Thanks HenrikMM
January 5th, 2010 12:25pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics