I am in the process of building a request center for FIM. I added a new tab to users' profile which will hold all the custom RCDC for the request center. I want to create 3 custom services: 1- Add the user to the selected group 2- Fill a user attribute 3- Give permission In the first one, I want the user to be able to select which group to join. For example, Join Group: Administration (Checkbox), Accounting (Checkbox), Marketing (Checkbox). And if any of the checkboxes is ticked/ture, the user will be added to the group/s. In the second one, giving the user a job title for example, wrote in a text area box which will show in AD as well. In the third one, give the user any pemission. How can I do all the 3 things above? I know basics how to edit/add to the RCDC but not that much. What I am looking forward to know, is how the RCDC should be, and how it should work actually when ticked/true or unticked/false or when being filled with an attribute. Any help is greatly appreciated. Please try to be as detailed as possible!Regards, John Atick

AFAIK, you can't have "Add the user to the selected group" out of the box in users' profile form, as 'members' is attribute of the group object. I wish I would be wrong.

Or maybe something like, editing the RCDC and adding a browse button for the groups then the users select what they want. Like when you browse for managers and assistants. But not sure how to do that either, but the idea is to be able to choose and join a group. Regards, John Atick

John I like what you are trying to do with 1 and 3, but not 2 ... which sounds like you are trying to dynamically map something to AD when the FIM sync service wants you to map every user attribute persistently. This would also create confusion. Best idea would be to add a separate tab for additional attributes you want to map to AD (including any custom bindings) ... then use the sync engine to map these to AD with FIM being authoritative using a standard SR. As for 1 and 3, change your thinking from static to dynamic FIM groups ... For 1, if you have a checkbox mapping to a boolean user binding "Accounting" then you only have to define a dynamic group with the xpath /Person[Accounting = 'True']. This way FIM will automatically recalculate group membership whenever a user's binding changes value ... and you can use an outbound sync rule to sync your group membership to AD. Similarly for 3, you use a UocIdentityPicker class to manage a multivalue reference binding on your user (e.g. "Permissions"), and then your group definition(s) could look something like /Person[Permissions = /Set[ObjectID = 'xxx...xxx']/ComputedMember] if you were to use a static set(s) to define all of the FIM objects (representing roles) which are applicable to your group(s). The work you need to do first here, however, is decide what you mean by "Permissions" ... so more preliminary design is required there (custom schema, syncing to authoritative role sources, etc.). I have successfully implemented a solution along the lines of #3, but there was a lot of ground work to do before I was in the position to define my role groups in a consistent fashion.Bob Bradley, www.unifysolutions.net (FIMBob?)

Thanks Bob for the tips, I shall try that.Regards, John Atick