Custom Resource Type in FIM 2010 issue...
I am having an issue with custom resource type in FIM 2010. I am receiving the following error when I run an Export on my FIMMA: **************************************************************************** There is an error executing a web service object creation request. Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException Message: Fault Reason: Policy prohibits the request from completing. Fault Details: <RequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><RequestAdministratorDetails><FailureMessage>No policy grants the Requestor permission to complete all changes. **************************************************************************** I have used the following documentation (http://technet.microsoft.com/en-us/library/ee534912(WS.10).aspx) to create and troubleshoot but nothing I do has resolved the issue. Configuring the Synchronization Service to perform this was completed in about 10 minutes. Of course, I configured everything in the MAs and it worked just like ILM 2007 FP1. Now enter the FIM Portal and all my pain... I have spent numerous hours trying to understand how to make this simple MA flow data into the portal without success. I do not know what I am missing and need help. I am just trying to get this piece working before I attempt Outbound Synch Rule. My steps are outlined below. 1. Created New Resource --> Office 2. Created New Attributes -->Office (indexed string), OfficeId (number) 3. Binded attributes to Office -->Office (indexed string), OfficeId (number) 4. Created the All Offices Set 5. Created the MPR (Administrators can create, modify, or delete a Office resource) 6. Enabled administrators to use the new object and attributes in filters -->added Office and OfficeId attributes to Administrators Filter Permissions, added new object to Synchronization Filter 7. Reset IIS 8. Updated FIMMA Schema 9. Added csObjectId and ExpectedRulesList to metaverse object 10. Selected Office object in FIMMA 11. Mapped Office object to office object 12. Added Import and Export flow of Office attributes and ExpectedRulesList to FIMMA 13. Created Inbound Synch Rule (MV Resource: Office, External System: Office MA, External Resource: Office, Relationship: OfficeId, Create resource in FIM) 14. Initialized FIMMA (FI, FS, EX, DI) 15. Intialized OfficeMA (FI, FS) Results: 132 Export Attribute Flow; 132 Provisioning Adds to FIMMA 16. Ran Export on FIMMA and received the above Thanks for any asistance...
August 15th, 2010 5:24pm

Additional information: I am logged into my FIM Server with my user account (not the FIM Synch Service account). My Office MA is configured to use the FIM Synch Service account to connect to the database to read schema of my source table.
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2010 5:51pm

According to the stack trace, this seems as though policy, as in MPRs, are to blame. The document you are referring to says to add an MPR for administrators; since you are using the built-in sync account, the FIM MA, this account would need to be in your requestor set. I would create a set that includes the built-in sync account, then make another set that includes this set and the Administrators set. This will allow you to modify the new object type either as an admin in the portal or from running the FIM MA.
August 15th, 2010 7:15pm

Glenn, Thanks for your reply... It turned out to be that I had to create the permission MPRs for the Synchronization Engine to the new resource object. Sure wish there was a Notes From the Field with the FIM Portal (that goes back a ways)... Thanks again.
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2010 9:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics