FIM portal customization
Hello, I am working with FIM Portal in order to configure several permissions. A specified set of user has access to the portal. The users in the administrator set can access the whole portal. I want to make possible that a manager can see/access in fim portal only the users that are under his management (users that have as Manager attribute the name of this manager user). Is this possible? If yes, how? Thank you
July 11th, 2012 8:12am

Indeed an easy task in FIM :-) Below is from my upcoming book... http://aka.ms/FIMR2Book I am afraid I cannot send the pictures as well in this response... hopefully the text will be enough to guide you. --Managers can see Direct Reports-- Just to exemplify I will walk you through the creation of a new MPR allowing Managers to read information about their direct reports. This MPR is of Type Request. If you are to use FIM for self-service you will likely end up with quite a few MPRs. Make sure you give them good descriptive names and also a nice description so that it will be easy to understand its purpose even when looking at it 6-12 months from now. We will now start to see the beauty of using FIM to manage users. We can define the Requestor as Relative to Resource. Hopefully you also see how using Reference attributes play a role in this. What we say is that the Requestor should be the user referenced in the Manager attribute of the user we try to look at or modify. The Operation in this case is just Read resource, but you can easily see how a similar MPR might allow a Manager to modify some attributes as well. Finally we need to check Grant permission. The Target Resource in this case could be All People or some other Set containing the users we want Managers to see. In this case I simply allow the Managers to see All Attributes of their Direct Reports. If you want to limit the attributes read by Managers in this example just select Select specific attributes and type (separated by semicolon) or search and select attributes in the list of available attributes. Just remember that you will have to update this MPR as soon as there is a new attribute you would like Managers to see. The result of this MPR will be that John (a Manager) when he search for users in the FIM Portal will not only find himself but also his Direct Report Kent (the Consultant that had John as his Manager).
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2012 9:49am

Thank you very much Kent :)
July 11th, 2012 10:37am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics