FIM portal customization
Hello,
I am working with FIM Portal in order to configure several permissions. A specified set of user has access to the portal. The users in the administrator set can access the whole portal. I want to make possible that a manager can see/access in fim portal
only the users that are under his management (users that have as Manager attribute the name of this manager user). Is this possible? If yes, how?
Thank you
July 11th, 2012 8:12am
Indeed an easy task in FIM :-)
Below is from my upcoming book...
http://aka.ms/FIMR2Book
I am afraid I cannot send the pictures as well in this response... hopefully the text will be enough to guide you.
--Managers can see Direct Reports--
Just to exemplify I will walk you through the creation of a new MPR allowing Managers to read information about their direct reports.
This MPR is of Type Request. If you are to use FIM for self-service you will likely end up with quite a few MPRs. Make sure you give them good descriptive names and also a nice description so that it will
be easy to understand its purpose even when looking at it 6-12 months from now.
We will now start to see the beauty of using FIM to manage users. We can define the
Requestor as Relative to Resource. Hopefully you also see how using Reference attributes play a role in this. What we say is that the
Requestor should be the user referenced in the
Manager attribute of the user we try to look at or modify. The
Operation in this case is just
Read resource, but you can easily see how a similar MPR might allow a
Manager to modify some attributes as well. Finally we need to check
Grant permission.
The Target Resource in this case could be
All People or some other Set containing the users we want Managers to see. In this case I simply allow the Managers to see
All Attributes of their Direct Reports.
If you want to limit the attributes read by Managers in this example just select
Select specific attributes and type (separated by semicolon) or search and select attributes in the list of available attributes. Just remember that you will have to update this MPR as soon as there is a new
attribute you would like Managers to see.
The result of this MPR will be that John (a Manager) when he search for users in the FIM Portal will not only find himself but also his Direct Report
Kent (the Consultant that had John as his Manager).
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2012 9:49am
Thank you very much Kent :)
July 11th, 2012 10:37am