Interesting approach there - I like the way you've used the search scope that way. Essentially you want to look for all users who have the same "region" or "branch" as the logged in user ... so let's explore the above idea where region and branch are just string attributes ... What we would like to be able to do is the following queries in our search scope(s): /Person[branch=/Person[ObjectID='%LoginID%']/branch] ... and another search scope "Users in my Region": /Person[region=/Person[ObjectID='%LoginID%']/region] Sound fair? Unfortunately not ... even in a search scope, the above xpath is illegal. You must use reference attributes to do this sort of xpath queries. So ... in order to adopt the above approach for ALL region and branch values you would have to create a search scope/set/mpr triple for each and every region and each and every branch. This can of course be done, but unless you only had a handful of these you would want to auto-generate them somehow, perhaps using a Powershell script, or alternatively use custom workflow activities to generate them. OK - so the above will work if you instead use reference attributes like I explained above. If you have that, then I would like to see how you could combine the 2 ideas above to use only 2 search scope/set/mpr triples. Let us know how you go!Bob Bradley (FIMBob!) ... now using Event Broker 3.0 @ http://www.unifysolutions.net/ourSolutions.cfm?solution=event for just-in-time delivery of FIM 2010 policy via the sync engine

pretty interresting ! i might even try that myself Hitch Bardawil

If you are defining Sets for your regional users, and if you are also defining MPRs for those sets to dictate the attributes a user can see of their fellow regional users, then you can make a pretty simple search scope just by referencing an attribute that a user can only see on the local users. Eg., if a user can only see "JobTitle" for other users in the same region then use the Search Scope filter: /Person[JobTitle != ''] So the search scope filter is simple and universal, but you will need at least one Set and MPR per region.http://www.wapshere.com/missmiis

Hi, Could anyone please suggest me on the below requirement. We have user in FIM with attributes branch(like Chennai,Mumbai,Delhi,banglore),region (like North,west,east,south). If a user of Delhi Branch login in the FIM and search the user, he should see all the user of Delhi branch only and a user belongs to Mumbai branch can see all the user of Mumbai branch only. I checked in FIM at location Administrator---------> Serach Scope------> All User, Filter scope for All user is /Person. So it display all the users in FIM. Kindly help me to modify query for serach filter. or is there any other option for it. query like Serach all the user whose branch is same as login user's branch Appreciate your help and thank in Advance!!!!!!!!

To do what you are looking to do you need to set up your branch and region bindings on Person to be REFERENCE attributes (see my latest post on why). Let's say you create two new resource types: Branch and Region, and two new reference attributes bound to user, say branchID and regionID. What you can then do is create a new search scope "Users in my Branch" and make this the default search scope ... with a filter something like this: /Person[branchID=/Person[ObjectID='%LoginID%']/branchID] ... and another search scope "Users in my Region": /Person[regionID=/Person[ObjectID='%LoginID%']/regionID] Of course you can define combination search scopes too, but I'll leave them up to you :) That's the way I'd be approaching your requirements.Bob Bradley (FIMBob!) ... now using Event Broker 3.0 @ http://www.unifysolutions.net/ourSolutions.cfm?solution=event for just-in-time delivery of FIM 2010 policy via the sync engine

personally i'd do this by creating custom search scope and allowing only a set of users to see the scope depending on the keyword you set in your custom scope check out my blog for more details :http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/07/22/management-policy-rules-and-portal-security.aspx hope this helpsHitch Bardawil

Thanks all for supporting. I am trying all the approaching to solve the issue.