Management policy behaviour when requestor/target is relative-multivalued attribute
How do management policies behave if the requestoror target is specified as relative - some-multivalued-attribute?Do theyiterate recursively, or can they be made to iterate recursively?I'm considering changing theUserIDattribute in the MV and FIM DB to be multivalued (or creating another multivalued attribute if it's not possible convert the existingattribute to multivalued) - so that a relationship exists between multiple accounts in a single connected systemand a single person in FIM.The goal would be to have management policies that have the requestor or target defined as relative-user_id work for all user ids for that person object.
September 16th, 2009 2:52am

Capirole,By iterating recursively, do you mean MPR gets applied to all the user id's associated with the user?It works like below,For example, if a group has multiple owners and you have an MPR applied to only Owners to update the description of the group, then any owner can update the group.Thanks,Sri
Free Windows Admin Tool Kit Click here and download it now
September 17th, 2009 10:05pm

Thanks Sri,Thats explains how the requestor logic would work, what about the target logic.Say the group has multiple owners (stored in a multivalued attribute of the group) and the description of the group changes, I want some action to happen to all the owners.
September 17th, 2009 11:21pm

would you mind sharing your real scenario in which u want to specify target resources set relative to the principal set?
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2009 12:10pm

Scenario: To handle people with multiple accounts in a single connected system.Seems easiest to create a person/user object for each account they have, but need some way to make the worklfows for new hires/leavers and updating details work across ALL accounts for that person. Was thinking of storing in a custom "Individual" object with a MV attribute listing all the person (account) objects which they own. So if the individual joins/leaves/changes details,ALL the person (account) objects related to them would get processed by the workflow.
September 20th, 2009 11:02pm

Capirole,Target Resource set before/after is used to evaluate whether the action attempted on an object has rights to do. To perform the scenario you have, you may need to right a custom activity using UpdateResourceActivity exposed by FIM to update the attributes as required.Thanks,Sri
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2009 8:56am

I want to point out that the ability to speify target resources set relative to the principal set is cut in RC1. Sorry i couldn't point that out to you earlier, until RC1 is officially released.
October 1st, 2009 10:54pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics