Restrict FIM portal access
We have a FIM SSPR that imports users from active directory to the portal. The goal is to restrict all the users from accessing the fim portal (https://fimserver/identitymanagement/) except
for the helpdesk and the administrators so that the implementation supports only SSPR portion. How can we achieve this? I have skimmed through the FIM portal customization part. But is there a way to restrict access to the portal altogether for general users?
May 20th, 2015 10:43pm
Hello HuckleberryFinn.
All users can see any item in portal that has BasicUI in a Keyword. I would restrict BasicUI visibility only to Helpdesk/Admins.
The easiest way is to create two MPRs:
- General: Administrators can read non-administrative configuration resources
and here configure Requestors: Administrators
Operation: Read resource
Permissions: Grant permission (checked)
Target resource: All Basic Configuration Objects
Resource Attributes: All attributes - General: Helpdesk can read non-administrative configuration resources
and here configure Requestors: Helpdesk
Operation: Read resource
Permissions: Grant permission (checked)
Target resource: All Basic Configuration Objects
Resource Attributes: All attributes
Then simply disable MPR named General: Users can read non-administrative configuration resources
To be sure that users would not be able to do anything on the portal you can also copy "General: Users can read schema related resources" MPR to into two MPRs (for Helpdesk and Admins) and disable this built-in one.
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2015 2:25am
Thank you Dominik! That works. The user gets to log in and but is not shown anything except for "Welcome user".
May 21st, 2015 3:03pm