I am working on a FIM implementation at a large Healthcare Organisation.  As part of our implementation, we use the FIM Portal to manage Security Groups that in turn provide access to downstream systems.

In order that the SG Owners could search for users to add to the SG's, I had to create an MPR that allowed all Security Group Users to Read Resource, Add or Remove a value to a multivalued attribute, Modify a single-valued attribute and Grant Permissions to a Target Resource of All People.

As far as I can see, there are no obvious instructions to do this on TechNet, following the instructions linked (http://social.technet.microsoft.com/Forums/en-US/4efaeac9-af3c-4694-9a6e-e2644892a80d/allowing-a-user-to-see-security-groups-they-own) did not allow the SG users to see other users via the Portal.  Scouring around the various FIM/IDM blogs similarly didn't give any steer as to creating this new MPR.

My question is - have I ended up using a sledgehammer to crack a nut - and is there a less 'all encompassing' option I could have utilised?