none
AIC Create Resource - ...rejected because of access control policies.

    Question

  • I've been working through this tutorial on creating and loading custom activity workflows:

    http://msdn.microsoft.com/en-us/library/windows/desktop/ff859524.aspx

    All seems relatively well up until under Configuring the Activity in FIM, I create an Activity Information Configuration resource for the activity per the instructions.  Upon submitting, I get the following error:

    Error processing your request: The operation was rejected because of access control policies.
    Reason: The operation failed as a result of insufficient access rights.
    Attributes: IsAuthorizationActivity
    Correlation Id: 794890b2-1363-4270-a684-c6131ef9f7cd
    Request Id:
    Details: No policy grants the Requestor permission to complete all changes.

    The current portal user (FIM portal admin account I created) is attempting to craete the resource, so not sure why there would be access control policy stopping that account.  THoughts?

    Sunday, December 30, 2012 7:43 PM

Answers

  • Hi Osho

    this is a known issue :)

    To create Activity Information Configuration resources, you may have to modify the out-of-box management policy rule (MPR) named Administration: Administrators control configuration related resources and change the target attributes to All Attributes. This change grants the administrators permission to set any kind of attribute in any configuration resource.

    • Marked as answer by Osho27 Monday, December 31, 2012 1:26 PM
    Monday, December 31, 2012 12:41 PM

All replies

  • Hi Osho

    this is a known issue :)

    To create Activity Information Configuration resources, you may have to modify the out-of-box management policy rule (MPR) named Administration: Administrators control configuration related resources and change the target attributes to All Attributes. This change grants the administrators permission to set any kind of attribute in any configuration resource.

    • Marked as answer by Osho27 Monday, December 31, 2012 1:26 PM
    Monday, December 31, 2012 12:41 PM
  • that was it, thank you.
    Monday, December 31, 2012 1:26 PM
  • this may the issue, which is explained here...
     
     

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "Furqan Asghar" wrote in message news:cd404d48-3ea4-4b33-bf18-2c98aa939b56@communitybridge.codeplex.com...

    Hi Osho

    this is a known issue :)

    To create Activity Information Configuration resources, you may have to modify the out-of-box management policy rule (MPR) named Administration: Administrators control configuration related resources and change the target attributes to All Attributes. This change grants the administrators permission to set any kind of attribute in any configuration resource.


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Monday, December 31, 2012 7:38 PM
  • Good information, muito obrigado!
    Monday, December 31, 2012 9:10 PM