Wednesday, February 13, 2013 2:41 PM
I have a case I need to setup a filter on which groups are allowed to be members of other groups.
I have created a boolean attribute on Group and a Search Scope similar to All Security Groups, but with a changed Filter.
The Attribute 'Members to add' is updated to include keywords Person and a new keyword in the RCDC.
This setup works fine when modifying a Security group and searching for members to add.
My problem is that I can add any Security Group if I use 'Add Member' icon. Search Scopes here are still All Users and All Security Groups.
Is it possible to change that, and how?
Tuesday, February 19, 2013 4:33 PM
can you be more specific in what you're trying to do here?
I think you're actually trying to do things which are not easy in FIM, a way is to use workflow in FIM (and Sharepoint) to make your custom rules. People will be able to add all users they want, but the workflow will deny the request depending on your rules. (MPR's)
See http://msdn.microsoft.com/en-us/library/windows/desktop/ff463694(v=vs.100).aspx (developping custom workflows for FIM via Visual Studio 2010)
Remark: Try to make the owners of the groups responsible of the people they allow in their group. They call this "the responsability to share" instead of trying to control everything from a team of security officers or similar. This is the only way to survive these new times of interactivity, integration, cloud, byod and so on...
- Marked As Answer by Willy Hansen Tuesday, April 23, 2013 12:47 PM
Tuesday, April 23, 2013 12:48 PM
Your remark is the solution!