Se connecter
 
AccueilLibrairieFormationTéléchargementsSupport techniqueCommunautésForums
Pour les professionnels de l’informatique >
FIM 2010 : Users can view only their department users

Answered FIM 2010 : Users can view only their department users

  • samedi 28 avril 2012 11:39
     
     
    Connectez-vous pour voter
    0

    Hi,

    The customer has given a requirement that the users should be able to view and search ONLY their "Line of Business" employees. The value of Line of Business for each user is stored in "Line of Business" field in FIM portal. Customer has more that 100 Lines of Business. Hence creating 100 sets and 100 MPRs is not a good idea.

    Is there any solution by which a single or generic MPR and set can make this possible. Please suggest.

    Mayank Vaish

     

Toutes les réponses

  • dimanche 20 mai 2012 00:39
     
     Traitée
    Connectez-vous pour voter
    1

    While I agree that 100 sets and MPRs sounds unworkable, it is probably JUST manageable until you add another zero to the number of sets. But yes there is such a solution.

    The first option I always think of involves using the "relative to resource" MPR option, but it requires you to have a collection of all the users who can view/manage the target (person) object maintained redundantly on each target object, and in this case I don't see how this is practical.

    The last option remaining for you is to create a search scope for Person (e.g. /Person[LOB=/Person[ObjectID='%LoginID%']/LOB]), and then use UsageKeyWord values to make this available to general users in lieu of the default search scopes.  I think this one has the best potential to deliver you the results you want, however there's probably a bit of work you need to do before you can use this ...

    What this FIM approach requires is for LOB to be a REFERENCE property (the above xpath will not work with LOB defined as a string).  This means you need a custom LOB resource type, and you need to set your LOB property on your employee people objects to reference the LOB resource matching your existing string value.  There are several ways to do this, but the best way will depend on your environment.

    Take a look at my wiki article on the reasons why this is necessary (to use references), and some of the links included in the comments on this article.

    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine