I'm trying to build a Service Request that allows users to select an Active Directory OU where they can place new users, and create an OU if it doesn't already exist. I've created a new class for AD OU and created a relationship between it and the 'User' class so I can assign an owner. I've setup an SR that runs a Query Result against existing OUs and displays them back to the portal user. However I don't want the Query Results to show all the OUs in the organisation otherwise the OU structure will become messy as users create objects pretty much anywhere.
The only way I've found to filter (constrain) the results for the portal user is to query the combination class I created for OU Owner User Name to use 'Token:Portal User Name. This works a treat, however that means that when I create OU objects in the CMDB and assign a user as the 'owner', only that person will ever be able to query against their OUs. This isn't desirable as it creates a bottleneck if that user isn't available to create OU SRs, so I'd like to be able to filter on another property such as Department or ideally assign an AD group as the 'owner' and have the SR setup so that it displays all OU objects if the portal user is a member of that AD group.
Is this possible?
We have SCSM 2012 SP1 and Orchestrator 2012 SP1
I've found a way round the problem. By establishing 'Related to Configuration Item' relationships between OU and authorised user objects from the CMDB I can use the portal token for "Token:Portal User Name" when the class focus for the 'Query Result' in the SR includes the type projection for the above. This allows the one-to-many relationship I need and I can filter the results where the token matches any username of the related configuration items.
Thanks for your suggestions.