none
Relative search scope criteria - match on common property between requestor and target RRS feed

  • Question

  • I have a few different scenarios I am looking to use some logic like this, but will use the Search Scope as an example.

    I am trying to create a scope called "My Site's Computers" where it will list all computers that match my Office Location.  Using the following Xpath filter does not work, but seems in theory close to what I want to accomplish:

    /Computer[OfficeLocation=/Person[ObjectID='%LoginID%']/OfficeLocation]

    Basically saying, return all computers whose location matches the location of the logged on user.

    I would try to use the same logic when applying MPRs to allow permission to edit objects based on the same kind of concept to say a person can edit all computer objects at their site.  The goal of this would be to simplify the amount of rules/set involved and not have to create a pair of them for every grouping of objects.... I could get away with just one potentially.

    mostly it seems like this relationship can only be made by a property being equal to the loginID itself, but not a property of the loginID object.   I found a thread listing the possible environment variables, but again loginID was the only relevant one.

    Monday, June 24, 2013 6:07 PM

All replies

  • Hello,

    I've done something similar, but found that the XPath filter only worked when you're matching on a reference attribute.  So, in your case, OfficeLocation would need to be defined as a Reference attribute on both Computer and Person objects, where the office location is referencing a custom Location object.

    It's definitely a much more complicated solution, but that was the only way I could get something similar to work, without using x number of sets/MPRs to control what a user could see.

    Cheers,

    Marc


    Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
    http://www.avaleris.com

    Tuesday, June 25, 2013 1:10 PM