none
FIM Gropus join restriction RRS feed

  • Question

  • Hello,

    Here is a few word about FIM Groups and it is said that the atribute Membership Add Workflow can accept the next values: Owner approval, None and Custom. The behavior of first to values is clear, but what about "Custom"? How can I bind my custom approval workflow in this case?

    Thanks in advance!

    Monday, March 24, 2014 6:25 AM

Answers

  • Hi Filipp,

    After you would create your workflow, you have to create a set of "Custom Approved Groups" and create a MPR that would be based on this set with the following settings:

    • Requestors: All Active People (or you can change it)
    • Operation: Add a value to a multivalued attribute
    • Grants Permission: no
    • Target Resource Definition Before Request: Custom Approved Groups
    • Target Resource Definition After Request: Custom Approved Groups
    • Resource Attributes: Specific: Manually-managed Membership
    • Policy Workflows: your workflow in Authorization

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by Filipp Leskin Tuesday, March 25, 2014 10:41 AM
    Monday, March 24, 2014 7:39 AM

All replies

  • Hi Filipp,

    After you would create your workflow, you have to create a set of "Custom Approved Groups" and create a MPR that would be based on this set with the following settings:

    • Requestors: All Active People (or you can change it)
    • Operation: Add a value to a multivalued attribute
    • Grants Permission: no
    • Target Resource Definition Before Request: Custom Approved Groups
    • Target Resource Definition After Request: Custom Approved Groups
    • Resource Attributes: Specific: Manually-managed Membership
    • Policy Workflows: your workflow in Authorization

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by Filipp Leskin Tuesday, March 25, 2014 10:41 AM
    Monday, March 24, 2014 7:39 AM
  • Hi, Dominik!

    If I understand correctly, specifying value of join restriction type "Custom" i can create a set for this condition and associate it with my desired policy. Simply :) 

    Thank you for your reply!

    Tuesday, March 25, 2014 10:41 AM
  • Yes - a set for Manager Approved Groups is created Out of the box. This one should be created by you :)

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, March 25, 2014 11:03 AM