none
FIM/MIM - How to enable "My SGs" and "My Security Group Memberships" functionality to non-admin users? RRS feed

  • Question

  • Hey all,

    When a non-admin user clicks on "My SGs" or "My Security Group Memberships" in our MIM Portal they are not able to see groups they own or groups they belong to, respectively.   However, if an admin does the same the data is populated.  Is this by design or a bug?  

    More importantly, what are the steps required in order to enable this functionality for non-admin/standard users?  I don't see it as much of a security risk to allow users to see the groups they own nor the groups they belong to considering they can get the same information from AD if they wanted to.

    Appreciate the help on this one.

    -Christian

    Friday, April 5, 2019 2:46 PM

Answers

  • To close the loop on this one - turns out everything was configured correctly from an MPR perspective.  What was missing was "Search Scope".  Once I added BasicUI to both "My SG Memberships" and "My Security Groups" non-admin users were able to see their data.  I'm marking this as resolved!
    • Marked as answer by phunklounge Thursday, April 25, 2019 4:21 PM
    Thursday, April 25, 2019 4:21 PM

All replies

  • Anyone have any ideas on this one?
    Sunday, April 7, 2019 10:11 PM
  • Hi Christian-

    There are a series of MPRs that you need to enable to allow users to read these objects. If you do a search on "Security" in the Management Policy Rules section you should find about half a dozen MPRs that are disabled by default. There's a similar set for distribution lists/groups. 


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Sunday, April 7, 2019 10:49 PM
    Moderator
  • Hi Brian -

    Appreciate the response; however, I feel like there is still something missing.  Even after enabling all "Security" related MPRs in my lab environment a non-admin still nothing populates when a non-admin clicks on the "My SGs" or "My Security Group Memberships" links.  

    What am I missing?  This behavior is consistent across both my environments and default behavior out of the box, so it's easily replicated.

    Thanks again for any advice.

    Christian

    Sunday, April 7, 2019 11:37 PM
  • To close the loop on this one - turns out everything was configured correctly from an MPR perspective.  What was missing was "Search Scope".  Once I added BasicUI to both "My SG Memberships" and "My Security Groups" non-admin users were able to see their data.  I'm marking this as resolved!
    • Marked as answer by phunklounge Thursday, April 25, 2019 4:21 PM
    Thursday, April 25, 2019 4:21 PM