Authorization To View Details on FIM Portal RRS feed

  • Question

  • Hi Everyone,

    I have FIM 2010 R2 up and running in an environment under single domain e.g.

    We have only one PeopleSoft datatable from where the information about the users and their companies is coming (there are multiple companies under the xyzGroup group)

    Now we want to authorized people to only access the information of the same company users.

    i.e. If my company Attribute in FIM Portal is ABC then I can only view User with ABC company Attributes


    Deepak Arora
    If you Find the Answer | Article | Blog Helpful Please Vote As Helpful / Mark As Answer

    Saturday, May 4, 2013 7:51 AM

All replies

  • You would need to configure Read MPRs for each company. Create a set of users in each company, and then create an MPR that grants users in that set rights to read the attributes you want of other objects in that set.

    My Book - Active Directory, 4th Edition
    My Blog -

    Sunday, May 5, 2013 7:24 PM
  • Hi Deepak

    If you have huge number of companies and you cannot create MPRs for each company, Another simple way would be to

    Edit the 'All Users' Search Scope and

    Under the 'Search Definition' use the following 'Search Scope Filter'

              /Person[starts-with(Company,'%Attribute_Company%') and ends-with(Company,'%Attribute_Company%')]

    Reset IIS

    Now your users will only be able to see users from their company only.

    Regards Furqan Asghar

    Monday, May 6, 2013 7:08 AM