none
Users unable to view security group details (e.g. membership list and owner) RRS feed

Answers

  • Christian,

    I misread your initial post. It sounds like you have everything configured correctly. The best thing I can suggest at this point is using the MPR explorer with specific requestor and target resource to confirm the MPR does apply the way you are expecting it. 

    I just had another thought -- do your standard users have permissions to read other users? If not this would explain the behavior -- you can see the group but not any of the reference attributes that point to person (user) objects.


    David Lundell, Twitter | Hire Identity Managed | FIM Best Practices book | How to Be an MVP in Life book

    • Marked as answer by phunklounge Monday, December 31, 2018 3:49 PM
    Friday, December 28, 2018 4:26 AM

All replies

  • So when you sign in as a non-admin user, the shortcuts in the nav bar and on the home page to see security groups aren't even there. Correct?

    Assuming that is the case then you need to edit the navigation bar resources and the home page resources and add the usage keyword "BasicUI" This will add these resources to the "All Basic Configuration Objects" set and either the "All Basic Navigation Bar Configurations" set or the "All Basic Home Page Configurations" set. There are pre-existing MPRs that when enabled allow non-admins to see these: "General: Users can read non-administrative configuration resources" This MPR is disabled by default.


    David Lundell, Twitter | Hire Identity Managed | FIM Best Practices book | How to Be an MVP in Life book

    Thursday, December 27, 2018 4:45 PM
  • Thursday, December 27, 2018 4:54 PM
  • Hi David,

    Not quite.  Non-admin users can see the shortcuts for Security Groups in the Nav bar just fine.  The problem is when non-admins drill into any group object, they are unable to see select attributes such as the Owner and current membership list.  When I log in as admin I can see the info just fine.

    Additionally, when non-admins log in they are currently unable to see their own security group membership. I'm guessing this is a separate problem, but thought I would mention it in case related.

    Again, thanks for any guidance!

    Christian


    • Edited by phunklounge Thursday, December 27, 2018 5:43 PM
    Thursday, December 27, 2018 5:18 PM
  • Christian,

    I misread your initial post. It sounds like you have everything configured correctly. The best thing I can suggest at this point is using the MPR explorer with specific requestor and target resource to confirm the MPR does apply the way you are expecting it. 

    I just had another thought -- do your standard users have permissions to read other users? If not this would explain the behavior -- you can see the group but not any of the reference attributes that point to person (user) objects.


    David Lundell, Twitter | Hire Identity Managed | FIM Best Practices book | How to Be an MVP in Life book

    • Marked as answer by phunklounge Monday, December 31, 2018 3:49 PM
    Friday, December 28, 2018 4:26 AM
  • Thanks David, that was it!  Once I enabled MPR to allow users to see select attributes of other user's non-admins were able to see the group membership list.  Thanks again!
    • Edited by phunklounge Monday, December 31, 2018 4:17 PM
    Monday, December 31, 2018 3:50 PM