none
Unable to provide EDIT permissions to a reference attribute in FIM portal RRS feed

  • Question

  • Hi All,

    There is a Reference attribute bound to a Person object to which I want to grant users the permission to edit it. The attribute name is "Displayed Owner". Its referred to as "UoCIdentityPicker" in RCDC for EDIT form which is correct. I added this attribute in the custom Permission based MPR so that users should be able to edit this attribute but it does not seem to work. Adding this attribute in the MPR in turn is giving the edit permission to another reference attribute named "Owner". I checked the bindings and all other stuff and there seems to be no flaw. But I am unable to identify 2 things:

    How is adding "Displayed Owner" attribute in the MPR giving Permission to "Owner" attribute?

    What else do I need to do give permission to edit the "Displayed Owner" attribute.

    One more thing I noticed is even though I login with Admin account which has full privileges to the FIM Portal, I do not have the permission to edit this attribute. I can only edit this attribute if I go into the Advanced View.

    Thoughts on how to resolve this?

    Any help would be appreciated

    Regards,


    Veena

    Wednesday, December 2, 2015 7:09 AM

All replies

  • Hi,

    I think you edit the bindings for person objects, since there is no Owner/DisplayedOwner attribute on person objects by default, right ?

    If the permission MPR is correct for that new attribute on person objects you maybe have an error in the RCDC which you must edit on ordner to let user modify that attribute. Do you maybe have ReadOnly set on the UOCIdentityPicker ?

    Also Admins only have access to specific objects and attribute in FIM Portal, not Full Permission, anything you edit beside from the default also admins must get permissions to edit also.

    So since both users and admins can not edit that attribute by UI i assmue a issue in RCDC

    Maybe you can paste the relevant part of that RCDC.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Wednesday, December 2, 2015 9:46 AM
  • Hi Peter,

    There is no ReadOnly set in UoCIdentityPicker. PFB the relevant part of RCDC.

          <my:Control my:Name="DisplayedOwner" my:TypeName="UocIdentityPicker" my:Caption="{Binding Source=schema, Path=DisplayedOwner.DisplayName}" my:Description="{Binding Source=schema, Path=DisplayedOwner.Description}" my:RightsLevel="{Binding Source=rights, Path=DisplayedOwner}">
            <my:Properties>
              <my:Property my:Name="Required" my:Value="true"/>
              <my:Property my:Name="Mode" my:Value="SingleResult"/>
              <my:Property my:Name="ObjectTypes" my:Value="Person"/>
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, AccountName, Department"/>
              <my:Property my:Name="AttributesToSearch" my:Value="BogusAttributeToBreakAutoResolve"/>
              <my:Property my:Name="UsageKeywords" my:Value="SearchPerson"/>
              <my:Property my:Name="ResultObjectType" my:Value="Person"/>
              <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=DisplayedOwner, Mode=TwoWay}"/>
              <my:Property my:Name="ListViewTitle" my:Value="%SYMBOL_DisplayedOwnerListViewTitle_END%"/>
              <my:Property my:Name="PreviewTitle" my:Value="%SYMBOL_DisplayedOwnerPreviewTitle_END%"/>
              <my:Property my:Name="MainSearchScreenText" my:Value="%SYMBOL_DisplayedOwnerSearchText_END%"/>
              <my:Property my:Name="DefaultSearchScopeName" my:Value="Search Scope"/>
            </my:Properties>
          </my:Control>

    Also, I do not see much of difference between "DisplayedOwner" control and "Owner" control in RCDC. Please let me know if there is anything apart from this that needs to be modified.

    Regards,


    Veena

    Wednesday, December 2, 2015 11:26 AM
  • Hi,

    Any suggestions/thoughts?

    Regards,


    Veena

    Friday, December 4, 2015 10:13 AM
  • Hi Veena

    I take from my analysis that the DisplayedOwner attribute is custom created.

    The one you are selecting in the MPR may not be the one that is bound to the User, attribute with System Name Owner also has the Display Name 'Displayed Owner' and is bound to the Group Resource.

    What you'll have to do is, edit your Custom Permission MPR and in the Selected Attributes type DisplayedOwner without spaces, this will bring the Correct 'Displayed Owner' Attribute which you have bound to the user.

    or click on the search right next to the Attributes Identity Picker and search for Displayed Owner, this will bring two records, select both of them in case and save your MPR


    Regards Furqan Asghar

    Monday, December 7, 2015 8:13 AM