MIM - Manager should be able to view his reportee access to target applications and should be able to modify the same RRS feed

  • Question

  • Hi,

    I have below 2 requirements from one of our customers,

    1. Capability in MIM where a manager can see which all applications his reportee has access to.

    Say for example if MIM manages 4 applications(AD, SAP,..etc) for User lifecycle and if a user has accounts in all these 4 applications(either through add/join), will his manager be able to see which all applications does his reportee has access through MIM portal?


    2. The manager should be able to request/revoke access(provision account) to his reportee for an application managed by MIM.


    Are there any OOB capability for above 2 requirements or do we need customize one. Can someone guide me on the steps required if it needs to be customized.

    Regards, Chandan

    Saturday, July 29, 2017 6:19 AM

All replies

  • 1) You could use the Detected Rule Entry (DRE) capability of outbound sync rules to achieve this. When you configure an Outbound Sync Rule Attribute flow to "Use as Existence test" during Inbound Sync (yes Inbound) it will check to see if the condition is true. If it is then it will create a DRE and on the user object add a reference to the multi-value reference attribute DetectedRulesList (DRL). You could then expose this attribute on the user object to the manager through MPR's grant them permission to see it.

    2) is a little more complex. You could have a checkbox for each app and if they uncheck then you deprovision the app (either by removing the Policy based Outbound Sync Rule) or using the Provision method of the MVExtension to disconnect the connector.

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, March 16, 2018 7:52 PM