none
Delegation in FIM 2010 RRS feed

  • Question

  • Experts,

    Is it possible to delegate the role in FIM 2010.

    Say I have a requirement where manager request for account activation. Initially from HR, accounts are getting created in disabled state.

    In case manager is not present, can manager delegates this right to some other person?

    Kindly suggest.

    Thanks,

    Mann

    Monday, March 3, 2014 1:27 PM

All replies

  • Yes, this is possible and easily achieved.

    You will need to extend the FIM portal schema ofcourse with the relevant attributes - one for (boolean) account disabled (which is set to true for new users provisioned into the portal from HR by default, use a WF for that if you want). Then create an MPR using Manager as the requestor (select "Relative to Resource ID" in the requestor and choose manager), this MPR wll grant permission to edit that attribute for account disabled

    Then, create the Sync Rule - WF - MPR triple, the MPR being triggered by a Set transition. Your Set will contain all users whose accounts are active, and the MPR will trigger the WF which will add the Sync rule to the target creating an ERE

    Finally, don't forget to edit the RCDC to add the Account Disabled attribute in the Edit View and viola!

    Monday, March 3, 2014 6:39 PM
  • Mann,

    Yes, this could be possible depending on how you respond to the following:

    • What is the relationship between these delegates and the manager?
    • What will be the relationship between the user that is being created and the delegates? Are they part of the same department, same group, reports to the same manager etc..

    Thanks,

    Jameel Syed | Identity & Security Strategist | jameel.syed@credexo.com | Simplified Identity and Access Management

    Tuesday, March 4, 2014 9:48 AM