none
Custom Object RCDC Issue RRS feed

  • Question

  • Hi All,

    I have created a custom object and defined the RCDC for this object. I want same kind of control which we have for group under Members tab i.e. "Members To Add" and "Members To Remove".

    I have used below control for this.

    ##########################################################################

    </my:Control>
      <my:Control my:Name="ReadAccessToRemove" my:TypeName="UocIdentityPicker" my:Caption="Revoke Read Access" my:Description="Choose who to revoke the Read Access to the Shared Drive" my:RightsLevel="{Binding Source=rights, Path=ReadAccess}">
            <my:Properties>
              <my:Property my:Name="Mode" my:Value="MultipleResult" /> 
              <my:Property my:Name="Rows" my:Value="3" /> 
              <my:Property my:Name="ObjectTypes" my:Value="Person" />       
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,ObjectType" /> 
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName" /> 
              <my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=ReadAccess.Remove, Mode=TwoWay}" /> 
              <my:Property my:Name="Filter" my:Value="/MyID_SharedDrive[ObjectID='%ObjectID%']/ReadAccess" /> 
              <my:Property my:Name="ListViewTitle" my:Value="Select Members to Remove" /> 
              <my:Property my:Name="PreviewTitle" my:Value="Select Members to Remove" /> 
              <my:Property my:Name="SearchOnLoad" my:Value="true" /> 
              </my:Properties>
              </my:Control>
               <my:Control my:Name="ReadAccessToAdd" my:TypeName="UocIdentityPicker" my:Caption="Grant Read Access" my:Description="Choose who to grant the Read Access to the Shared Drive" my:RightsLevel="{Binding Source=rights, Path=ReadAccess}">
            <my:Properties>
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,AccountName,EmployeeID" /> 
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName,AccountName,EmployeeID" /> 
              <my:Property my:Name="Mode" my:Value="MultipleResult" /> 
              <my:Property my:Name="Rows" my:Value="3" /> 
              <my:Property my:Name="ObjectTypes" my:Value="Person" />       
              <my:Property my:Name="DefaultSearchScopeName" my:Value="~All Active Users" />      
              <my:Property my:Name="UsageKeywords" my:Value="AllActiveUsers" />      
              <my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=ReadAccess.Add, Mode=TwoWay}" />       
              <my:Property my:Name="ResultObjectType" my:Value="Person" />   
              <my:Property my:Name="ListViewTitle" my:Value="Select Members to Add" />
              </my:Properties>
              </my:Control>

    ##########################################################################

    ISSUE:

    After using above code, If I add or remove any user from these 2 control then nothing happens. I don't see any request created at all under Search Requests.

    However same control works fine if I add/remove users through advance view. However as non-admin users can't see advance view button hence I need this to work in Normal view as well.

    Can anyone please help me.

    Let me know if you have any questions for me related to this issue.

    Thanks in advance for help.

    Sujit Kumar


    Tuesday, April 21, 2015 11:18 PM

Answers

  • Consequently your only choice is to abandon the add and remove identity pickers and go to a single identity picker that is set for multi-select

    Below example from: https://technet.microsoft.com/en-us/library/ee534918(v=ws.10).aspx

    <!--Sample for a multiselection Identity Picker uses Search Scope-->
    <my:Control my:Name="multiSelectionIdentityPicker" my:TypeName="UocIdentityPicker" my:Caption="A multi Selection Identity Picker" my:Description="The user is allowed to select more than one entry here" my:RightsLevel="{Binding Source=rights, Path=ExplicitMember}">
         <my:Properties>
              <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=ExplicitMember.Required}"/>
              <my:Property my:Name="Mode" my:Value="MultipleResult" />
              <my:Property my:Name="Rows" my:Value="10" />
              <!--There are existing search scopes that has key word "Person" and "Group" use both sets of search scopes here.-->
              <my:Property my:Name="UsageKeywords" my:Value="Person,Group"/>
              <!--Columns displayed in list view in pop-up window-->
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, ObjectType" />
              <!--Identities will be resolved against following attribute in the resolve textbox when resolve button is clicked.-->
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName" />
              <!--multi valued reference type attribute is used to bind the control-->
              <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=ExplicitMember , Mode=TwoWay}" />
              <my:Property my:Name="ResultObjectType" my:Value="Resource"/>
              <my:Property my:Name="ListViewTitle" my:Value="Select multiple entries" />
              <my:Property my:Name="PreviewTitle" my:Value="Entries selected" />
         </my:Properties>
    </my:Control>
    <!--End of sample for a multiselection Identity Picker.-->
    


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, April 24, 2015 3:23 AM

All replies

  • Forgive me if this is too obvious, but:

    First of, does the user performing this operation have access to do so? Are you testing with the same user both cases?  If not, check the permissions.  CRDC is only the presentation layer.  MPR is what grants the access to perform operations. 


    Nosh Mernacaj, Identity Management Specialist

    Thursday, April 23, 2015 1:31 PM
  • Hi Nosh,

    Thanks for your reply!!

    Yes, User is having permission to modify ReadAccess attribute (This is a multi-value reference attribute which we are using in RCDC).

    I have tested this with user and also as Portal administrator. But it's not working.

    However if Portal administrator do the same(Add/remove user from IdentityPicker) through advance view then it works fine.

    Thanks!!

    Sujit

    Thursday, April 23, 2015 6:44 PM
  • Sujit,

    I am confused.

    If you try with administrator through this RCDC, does it work?

    And if it does not, do you see any erorrs either in submit screen or under requests.


    Nosh Mernacaj, Identity Management Specialist

    Thursday, April 23, 2015 6:47 PM
  • It works for Portal administrator but in advance view. 

    But if same portal administrator or any other user try the same in Normal view then it does not work. It does not throw any error and even I don't find any request under "Search Request" page.

    I have created 3 MPR:

    1. Portal administrator can read/update any attributes for this object type.

    2. All User can read all attributes for this object type

    3. All User can update ReadAccess attribute for this object type

    Attached is the RCDC layout.

    Thursday, April 23, 2015 7:37 PM
  • The problem is definitely in the RCDC -- you are binding to the delta data source

      <my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=ReadAccess.Remove, Mode=TwoWay}" /> 

    Try object instead of delta:

      <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=ReadAccess.Remove, Mode=TwoWay}" /> 

    You need to change this for both Identity Pickers.

    FYI about the Delta data source:

    PrimaryResourceDeltaDataSource                  

    This data source builds the delta XML that compares the original state and the current state of the FIM 2010 resource. The generated delta XML is consumed by the RC summary control to render the UI for request that the user is submitting.

    No

    https://technet.microsoft.com/en-us/library/ee534918%28v=ws.10%29.aspx


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Thursday, April 23, 2015 9:01 PM
  • Hi David,

    I tried to replace delta with object as you suggested above, but it is also not working.

    After changing to object, I tried to add one users into Identity picker but rcdc form does not takes this as change and when I click ok button then it does not go to submit form and form will get close.

    Thanks!!

    Sujit Kumar

    Thursday, April 23, 2015 10:14 PM
  • In that case the PrimaryObjectDataSource must have a different local name

    Look for the following in your RCDC file:

    <my:ObjectDataSource my:TypeName="PrimaryResourceObjectDataSource" my:Parameters="" my:Name="object"/>

    Whatever is there for my:Name= is what you need to use. Please grab that line and include it in your next reply.

    But if you use that name with the Identity Picker it should work. I may also need to see the whole RCDC


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, April 24, 2015 12:00 AM
  • Hi David,

    Please find the RCDC code below:

    In this I replaced "Binding Source=delta" with "Binding Source=object" but that didn't help.

    <?xml version="1.0" encoding="utf-8"?>
    <my:ObjectControlConfiguration my:TypeName="UocGroupCodeBehind" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:my="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xd="http://schemas.microsoft.com/office/infopath/2003">
      <my:ObjectDataSource my:TypeName="PrimaryResourceObjectDataSource" my:Name="object" my:Parameters="" />
      <my:ObjectDataSource my:TypeName="ReferenceDeltaDataSource" my:Name="delta" />
      <my:ObjectDataSource my:TypeName="SchemaDataSource" my:Name="schema" />
      <my:ObjectDataSource my:TypeName="DomainDataSource" my:Name="domain" my:Parameters="%LoginDomain%" />
      <my:ObjectDataSource my:TypeName="PrimaryResourceRightsDataSource" my:Name="rights" />
      <my:XmlDataSource my:Name="summaryTransformXsl" my:Parameters="Microsoft.IdentityManagement.WebUI.Controls.Resources.DefaultSummary.xsl" />
      <my:Panel my:Name="page" my:AutoValidate="true" my:Caption="Caption">
        <my:Grouping my:Name="Caption" my:IsHeader="true" my:Caption="caption" my:Visible="true">
          <my:Control my:Name="Caption" my:TypeName="UocCaptionControl" my:ExpandArea="true" my:Caption="" my:Description="{Binding Source=object, Path=DisplayName}">
            <my:Properties>
              <my:Property my:Name="MaxHeight" my:Value="32" />
              <my:Property my:Name="MaxWidth" my:Value="32" />
            </my:Properties>
          </my:Control>
        </my:Grouping>
    
        <my:Grouping my:Name="ReadAccess" my:Caption="Read Access" my:Enabled="true" my:Visible="true">
        <my:Control my:Name="ReadAccessMemberToRemove" my:TypeName="UocIdentityPicker" my:Caption="Read Access Member To Remove" my:Description="Choose who to remove from the current Read Access member list" my:RightsLevel="{Binding Source=rights, Path=ReadAccess2}">
                <my:Properties>
                  <my:Property my:Name="Mode" my:Value="MultipleResult" /> 
                  <my:Property my:Name="Rows" my:Value="3" /> 
                  <my:Property my:Name="ObjectTypes" my:Value="Person" />       
                  <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,ObjectType" /> 
                  <my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName" /> 
                  <my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=ReadAccess2.Remove, Mode=TwoWay}" /> 
                  <my:Property my:Name="Filter" my:Value="/MyID_SharedDrive[ObjectID='%ObjectID%']/ReadAccess2" /> 
                  <my:Property my:Name="ListViewTitle" my:Value="Select Members to Remove" /> 
                  <my:Property my:Name="PreviewTitle" my:Value="" /> 
                  <my:Property my:Name="SearchOnLoad" my:Value="true" /> 
                  </my:Properties>
                  </my:Control>
                <my:Control my:Name="ReadAccessMemberToAdd" my:TypeName="UocIdentityPicker" my:Caption="Read Access Member To Add" my:Description="Choose who to add to the current Read Access member list" my:RightsLevel="{Binding Source=rights, Path=ReadAccess2}">
                <my:Properties>
                  <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,AccountName,EmployeeID" /> 
                  <my:Property my:Name="AttributesToSearch" my:Value="DisplayName,AccountName,EmployeeID" /> 
                  <my:Property my:Name="Mode" my:Value="MultipleResult" /> 
                  <my:Property my:Name="Rows" my:Value="3" /> 
                  <my:Property my:Name="ObjectTypes" my:Value="Person" />       
                  <my:Property my:Name="DefaultSearchScopeName" my:Value="~All Active Users" />      
                  <my:Property my:Name="UsageKeywords" my:Value="AllActiveUsers" />      
                  <my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=ReadAccess2.Add, Mode=TwoWay}" />       
                  <my:Property my:Name="ResultObjectType" my:Value="Person" />   
                  <my:Property my:Name="ListViewTitle" my:Value="Select Members to Add" />
                  </my:Properties>
              </my:Control>
        
        </my:Grouping>
    
        <my:Grouping my:Name="summary" my:Caption="Summary" my:IsSummary="true">
                 <my:Control my:Name="summaryControl" my:TypeName="UocHtmlSummary" my:ExpandArea="true">
                    <my:Properties>
                       <my:Property my:Name="ModificationsXml" my:Value="{Binding Source=delta, Path=DeltaXml}" />
                       <my:Property my:Name="TransformXsl" my:Value="{Binding Source=summaryTransformXsl, Path=/}" />
                       <my:Property my:Name="Hint" my:Value="{Binding Source=schema, Path=%AttributeName%.Hint}" />
                    </my:Properties>
                 </my:Control>
              </my:Grouping>
           </my:Panel>
    </my:ObjectControlConfiguration>

    Friday, April 24, 2015 12:35 AM
  • You copied the way sets and groups work, using the ReferenceDeltaDataSource but unfortunately:

    ReferenceDeltaDataSource                  

    The data source represents deltas of multivalued reference attributes. It is used only on RCDC for Group and Set.

    Although the data source is not limited to Groups or Sets, it requires code changes in the RCDC host to submit such deltas. Currently, Group and Set are the only hosts that recognize this datasource.

    https://technet.microsoft.com/en-us/library/ee534918%28v=ws.10%29.aspx

    So that is the missing magic -- code that the Product group can do but you aren't permitted to do.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, April 24, 2015 3:20 AM
  • Consequently your only choice is to abandon the add and remove identity pickers and go to a single identity picker that is set for multi-select

    Below example from: https://technet.microsoft.com/en-us/library/ee534918(v=ws.10).aspx

    <!--Sample for a multiselection Identity Picker uses Search Scope-->
    <my:Control my:Name="multiSelectionIdentityPicker" my:TypeName="UocIdentityPicker" my:Caption="A multi Selection Identity Picker" my:Description="The user is allowed to select more than one entry here" my:RightsLevel="{Binding Source=rights, Path=ExplicitMember}">
         <my:Properties>
              <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=ExplicitMember.Required}"/>
              <my:Property my:Name="Mode" my:Value="MultipleResult" />
              <my:Property my:Name="Rows" my:Value="10" />
              <!--There are existing search scopes that has key word "Person" and "Group" use both sets of search scopes here.-->
              <my:Property my:Name="UsageKeywords" my:Value="Person,Group"/>
              <!--Columns displayed in list view in pop-up window-->
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, ObjectType" />
              <!--Identities will be resolved against following attribute in the resolve textbox when resolve button is clicked.-->
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName" />
              <!--multi valued reference type attribute is used to bind the control-->
              <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=ExplicitMember , Mode=TwoWay}" />
              <my:Property my:Name="ResultObjectType" my:Value="Resource"/>
              <my:Property my:Name="ListViewTitle" my:Value="Select multiple entries" />
              <my:Property my:Name="PreviewTitle" my:Value="Entries selected" />
         </my:Properties>
    </my:Control>
    <!--End of sample for a multiselection Identity Picker.-->
    


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, April 24, 2015 3:23 AM
  • Thanks David!!

    Really disappointed to know Group and Set are the only hosts that recognize ReferenceDeltaDataSource datasource.

    I will try multiselection Identity Picker.

    Thanks!!

    Sujit Kumar

    Friday, April 24, 2015 11:54 AM