none
Filter on 'Add Member' in All Security Groups RRS feed

  • Question

  • I have a case I need to setup a filter on which groups are allowed to be members of other groups.

    I have created a boolean attribute on Group and a Search Scope similar to All Security Groups, but with a changed Filter.

    The Attribute 'Members to add' is updated to include keywords Person and a new keyword in the RCDC.

    This setup works fine when modifying a Security group and searching for members to add.

    My problem is that I can add any Security Group if I use 'Add Member' icon. Search Scopes here are still All Users and All Security Groups.

    Is it possible to change that, and how?

    Wednesday, February 13, 2013 2:41 PM

Answers

  • Hi,

    can you be more specific in what you're trying to do here?

    I think you're actually trying to do things which are not easy in FIM, a way is to use workflow in FIM (and Sharepoint) to make your custom rules. People will be able to add all users they want, but the workflow will deny the request depending on your rules. (MPR's)
    See http://msdn.microsoft.com/en-us/library/windows/desktop/ff463694(v=vs.100).aspx (developping custom workflows for FIM via Visual Studio 2010)

    Remark: Try to make the owners of the groups responsible of the people they allow in their group. They call this "the responsability to share" instead of trying to control everything from a team of security officers or similar. This is the only way to survive these new times of interactivity, integration, cloud, byod and so on...

    regards
    David

    • Marked as answer by Willy Hansen Tuesday, April 23, 2013 12:47 PM
    Tuesday, February 19, 2013 4:33 PM

All replies

  • Hi,

    can you be more specific in what you're trying to do here?

    I think you're actually trying to do things which are not easy in FIM, a way is to use workflow in FIM (and Sharepoint) to make your custom rules. People will be able to add all users they want, but the workflow will deny the request depending on your rules. (MPR's)
    See http://msdn.microsoft.com/en-us/library/windows/desktop/ff463694(v=vs.100).aspx (developping custom workflows for FIM via Visual Studio 2010)

    Remark: Try to make the owners of the groups responsible of the people they allow in their group. They call this "the responsability to share" instead of trying to control everything from a team of security officers or similar. This is the only way to survive these new times of interactivity, integration, cloud, byod and so on...

    regards
    David

    • Marked as answer by Willy Hansen Tuesday, April 23, 2013 12:47 PM
    Tuesday, February 19, 2013 4:33 PM
  • Thanks, David

    Your remark is the solution!

    Willy

    Tuesday, April 23, 2013 12:48 PM