none
FIM CM - Manager Operations view not available in the portal home page (only for normal domain users who earlier had access to perform smart card ops) RRS feed

  • Question

  • I just had my FIM CM setup upgraded from FIM CM 2010 to FIM CM 2010 R2 with SP1. After the configuration is complete, I have noticed that some of the users who earlier had access to manage the smart cards, by having access to perform workflow actions such as Enroll Smart Cards, Unblock Smart Cards and all do not get the 'Manager Operations' view in the new FIM CM homepage (FIM CM 2010 R2).

     

    I have compared the web.config of the old and new setup and they both are almost the same. While accessing the portal using a domain admin account, I get the Manager Operations as well as 'Manage my Info' views. For a normal user, even though it has Smart Card management functions, its not showing the 'Manager Operations' view.

     

    The issuing CA is same as before.

     

    Please help me out understand which setting has to be changed in the new setup to ensure that the users who have permissions for workflow tasks can have access to the 'Manager Operations' view as well.

    Thursday, October 23, 2014 6:02 PM

All replies

  • Hi,

    to see the manager operations view the user must have read permissions on the Service Connection Point (SCP).

    Open dsa.msc, enable Advanced View

    go to yourdomain.com > System > Microsoft > Certificate Lifecycle Manager > FIMCMservername

    I would not see how this was screwed up from the update, but it is worth to check.

    Regards,

    Lutz

    • Proposed as answer by Narcoticoo Tuesday, November 11, 2014 5:05 AM
    Monday, November 3, 2014 8:18 PM
  • Lutz, not entirely correct. The user must have Read and *at least one custom FIM CM permission*. My guess is that when the wizard was run, it was potentially run on a new server, not the existing server and a new service connection point was created.

    This is an easy fix, as you can modify the Web.Config file to point to the correct SCP.

    Brian

    Sunday, November 16, 2014 2:21 AM