none
FIMCM manager operations view - Review All Requests RRS feed

  • Question

  • Hi,

    I have done multiple FIMCM2010 R2 installations and I have a problem in one of these (Windows 2008 R2). A person (member of a Universal group with Read and Enroll permissions on the SCP, standard user, not a domain admin) can access the FIMCM portal and sees the manager operations tab. Under this tab this person sees none of the existing requests. What permissions are required to see all requests, or only certain requests,e.g. if this user should only see request for SSL certificates? Any thoughts on that?

    Thank you,

    Lutz


    Monday, December 15, 2014 7:12 PM

All replies

  • On Mon, 15 Dec 2014 19:12:42 +0000, LutzMH wrote:

    have done multiple FIMCM2010 R2 installations and I have a problem in one of these(Windows 2008 R2). A person (member of a Universal group with Read and Enroll permissions on the SCP, standard user, not a domain admin) can access the FIMCM portal and sees the manager operations tab. Under this tab this person sees none of the existing requests. What permissions are required to see all requests, or only certain requests,e.g. if this user should only see request for SSL certificates? Any thoughts on that?

    Have you tried Audit? For your second question, no, you can't do that.


    Paul Adare - FIM CM MVP
    "If the Buddha sends you a TCP packet, winnuke him." -- Alan J Rosenthal

    Monday, December 15, 2014 7:24 PM
  • Thanks Paul.

    I gave it a try. It is then showing the audit options where you can run all sorts of reports but the request queue is still shown with zero requests, even there are approx 100 requests in the system. If I make that user domain admin he can see 3 requests out of the 100.

    Monday, December 15, 2014 7:57 PM
  • On Mon, 15 Dec 2014 19:57:03 +0000, LutzMH wrote:

    I gave it a try. It is then showing the audit options where you can run all sorts of reports but the request queue is still shown with zero requests, even there are approx 100 requests in the system. If I make that user domain admin he can see 3 requests out of the 100.

    Would you list out the exact steps you're using to view these requests so
    that I can try to repo here?


    Paul Adare - FIM CM MVP
    Chastity: The most unnatural of the sexual perversions.
    -- Aldous Huxley

    Monday, December 15, 2014 8:08 PM
  • Here you go.

    I have created a group called clmAdmins2 with a new user admin2 as member. admin2 is a regular domain member and sees no requests at all. If I make admin2 a domain admin he sees at least 3 request (see the picture) The clmAdmins2 group has permissions on the  SCP (Read) and on one profile template (Read, Write. FM CM Enroll).

    The system is all Windows 2008 R2 Sp1 (DC, FIMCM + SQL 2008 R2, CA).

    Thanks for looking into this!

    Sure

    Monday, December 15, 2014 9:04 PM
  • On Mon, 15 Dec 2014 21:04:32 +0000, LutzMH wrote:

    I have created a group called clmAdmins2 with a new user admin2 as member. admin2 is a regular domain member and sees no requests at all. If I make admin2 a domain admin he sees at least 3 request (see the picture) The clmAdmins2 group has permissions on the  SCP (Read) and on one profile template (Read, Write. FM CM Enroll).

    In order to have Manager access to the portal you need at least Read and
    Audit on the SCP.

    What happens if you click Executing in the left pane, and then click No
    Filter?


    Paul Adare - FIM CM MVP

    • Edited by Paul Adare Monday, December 15, 2014 9:39 PM
    Monday, December 15, 2014 9:34 PM
  • Your are right, just read permissions is not enough. So I made sure that I gave audit permissions as well.

    So when the user is not an domain admin he sees 0 requests and when I go on Executing and click on No Filter I get a "No requests found."

    Monday, December 15, 2014 10:32 PM