none
search scope gets data only for admin users ¡¡ RRS feed

  • Question

  • Hi

    I have a problem I am not able to solve and hope somebody can help. I have created an custom Resource in the FIM portal called Costcenter. It is an User Resource Type.

    The resource has associated attributes, code, cost centername and has already been properly populated with the cost center data.


    I have created a search scope to publish it to a group of users
    I have already added the Resource, the code and costcentername to Filter permission - Administrator Filter permission + non-administrator filter permission.
    I have already created MPR Type Request, requestor==> my users group, Grant permission for read, Target Resource ==>My search scope
    I have already add my costcentername, code, to MPR User management: Users can read selected attributes of other users and 
    User management: Users can read attributes of their own

    the problem is that my user group can see the search scope, but it can't get data. If I add the user to administrators portal set,
    it can get data of search scope without any problem.

    Can someone help me?

    Friday, March 27, 2020 3:58 PM

Answers

  • WRONG.

    You have granted access to see the "Search Scope" object. You also need to grant access to the Object that the search scope is looking at. I made it pretty clear I thought.

    - If I have a search scope "Find All Users", for instance.  You also need to grant read access to "All Users" to the SET you are scoping the search scope for.

    Need a request based MPR

    - Requestor = Your Set

    - Read/Grant Permission

    - Applied to: "All Users" (Or whatever object you need to show_)


    Nosh Mernacaj, Identity Management Specialist

    • Marked as answer by Diego Pulido Tuesday, March 31, 2020 2:35 AM
    Monday, March 30, 2020 5:27 PM
  • Yes, you are right, I had that confusion. I have already created the MPR assigning permissions to my group of users on the resource type costcenter, it was the missing component, it was already possible to visualize the costcenter data.   :)
    I really appreciate your help.
    Thanks a lot
    • Marked as answer by Diego Pulido Tuesday, March 31, 2020 2:36 AM
    Tuesday, March 31, 2020 2:35 AM

All replies

  • You also need to grant them read access to the data that this search scope is retreiving. For instance, if the search scope is for users, create an MPR for granting read to users

    Nosh Mernacaj, Identity Management Specialist


    Sunday, March 29, 2020 12:52 AM
  • Hi, yes I said..  

    I have already created MPR Type Request, requestor==> my users group, Grant permission for read, Target Resource ==>My search scope. …  Can you tell me if this is the information or is it another additional configuration?

    Monday, March 30, 2020 5:20 PM
  • WRONG.

    You have granted access to see the "Search Scope" object. You also need to grant access to the Object that the search scope is looking at. I made it pretty clear I thought.

    - If I have a search scope "Find All Users", for instance.  You also need to grant read access to "All Users" to the SET you are scoping the search scope for.

    Need a request based MPR

    - Requestor = Your Set

    - Read/Grant Permission

    - Applied to: "All Users" (Or whatever object you need to show_)


    Nosh Mernacaj, Identity Management Specialist

    • Marked as answer by Diego Pulido Tuesday, March 31, 2020 2:35 AM
    Monday, March 30, 2020 5:27 PM
  • Yes, you are right, I had that confusion. I have already created the MPR assigning permissions to my group of users on the resource type costcenter, it was the missing component, it was already possible to visualize the costcenter data.   :)
    I really appreciate your help.
    Thanks a lot
    • Marked as answer by Diego Pulido Tuesday, March 31, 2020 2:36 AM
    Tuesday, March 31, 2020 2:35 AM