Authorization To View Details on FIM Portal


  • Hi Everyone,

    I have FIM 2010 R2 up and running in an environment under single domain e.g.

    We have only one PeopleSoft datatable from where the information about the users and their companies is coming (there are multiple companies under the xyzGroup group)

    Now we want to authorized people to only access the information of the same company users.

    i.e. If my company Attribute in FIM Portal is ABC then I can only view User with ABC company Attributes


    Deepak Arora
    If you Find the Answer | Article | Blog Helpful Please Vote As Helpful / Mark As Answer

    2013년 5월 4일 토요일 오전 7:51

모든 응답

  • You would need to configure Read MPRs for each company. Create a set of users in each company, and then create an MPR that grants users in that set rights to read the attributes you want of other objects in that set.

    My Book - Active Directory, 4th Edition
    My Blog -

    2013년 5월 5일 일요일 오후 7:24
  • Hi Deepak

    If you have huge number of companies and you cannot create MPRs for each company, Another simple way would be to

    Edit the 'All Users' Search Scope and

    Under the 'Search Definition' use the following 'Search Scope Filter'

              /Person[starts-with(Company,'%Attribute_Company%') and ends-with(Company,'%Attribute_Company%')]

    Reset IIS

    Now your users will only be able to see users from their company only.

    Regards Furqan Asghar

    • 답변으로 제안됨 Fer Grippeling 2013년 5월 6일 월요일 오전 11:18
    2013년 5월 6일 월요일 오전 7:08