One of the most frequent questions on the FIM forum is ‘How to disable / remove New and Delete icons (buttons) from Users page?’
This question can be expanded to cover Distribution and Security groups’ pages and even your own custom objects like Roles or Applications. It’s obvious that many of FIM implementers want to prevent users who’re not allowed to submit such requests from clicking
buttons and do not explain them why their request were denied.
I was thinking: ‘No, you can’t do this out of the box’ and ‘Buttons are not permissions dependant’ until I found this thread:
Digging deeper I realized that FIM portal has 2 universal pages: CustomizedObjects.aspx and
The first one (CustomizedObjects) will display a page with ‘New’, ‘Delete’ and ‘Details’ icons for any objects selected in the URL, e.g. https://portal-fim/IdentityManagement/aspx/customized/CustomizedObjects.aspx?type=Application&display=Application&searchtype=e2ec8a98-4e6a-4ee8-a84b-031a4d9cb781 or
The only differences in the URL as you can see are ‘type' (either custom Application or Role objects) and 'searchtype' (which is objectID of a search scope – one for ‘All Applications’ and another for ‘All Roles’).
Sure you can insert type=Group (or Type=Person) in that URL and you will not see ‘Join’ or ‘Leave’ buttons within a list of groups. You also need to include ‘customized’ usage keyword to a search scope definition, e.g. for
‘All Roles’ search scope I have ‘customized, Role and basicUI’ keywords.
The second one (GlobalSearchResult) will display a page with just one icon for ‘Details’:
Here we have to select a search scope by providing a proper objectID in the ‘searchtype’ variable.
Do not forget to add ‘GlobalSearchResult’ usage keyword to a search scope definition.
Finally add a redirecting URL to the search scope definition: ~/IdentityManagement/aspx/common/GlobalSearchResult.aspx (don’t add ‘?searchtype=<GUID>’ here)
So how all this will help us? Although buttons are still not permissions dependant you can redirect different group of users to the different pages.
Here’s how this can be done (yes, again using Usage Keyword) for Users page:
Step 1. Create a link with buttons:
Now FIM Administrators and users from ‘HR users’ set will see normal link to users page with ‘New’ and ‘Delete' buttons.
Step 2. Create a link without buttons:
Now all users except HR will see a link to GlobalSearchResult page without any buttons.
Thanks’ to Bob Tucker from the
OCG for this idea with GlobalSearchResult page.