There are less than a dozen Management Policy Rules (MPRs) that control how group objects can be modified by self-service, administrators, or the synchronization engine. But when it comes to group management, almost every MPR is disabled by default:
To start with, let's take a look at the distribution groups.
The Financial Company only wants employees to be able to create static distribution groups. The following steps will be required to allow that:
- Enable and change the MPR Distribution List management: Users can create Static Distribution Groups. The MPR allowing the creation of this type of group is Distribution List management: Users can create Static Distribution Groups:
- The set called All Active People is the default value of Requestor. We need to change that to All Employees, or confirm that we have employees only:
- Lets navigate over to the All Active People set and update the MPR to confirm that it only contains employees. As a note, we need to make sure we have all the attributes on the users to make sure that the filters work. In Chapter 5, User Management, we may have updated the attribute flow from the Metaverse. But we would want to confirm this, just in case, by selecting EmployeeType and flow the attribute to the MIM service:
- Update the set filter to only include Employee now that we have confirmed that the EmployeeType value is being exported from the MIM (FIM) Management Agent:
- In order for users to be able to add themselves and owners to approve the requests, we need to also enable the following MPRs:
- Distribution list management: Owners can read attributes of group resources
- Distribution list management: Owners can update and delete groups they own
- Distribution list management: Users can add or remove any members of the groups, subject to owner approval
- Distribution list management: Users can add or remove any members of groups that don't require owner approval
- Distribution list management: Users can create Static Distribution Groups
- Distribution list management: Users can read selected attributes of group resources
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.