Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2011-01-23) Searching For Objects When Populating Reference Attributes In FIM (Part 2)

Posted by Jorge on 2011-01-23


This post explains the option to search for objects when using the "Filter Property". Part 1 can be found here.

 

[Ad.1] "Filter Property"

In the screen below you see the "manager" attribute with the UocIdentityPicker control in the RCDC. You can also see that it’s value is pointing to another person object.

image

With this attribute, and of course any other similar attribute like the "Assistant" attribute, you want to make sure that only person objects are referenced that represent people that are managers. The next thing you need to think about is how are you going to mark an object as belonging to a manager? In this simple example, a person being a manager, independent of department, location or project would have the "JobTitle" attribute configured with the word "Manager". Anyone else that’s not a manager must not be specified here, even by mistaken.

The only correct way to do this is by using the "Filter Property". Its configuration can be seen below.

image

First let’s explain the yellow marked options.

  • Attribute Name: "Manager"
  • Control Type: "UocIdentityPicker" –> enables you to select other objects to be specified as a value for the attribute;
  • Mode: "SingleResult" –> at all times the attribute can only have one single value. To be able to specify multiple value it should have had the value MultipleResult;
  • ObjectTypes: "Person" –> when just specifying a value in the Identity Picker and resolving it, it would only be resolved against PERSON objects. This can be a list of objectTypes to search against and those are separated by a comma (,);
  • ColumnsToDisplay: "DisplayName,AccountName,EmployeeType,EmployeeStatus,JobTitle,Department,OfficeLocation" –> this is a list of attributes (specified by systemName) separated by a comma (,) that are shown when browsing for objects (after clicking the Browse button);
  • AttributesToSearch: "DisplayName,AccountName,Department" –> this is a list of attributes (specified by systemName) separated by a comma (,) that are searched with the value that was specified by you (after clicking the Validate And Resolve button);
  • Filter: "/Person[JobTitle = ‘Manager’]" –> Instead of searching against all PERSON objects, the search will only be carried out against all PERSON objects matching the filter;
  • ResultObjectType: "Person" –> The resource type is used to render objects matching the filter in the pop-up dialog-box list.

REMARK: In addition to the Filter Property, additional filtering might be in effect because of configured permissions. For example, if you have managers in Amsterdam and Seattle and you are only allowed to view person objects in the Seattle, then in your case as the person performing the query will be only to match PERSON objects in Seattle for which the JobTitle equals Manager.

Advantages:

  • Only objects matching the filter will be searched against. Therefore, objects not matching the filter will never be selected

Disadvantages:

  • When clicking the Browse button you cannot search for objects and it returns the results right away (as shown in the picture below). If the list of quite large, it may take some time before you will find the required object.

image

Part 3 can be found here.

More information about controls in RCDCs: Resource Control Display Configuration XML Reference

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2011-01-23) Searching For Objects When Populating Reference Attributes In FIM (Part 2)”

  1. […] Part 2 can be found here. […]

  2. […] This post explains the option to search for objects when using the " UsageKeyword Linking To A Search Scope ". Part 2 can be found here. […]

  3. […] Searching For Objects When Populating Reference Attributes In FIM – Available Options (Part 2) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: