Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

«
»

(2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In

Posted by Jorge on 2013-10-02


As you know SETs are only useful within Management Policy Rules (MPRs), when referenced by other SETs, when referenced by Search Scopes and when referenced by RCDCs. If you want to see if SETs are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific SET is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the SET. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a SET) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at SETs, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As a “requestor SET”
    • As a “before the operation SET”
    • As a “after the operation SET”
  • Transition Based MPRs
    • As a “Transition IN” SET
    • As a “Transition OUT” SET

The easiest way to find in which MPRs a specific SET is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the SET object. I only paid attention for the RCDC for editing SETs (which can also be used for viewing by the way). I’m showing this in figure 1 and 2. For the RCDC (edit mode) of the SET object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 5 sections where MPRs can be listed if referencing that specific SET. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs Which The SET Can Be Used In

In the picture above you see in which request based MPR the SET is being used as either a requestor SET, a “before the operation SET” and/or an “after the operation SET”. If you scroll further down you will what is shown below.

image

Figure 2: Listing The Transition Based MPRs Which The SET Can Be Used In

In the picture above you see in which transition based MPR the SET is being used as either a “transition in SET” and/or an “transition out SET”.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of SET objects, you add the XML text below AFTER the “StaticMembership” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server to refresh immediately.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true">
  <my:Control my:Name="SETUsedInRequestMPRAsRequestorSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Requestor SET" my:Description="This SET Is Used In An Request MPR As A Requestor SET...">
    <my:Properties>
      <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/>
      <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/>
      <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Requestor SET..."/>
      <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and PrincipalSet=/Set[ObjectID='%ObjectID%'])]"/>
      <my:Property my:Name="PageSize" my:Value="10"/>
      <my:Property my:Name="ShowTitleBar" my:Value="false"/>
      <my:Property my:Name="ShowActionBar" my:Value="false"/>
      <my:Property my:Name="ShowPreview" my:Value="false"/>
      <my:Property my:Name="ShowSearchControl" my:Value="false"/>
      <my:Property my:Name="EnableSelection" my:Value="false"/>
      <my:Property my:Name="SingleSelection" my:Value="false"/>
      <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/>
      <my:Property my:Name="ReadOnly" my:Value="true"/>
    </my:Properties>
  </my:Control>
  <my:Control my:Name="SETUsedInRequestMPRAsBeforeSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Before SET" my:Description="This SET Is Used In An Request MPR As A Before SET...">
    <my:Properties>
      <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/>
      <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/>
      <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Before SET..."/>
      <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/>
      <my:Property my:Name="PageSize" my:Value="10"/>
      <my:Property my:Name="ShowTitleBar" my:Value="false"/>
      <my:Property my:Name="ShowActionBar" my:Value="false"/>
      <my:Property my:Name="ShowPreview" my:Value="false"/>
      <my:Property my:Name="ShowSearchControl" my:Value="false"/>
      <my:Property my:Name="EnableSelection" my:Value="false"/>
      <my:Property my:Name="SingleSelection" my:Value="false"/>
      <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/>
      <my:Property my:Name="ReadOnly" my:Value="true"/>
    </my:Properties>
  </my:Control>
  <my:Control my:Name="SETUsedInRequestMPRAsAfterSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As After SET" my:Description="This SET Is Used In An Request MPR As A After SET...">
    <my:Properties>
      <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/>
      <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/>
      <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A After SET..."/>
      <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceFinalSet=/Set[ObjectID='%ObjectID%'])]"/>
      <my:Property my:Name="PageSize" my:Value="10"/>
      <my:Property my:Name="ShowTitleBar" my:Value="false"/>
      <my:Property my:Name="ShowActionBar" my:Value="false"/>
      <my:Property my:Name="ShowPreview" my:Value="false"/>
      <my:Property my:Name="ShowSearchControl" my:Value="false"/>
      <my:Property my:Name="EnableSelection" my:Value="false"/>
      <my:Property my:Name="SingleSelection" my:Value="false"/>
      <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/>
      <my:Property my:Name="ReadOnly" my:Value="true"/>
    </my:Properties>
  </my:Control>
  <my:Control my:Name="SETUsedInTransitionMPRAsTransitionInSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionIN SET" my:Description="This SET Is Used In A Transition MPR As A TransitionIN SET...">
    <my:Properties>
      <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/>
      <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/>
      <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionIN SET..."/>
      <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/>
      <my:Property my:Name="PageSize" my:Value="10"/>
      <my:Property my:Name="ShowTitleBar" my:Value="false"/>
      <my:Property my:Name="ShowActionBar" my:Value="false"/>
      <my:Property my:Name="ShowPreview" my:Value="false"/>
      <my:Property my:Name="ShowSearchControl" my:Value="false"/>
      <my:Property my:Name="EnableSelection" my:Value="false"/>
      <my:Property my:Name="SingleSelection" my:Value="false"/>
      <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/>
      <my:Property my:Name="ReadOnly" my:Value="true"/>
    </my:Properties>
  </my:Control>
  <my:Control my:Name="SETUsedInTransitionMPRAsTransitionOutSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionOUT SET" my:Description="This SET Is Used In A Transition MPR As A TransitionOUT SET...">
    <my:Properties>
      <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/>
      <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/>
      <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionOUT SET..."/>
      <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/>
      <my:Property my:Name="PageSize" my:Value="10"/>
      <my:Property my:Name="ShowTitleBar" my:Value="false"/>
      <my:Property my:Name="ShowActionBar" my:Value="false"/>
      <my:Property my:Name="ShowPreview" my:Value="false"/>
      <my:Property my:Name="ShowSearchControl" my:Value="false"/>
      <my:Property my:Name="EnableSelection" my:Value="false"/>
      <my:Property my:Name="SingleSelection" my:Value="false"/>
      <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/>
      <my:Property my:Name="ReadOnly" my:Value="true"/>
    </my:Properties>
  </my:Control>
</my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Advertisement

This entry was posted on 2013-10-02 at 22:08 and is filed under Forefront Identity Manager (FIM) Portal, MPR, RCDC, SET. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “(2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In”

  1. (2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In « Jorge's Quest For Knowledge! said

    2013-10-03 at 07:42

    […] « (2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In […]

    Like

    Reply

  2. (2013-02-06) Showing The Groups/SETs An Object Is A Member Of « Jorge's Quest For Knowledge! said

    2013-10-03 at 07:47

    […] (2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In […]

    Like

    Reply

  3. Mickey said

    2015-04-10 at 02:40

    Jorge, thanks for this – really helps keeping track of what does what.

    Like

    Reply

  4. Jukka said

    2017-05-12 at 09:33

    The last two sections (report of MPRs using set as transition set) are not working in my MIM. Any idea what I’m missing?

    Like

    Reply

  5. matthew said

    2017-12-04 at 19:05

    I think there is a bug in part of this. in this section, “Used In Transition MPR As TransitionIN SET”, no MPR’s were showing up. I changed one item from the filter – ResourceCurrentSet to ResourceFinalSet. Now, the MPR’s are showing up as expected.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: