Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘RCDC’ Category

(2017-05-31) FIM Calendar Has Been Updated For MIM 2016 SP1

Posted by Jorge on 2017-05-31


In the past “https://github.com/pieceofsummer” provided the FIM calendar on github for FIM 2010 (R2). With the release of MIM 2016 (SP1), “https://github.com/ryannewington” updated the FIM Calendar to also work with MIM 2016 (SP1).

image

Figure 1: The FIM Calendar Updated For MIM 2016 (SP1)

Just follow the instructions in Ryan’s Github page for the FIM Calendar and it will work for you!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Calendar, Forefront Identity Manager (FIM) Portal, RCDC | Leave a Comment »

(2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In

Posted by Jorge on 2013-10-03


As you know WorkflowDefinitions are only useful within Management Policy Rules (MPRs) and when referenced by SETs. If you want to see if WorkflowDefinitions are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific WorkflowDefinition is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the WorkflowDefinition. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a WorkflowDefinition) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at WorkflowDefinitions, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As an authentication workflow
    • As an authorization workflow
    • As an action workflow
  • Transition Based MPRs
    • As an action workflow

The easiest way to find in which MPRs a specific WorkflowDefinition is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the WorkflowDefinition object. I only paid attention for the RCDC for editing WorkflowDefinitions. I’m showing this in picture 1. For the RCDC (edit mode) of the WorkflowDefinition object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 3 sections where MPRs can be listed is referencing that specific WorkflowDefinition. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs And The Transition Based MPRs Which The WorkflowDefinition Can Be Used In

In the picture above you see in which request based MPRs and in which transition based MPRs the WorkflowDefinition is being used.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of WorkflowDefinition objects, you add the XML text below AFTER the “activitiesGrouping” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true"> <my:Control my:Name="ActivityUsedInRequestMPRs" my:TypeName="UocListView" my:Caption="Activity Used In Request MPRs" my:Description="This Activity Is Used In The Following Request MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any Request MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and (AuthenticationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or AuthorizationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%']))]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionInMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionIN MPRs" my:Description="This Activity Is Used In The Following TransitionIN MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionIN MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionOutMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionOUT MPRs" my:Description="This Activity Is Used In The Following TransitionOUT MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionOUT MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, MPR, RCDC, Workflow | 4 Comments »

(2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In

Posted by Jorge on 2013-10-02


As you know SETs are only useful within Management Policy Rules (MPRs), when referenced by other SETs, when referenced by Search Scopes and when referenced by RCDCs. If you want to see if SETs are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific SET is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the SET. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a SET) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at SETs, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As a “requestor SET”
    • As a “before the operation SET”
    • As a “after the operation SET”
  • Transition Based MPRs
    • As a “Transition IN” SET
    • As a “Transition OUT” SET

The easiest way to find in which MPRs a specific SET is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the SET object. I only paid attention for the RCDC for editing SETs (which can also be used for viewing by the way). I’m showing this in figure 1 and 2. For the RCDC (edit mode) of the SET object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 5 sections where MPRs can be listed if referencing that specific SET. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs Which The SET Can Be Used In

In the picture above you see in which request based MPR the SET is being used as either a requestor SET, a “before the operation SET” and/or an “after the operation SET”. If you scroll further down you will what is shown below.

image

Figure 2: Listing The Transition Based MPRs Which The SET Can Be Used In

In the picture above you see in which transition based MPR the SET is being used as either a “transition in SET” and/or an “transition out SET”.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of SET objects, you add the XML text below AFTER the “StaticMembership” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server to refresh immediately.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true"> <my:Control my:Name="SETUsedInRequestMPRAsRequestorSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Requestor SET" my:Description="This SET Is Used In An Request MPR As A Requestor SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Requestor SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and PrincipalSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInRequestMPRAsBeforeSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Before SET" my:Description="This SET Is Used In An Request MPR As A Before SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Before SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInRequestMPRAsAfterSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As After SET" my:Description="This SET Is Used In An Request MPR As A After SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A After SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceFinalSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInTransitionMPRAsTransitionInSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionIN SET" my:Description="This SET Is Used In A Transition MPR As A TransitionIN SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionIN SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInTransitionMPRAsTransitionOutSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionOUT SET" my:Description="This SET Is Used In A Transition MPR As A TransitionOUT SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionOUT SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, MPR, RCDC, SET | 4 Comments »

(2013-02-07) Populating RCDC Dropdown List With Values

Posted by Jorge on 2013-02-07


The following is quite a good post about how to populate values in a drop down list.

SOURCE: Populating RCDC Dropdowns (UocDropDownList)

<QUOTE SOURCE=”Populating RCDC Dropdowns (UocDropDownList)”>

The UocDropDownList control in the FIM Portal allows you to add drop-down lists to the create/edit RCDCs for your various object types. There are several ways in which you can populate these lists, and this page will attempt to describe these, from simplest to most complex:

  1. Populate the options directly in the control
  2. Use the attribute’s allowed values from the schema definition
  3. Provide values via an XmlDataSource within the RCDC
  4. Select resources from the Portal database to create a list of options

For the purposes of the following examples, we’re going to assume that you want to take the existing UocTextBox text box used to specify the Department attribute and convert it to a UocDropDownList.

<my:Control my:Name="Department" my:TypeName="UocTextBox" my:Caption="{Binding Source=schema, Path=Department.DisplayName}" my:Description=""> <my:Properties> <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Department.Required}"/> <my:Property my:Name="Columns" my:Value="34"/> <my:Property my:Name="MaxLength" my:Value="128"/> <my:Property my:Name="Text" my:Value="{Binding Source=object, Path=Department, Mode=TwoWay}"/> </my:Properties> </my:Control>

AD.1: Populate the options directly in the control

The most straight forward way to provide a set of options for a drop down list is to simply provide the options directly within the control. In this case, your control would look something like this:

<my:Control my:Name="Department" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=Department.DisplayName}" my:Description="{Binding Source=schema, Path=Department.Description}"> <my:Options> <my:Option my:Value="Accounting" my:Caption="Accounting" my:Hint="Accounting"/> <my:Option my:Value="Operations" my:Caption="Operations" my:Hint="Operations"/> <my:Option my:Value="Administration" my:Caption="Administration" my:Hint="Administration"/> </my:Options> <my:Properties> <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Department.Required}"/> <my:Property my:Name="ValuePath" my:Value="Value"/> <my:Property my:Name="CaptionPath" my:Value="Caption"/> <my:Property my:Name="HintPath" my:Value="Hint"/> <my:Property my:Name="ItemSource" my:Value="Custom"/> <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=Department, Mode=TwoWay}"/> </my:Properties> </my:Control>

AD.2: Use the attribute’s allowed values from the schema definition

The next simplest way to populate a dropdown list is to access the localized allowed values defined by the attribute binding in the FIM Portal schema. You can see an example of how this is used by looking at the default RCDC for user creation, at the Employee Type attribute.

The first step in this method is to access the validation tab for the binding. In the FIM Portal, go to Administration->Schema Management->All Bindings. Then find the DepartmentUser binding. Select it and go to the validation tab. On this screen, type in your attribute’s possible values using the regex format: ^(Option 1|Option 2|Option 3|Option 4)?$.

In this example, we’ve created some very basic ones:

Figure 1: Validation Values In FIM Portal Schema

Now, to populate a drop down with these values, replace your existing Department control with the following:

<my:Control my:Name="Department" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=Department.DisplayName}" my:Description="{Binding Source=schema, Path=Department.Description}"> <my:Properties> <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Department.Required}"/> <my:Property my:Name="ValuePath" my:Value="Value"/> <my:Property my:Name="CaptionPath" my:Value="Caption"/> <my:Property my:Name="HintPath" my:Value="Hint"/> <my:Property my:Name="ItemSource" my:Value="{Binding Source=schema, Path=Department.LocalizedAllowedValues}"/> <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=Department, Mode=TwoWay}"/> </my:Properties> </my:Control>

AD.3: Provide values via an XmlDataSource within the RCDC

You can also specify an XML Data Source at the start of your RCDC, which you can then link to a UocDropDownList using the itemSource Property. The ‘country’ attribute uses this capability in the default user creation RCDC.

First, update your RCDC to include an XMlDatasource at the top of the RCDC, after the ObjectDataSource references and before your first panel starts. In our departments example:

<my:XmlDataSource my:Name="departments"> <Departments> <Department Code="" Name=""/> <Department Code="ACC" Name="Accounting"/> <Department Code="ADM" Name="Administration"/> <Department Code="OPR" Name="Operations"/> </Departments> </my:XmlDataSource>

You then want to bind this to the itemSource of the Department control:

<my:Control my:Name="Department" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=Department.DisplayName}" my:Description="{Binding Source=schema, Path=Department.Description}"> <my:Properties> <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Department.Required}"/> <my:Property my:Name="ValuePath" my:Value="Value"/> <my:Property my:Name="CaptionPath" my:Value="Caption"/> <my:Property my:Name="HintPath" my:Value="Hint"/> <my:Property my:Name="ItemSource" my:Value="{Binding Source=departments, Path=/Departments/*}"/> <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=Department, Mode=TwoWay}"/> </my:Properties> </my:Control>

On the surface, this doesn’t seem much different to populating the options directly in control (as per option 1). However, by using the XmlDataSource, you are able to do some slightly advanced techniques, such as populating the dropdown list dynamically. For example, if we had different classes of users, we could provide a different set of ‘department’ attributes that could be applied, as in this example:

<my:XmlDataSource my:Name="departments"> <Departments> <Staff> <Department Code="" Name=""/> <Department Code="ACC" Name="Accounting"/> <Department Code="ADM" Name="Administration"/> <Department Code="OPR" Name="Operations"/> </Staff> <Student> <Department Code="" Name=""/> <Department Code="ART" Name="Arts"/> <Department Code="ENG" Name="Engineering"/> <Department Code="HUM" Name="Humanities"/> </Student> </Departments> </my:XmlDataSource>

You then want to bind this to the itemSource of the Department control like so:

<my:Property my:Name="ItemSource" my:Value="{Binding Source=departments, Path=/Departments/%Attribute_EmployeeType%/*}"/>

 

Note that in this case we are assuming that the employee type attribute is already set, so this sort of dropdown list is only really suitable for an “edit” RCDC, though I may cover later methods in which you can use this for a “create” RCDC.

AD.4: Select resources from the Portal database to create a list of options

The last method I’ll present for populating a UocDropDownList supposes that you might want to provide a dynamic set of options based on objects that already exist in the FIM Portal – eg, if you created a separate Department object type in the schema, and wanted all of the department objects to appear in a drop down for selection. In fact, using this method, you can create a list of any single resource type in the FIM Portal – whether it’s a user, group, set, etc. The only downside is that there doesn’t seem to be a way to filter these results (that I’ve found).

The method was first hinted at in a suggestion made on the FIM Technet Forums by Henrik Nilsson and later expanded upon by Jacques Swanepoel. The only catch here is that even though each object’s display name will appear in the list, what you are actually populating the dropdownlist with are a series of object references, not string values – so you can’t store these directly into your string attribute (Department, in our example). What you can do, however, is store that reference in a separate attribute, and then use a simple workflow to dereference that object to get the display name (or any other attribute on the object) and assign the display name back into your string attribute.

Essentially, it works like this:

First, create the Department resource type in Administration->Schema Management and ensure that an MPR exists which gives the user access to read this resource.

Second, create a new reference attribute on your user object to store a reference back to one of those departments. In our example we will call it DepartmentReference.

Next, similar to the XmlDataSource, add a new ObjectDataSource to the top of your RCDC, after the TimeZoneDataSource. Very simply, this looks like this:

<my:ObjectDataSource my:TypeName="UocSearchDataSource" my:Name="search"/>

Lastly, edit your control to read all Department objects from that ObjectDataSource:

<my:Control my:Name="DepartmentReference" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=DepartmentReference.DisplayName}" my:Description="{Binding Source=schema, Path=DepartmentReference.Description}"> <my:Properties> <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=DepartmentReference.Required}"/> <my:Property my:Name="ValuePath" my:Value="Value"/> <my:Property my:Name="CaptionPath" my:Value="Caption"/> <my:Property my:Name="HintPath" my:Value="Hint"/> <my:Property my:Name="ItemSource" my:Value="{Binding Source=search, Path=Department}"/> <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=DepartmentReference, Mode=TwoWay}"/> </my:Properties> </my:Control>

NOTE1: We’re assigning a reference to a Department object (Binding Source=search,Path=Department) to the DepartmentReference field. Don’t get mixed up there.

NOTE2: Without any ability to filter the results returned by the UocSearchDataSource, this is of limited use. If anybody has figured out how to do this, please let me know so that I can update this guide. For example, it’d be nice to be able to specify a “default group” that the user should go into, via a drop down, without having a list of every single group within the system. The UocIdentityPicker and UocListView aren’t always suitable (or elegant enough) for our purposes.

And that’s it, the four different ways to populate a UocDropDownList. If youhave any questions, please post a comment

</QUOTE SOURCE=”Populating RCDC Dropdowns (UocDropDownList)”>

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, RCDC | 1 Comment »

(2013-02-06) Showing The Groups/SETs An Object Is A Member Of

Posted by Jorge on 2013-02-06


With groups and SETs you can see which objects are members (statically or dynamically) easily. This is of course from the perspective of the group or SET. BUT…. is it possible to show which groups or SETs an object is a member of? Yes, that’s possible and it’s quite easy! In this case I just do this for the Person object in the FIM Portal, but in general you can use this for any object, especially if you are thinking about SET memberships!

For EDIT mode of the Person object I edited the RCDC and added the following lines to show the security groups and the distribution groups a user is a member of under the TAB called “Group Membership Info”:

<my:Grouping my:Name="GroupMembershipInfo" my:Caption="Group Membership Info" my:Enabled="true" my:Visible="true"> <my:Control my:Name="memberOfSecurityGroups" my:TypeName="UocListView" my:Caption="Member Of Security Groups" my:Description="This User Is A Member Of The Following Security Groups..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,AccountName,Domain,Type,Scope,MembershipLocked,Owner"/> <my:Property my:Name="ResultObjectType" my:Value="Group"/> <my:Property my:Name="EmptyResultText" my:Value="The User Is NOT A Member Of Any Security Group..."/> <my:Property my:Name="ListFilter" my:Value="/Group[(Type='Security' and ComputedMember=/Person[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="memberOfDistributionGroups" my:TypeName="UocListView" my:Caption="Member Of Distribution Groups" my:Description="This User Is A Member Of The Following Distribution Groups..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,AccountName,Domain,Type,Scope,MembershipLocked,Owner"/> <my:Property my:Name="ResultObjectType" my:Value="Group"/> <my:Property my:Name="EmptyResultText" my:Value="The User Is NOT A Member Of Any Distribution Group..."/> <my:Property my:Name="ListFilter" my:Value="/Group[(Type='Distribution' and ComputedMember=/Person[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="20"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

It looks like is shown in the picture below.

image

Figure 1: Showing The Security And Distribution Groups A User Is A Member Of

For EDIT mode of the Person object I again edited the RCDC and added the following lines to show the SETs a user is a member of under the TAB called “SET Membership Info”:

<my:Grouping my:Name="SETMembershipInfo" my:Caption="SET Membership Info" my:Enabled="true" my:Visible="true"> <my:Control my:Name="memberOfSETs" my:TypeName="UocListView" my:Caption="Member Of SETs" my:Description="This User Is A Member Of The Following SETs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Description"/> <my:Property my:Name="ResultObjectType" my:Value="Set"/> <my:Property my:Name="EmptyResultText" my:Value="The User Is NOT A Member Of Any SET..."/> <my:Property my:Name="ListFilter" my:Value="/Set[ComputedMember=/Person[ObjectID='%ObjectID%']]"/> <my:Property my:Name="PageSize" my:Value="20"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

It looks like is shown in the picture below.

image

Figure 2: Showing The SETs A User Is A Member Of

Remember though, after editing the RCDC, to import it into the FIM Portal. Afterwards perform an IISRESET, close IE and reopen.

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, RCDC, SET | 2 Comments »

 
%d bloggers like this: