Manualshelf

System information

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
919293949596979899100
Identity Manager Administration Guide
Page 94 Identity Manager 7.1 Update 1 Release Notes
You can use the
EndUserControlledOrganizations
rule to define whatever logic is
necessary to ensure the right set of users are available for delegating, based on your
organizational needs.
If you want the scoped list of users to be the same for administrators, whether they are
logged into the Administrator interface or the End User interface, you must change the
EndUserControlledOrganizations
rule as follows:
Modify the rule to first check whether the authenticating user is an administrator, and then
configure the following:
If the user is not an administrator, return the set of organizations that should be
controlled by an end user, such as the user’s own organization (for example,
waveset.organization
).
If the user is an administrator, do not return any organizations so the user only controls
organizations that are assigned because that user is an administrator.
For example:
<Rule protectedFromDelete='true'
authType='EndUserControlledOrganizationsRule'
id='#ID#End User Controlled Organizations'
name='End User Controlled Organizations'>
<Comments>
If the user logging in is not an Idm administrator,
then return the organization that they are a member of.
Otherwise, return null.
</Comments>
<cond>
<and>
<isnull><ref>waveset.adminRoles</ref></isnull>
<isnull><ref>waveset.capabilities</ref></isnull>
<isnull><ref>waveset.controlledOrganizations</ref></isnull>
</and>
<ref>waveset.organization</ref>
</cond>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</Rule>