FIM portal data validation
Hi,
I've implemented some basic data validation in the fim portal by editing the rdcd configuration for user editing control. I've added a regex expression for post code with a value of "^[0-9a-zA-Z\s]*$"
Most of the examples I come across regarding portal validation all refer to copying the rcdc, creating a new control and then modifying that. My way seems to work, but I wanted to know if there's a good reason why I can't modify the xml associated
with the original rcdcs?
Thanks
IT Support/Everything
You can and this is the only way to accomplish this task.
But if you don't succeed, the easiest way is to rollback to default look - and that's why everybody's suggestion is to copy exported XML - just to have backup in case you have to roll back your changes :)
Also, if you want to create RCDC for custom object, it is easier to copy any other XML and change it according to your needs than creating it from scratch
Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.
Similar Messages
-
When we synch data from AD to FIM Portal 2010 r2 the data is not updates in FIM Portal.
Hi,
When we synch data from AD to FIM Portal 2010 r2 the data is not updates in FIM Portal.
Active directory attribute co have value vietnam but in FIM Portal country attribute have value VIET NAM
we simply mapped AD Attribite to FIM Attribute for inbound
co===>country
why this happen
Regards
Anil KumarAnil, please check what do you have in metaverse. It seems that you have attribute flow precedence configured in a way that doesn't export to FIM Portal.
Let's say you have flows like:
(AD MA)
Import flow: (AD) description -> (metaverse) description
(FIM MA)
Import flow (FIM) description -> (metaverse) description
Export flow (FIM) description <- (metaverse) description
And you have higher precedence from FIM. Then, you would never have FIM value updated - even if value in AD changes. It would be exported to FIM only when you don't have this attribute filled in FIM.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
Hi,
***Problem
I encounter a problem with FIM (version 4.1.3441.0 and 4.1.3496.0) when I try to delete a User object (and only a User object) whatever if it is
manually/Expiration Workflow/Powershell.
Deleting a User object used to be perfectly functional and, without any product version modification, stopped working. I haven't neither deleted/modified or add a
"Grant" MPR or any of the corresponding Sets since last time I saw it working.
Displayed error is "Request could not be dispatched" in FIM Portal and is referencing a stored procedure in Event Viewer.
***Error details
When I try to delete a User object, here is the output :
Portal
"Processing error" on submit
with the following details
Request status is stuck at "Validating" until next restart of FIM Service (after what it becomes “Canceled”)
Request’s “Applied Policy” tab does not contain any MPR where, at least, a “Grant” MPR is expected
As SQL Timeout is relatively high and error happens quickly, I don’t think there is a Timeout problem under that.
Logs
« Application »
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly.
The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.
Ensure the portal configuration is present and points to the resource management service.
« Forefront Identity Manager »
Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements,
Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition" because it does not exist or you do not have permissions.
Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State
1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements, Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition"
because it does not exist or you do not have permissions.
Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult
result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.ResourceManagement.Data.DataAccess.UpdateRequest(RequestType request, IEnumerable`1 updates)
--- End of inner exception stack trace ---
Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4
Correlation Identifier: e7209633-46d0-4f4b-a59e-807649ef71ea
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.InvalidCastException: Specified cast is not valid.
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier,
Boolean maintenanceMode)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Delete(Message request)
--- End of inner exception stack trace ---
For information, a maintenance plan rebuild/reorganize indexes daily and this problem has occurred on servers with different performances.
Is any of you has already encounter this problem ?
Any help would be greatly appreciated,
Thanks in advance for your help,
MatthewWhile there are several SQL Agent jobs (FIM Temporal Events, Maintain Sets, and Maintain Groups among others)created by the FIM install only one of those is enabled and scheduled and it calls all of the same stored procedures that the other
jobs do. Step 2 is Maintain sets and Step 3 is maintain groups. So the Maintain sets and groups jobs never need to get enabled and scheduled, but if you want them to be maintained more frequently then you can.
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html -
Custom resource/attribute not visible in FIM portal for non-admins
hi all
I have a problem I am not able to solve and hope somebody can help. We have created an custom Resource in the FIM portal called Customer. It is an User Resource Type and attribute type customer, data type=reference.
We have made this attribute visible in the Users Properties by editing the RCDC for Configuration for User Creation, Configuration for User Editing and Configuration for User Viewing. It is now visible for alle users in the FIM Portal.
But when an non-admin searches for an attribute in that Field, nothing shows up.... only member of the administrator set, are able to display the results.
I have added the Resource to Filter permission - Administrator Filter permission + non-administrator filter permission.
I have added the Resource to MPR - General: Users can read non-administrative configuration resources?
Can anyone help?
Best regards Andre
AndreHi,
To be clear,
You have create one new resource type 'Customer' and one attribute 'Customer' (Reference, binded to Person object)
Update RCDC for Person (create/edit/view) to add a picker attribute with those parameters
UsageKeywords: This is an optional string property. You can define a list of search scopes to be used in the Resource Picker by providing a list of the usage keywords that are supported by the SearchScopeConfiguration structure, where each keyword is separated by a (‘).
ResultObjectType: This is an optional string property. The resource type is used to render resources in the pop-up dialog-box list. This is used with the Filter to help the Identity Picker identify what resource type is returned by the Filter, and render the data accordingly. This property is mutually exclusive with the UsageKeywords property (see above). When the search scope is applied, this has no effect. The string that is accepted for this property is any single, valid, resource-type name, for example, Person. When the filter is expected to return multiple resource types, Resource is used.
Modify MPR "User management: Users can read attributes of their own" and "User management: Users can read selected attributes of other users" to add this new attribute
Create a new MPR to give the right of all users to view new resource 'Customer' on all attributes
Is that right?
Regards,
Sylvain -
I have just installed the FIM portal into my test environment. The synchronisation service was already working perfectly (can provision users from a .csv file).
The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:
Unable to process your request.
Please contact your help desk or system administrator.
Error processing your request: The server was unwilling to perform the requested operation.
Reason: The requester of this operation is invalid.
Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8
Details: The requestor's identity was not found.
>Go to Forefront Identity Manager home page
(The web page header does show the FIM logo, so the portal itself is there).
In the ForeFront logs on SPF1, I get the following:
Log Name: Forefront Identity Manager
Source: Microsoft.ResourceManagement
Date: 1/13/2015 5:48:08 PM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
<EventRecordID>523</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
</EventData>
</Event>
Log Name: Forefront Identity Manager
Source: Microsoft.ResourceManagement
Date: 1/13/2015 5:48:08 PM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
<EventRecordID>522</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
</EventData>
</Event>
Further, I note that it has trouble connecting to the web exchange connector. I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for? I'm connecting to "mail.testdomain.internal",
although that's actually a NLB group between two CAS/HUB servers.
Log Name: Application
Source: Microsoft.ResourceManagement.ServiceHealthSource
Date: 1/13/2015 7:43:49 PM
Event ID: 12
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the
Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
<EventID Qualifiers="0">12</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
<EventRecordID>7581</EventRecordID>
<Channel>Application</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the
Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
</EventData>
</Event>
I'm not really sure where to start investigating at this point. The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could
be mistaken).I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
-
PO Confirmation with Delivery Date Validation Check
Dear Experts,
We have requirement in SNC to restrict PO confirmation within a agreed Delivery Date tolerance. This Delivery date validation should work similar to the Quantity validation we have in SAP standard through the PO_ITMUNDERDELIVERY/ PO_ITMOVERDELIVERY validation profiles.
So the business wants that the Suppliers can only Confirm a PO when the Delivery date in the confirmation is within agreed tolerance (-5 / +1 day ) of the requested delivery date.
Can you please let us know if there is some standard way through configurations to achieve this. I looked for validation profiles available for delivery date, but could see only for Quantity validations.
Another option we looked for was to have a Z Table to store this Delivery date tolerance (-5/+1 days), and implement the BAdi /SCMB/BOL_VALFRMWRK to achieve through custom developments.
Please let me know what solution options we can have for this requirement, as it is urgent.
Thanks & Regards.
Shiv.Hi Shiv,
I think there is no need for Z-customization and you can achieve this standard way only thing you have maintained OWN validation:
After below setting whenever Supplier try to give confirmation which is out side tolerance then system won't allow him to save the confirmation and if supplier is EDI which sends ROC_IN confirmation XML will fail in SNC (You can see that XML in SXI_MONITOR tcode in SNC).
SPRO>Supply Network Collaboration>Basic Settings> Validation>Own Settings-->Maintain Settings in Validation Profiles
And maintain below setting
Profile:POC3
Val.Check:PO_ACCEPTED_CONF_PUBLISH
Status:Active
Msg.Type:E(Error )
Save Mode:DO Not Save message
Continuation mode:Discontinue checks
Checked
Checked
1-Error
Profile:POC8
Val.Check:PO_ACCEPTED_CONF_PUBLISH
Status:Active
Msg.Type:E(Error )
Save Mode:DO Not Save message
Continuation mode:Discontinue checks
Checked
Checked
1-Error
If you want alert whenever PO confirmation is not within tolerance activate the alert type 7035
Path:SPRO>Supply Network Collaboration>Exceptions>Alert Type Activation>Activate Alert Types
Alert type=7035
History=<Blank>leave this entry blank.
save this entry.
If you want receive alert as email then maintain email alert notification:
See the below link:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8009bba5-7806-2d10-0b80-fa26d8bcb07c?QuickLink=index&overridelayout=true
In the above link you need to change alert type from 7051 to 7035.
Regards,
Nikhil -
SQL Deadlock after deleting person object in FIM portal
Hello everybody,
I have an issue on FIM portal after deleting person object.
On FIM Portal, I have an error message: access denied.
I'm on 4.1.3496.0 version.
On event viewer, I see following deadlock:
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTranstionsMembershipConditionEvaluation, Line 2298, Message:
Transaction (Process ID 54) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
--- End of inner exception stack trace ---
Did you ever see that ?
Thank you.
AnthoThere are several possibilities:
1) Could be caused by
multiple workflows trying to act on the object
2) Could be a flaw in the product like happened with an older version
(4.0.3594.2) the
kb article says: Fixes
an issue with SQL Server deadlocks that might occur during periods of high concurrency of requests or approvals.
So I suggest looking at the request history -- look at the delete request and see which MPRs were applied and what workflows were spawned.
Does this happen a lot or just once in a while?
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html -
Hi all. I had a quick search but couldn't find what I was looking for.
Easy question.
I've setup the following flows:
FIM MA
(FIM)employeeEndDate -> (MV)employeeEndDate
AD MA
(MV)employeeEndDate ->(AD)accountExpire (I have a rule extension to convert it to a UTC etc)
If I enter an enddate on a person object in the FIM portal it will flow to the MV and then flow to AD (via the AD CS/MA).
But (as with all attributes, this is just an example) if I remove the enddate on the person object in the FIM portal it will in turn delete the attribute (AD)accountExpire in the CS of AD.
This is normal and expected... My question is. How do I flow a NULL and still have the CS attribute retain a value?
I'm not wanting to flow a NULL to the destination but I am taking a NULL in as a source (I am working with rule extensions, I have tried a 'ispresent' but as there's no longer a 'space' to flow to it does nothing, I'm stuck with between flow NULL or do nothing,
depending on if I allow NULLs to flow).
The reason is the AD attribute accountExpire is never NULL, but either a date or "0" or "9223372036854775807"(Taken from the MSDN page: )
I had thought of using a RE on the import rule of the FIM MA but you can't use RE there.
I hope I've made the question clear, thank you for any help or tips in advanced.Try adding a second attribute for your rules extension when exporting from the MV that always has a value (Ctrl + click the other attribute). This will ensure that the rules extension is always fired, something like this:
(MV) accountName
(MV) employeeEndDate --> (AD) accountExpires
From there you should be able to use .IsPresent to check for a value, and flow out the correct value in your rules extension. -
Unique username generation when creating new user via FIM Portal?
Hi,
Is it possible to create a new user using the FIM Portal, and have FIM create the unique username upon submission of the request in the Portal?
So effectively, when you create a new user in the Portal, the 'accountName' attribute would not be a mandatory field and therefore removed from the GUI using RCDC , and instead be generated based upon the unique AD username rules.
Thank you.Just my 2 cents worth ... make sure you identify and test the "edge cases" for whatever solution you end up implementing, and don't just assume a solution that works for someone else will automatically work for you in 100% of cases (this is most likely why
this feature is not OOTB, even though most people would want something like this from the get-go).
To be specific, I have implemented option #2 myself with success, after initially implementing option #3 and running into grief with a particular use case (education environment end-of-school year roll-over involving large numbers of concurrent leavers/joiners
in the same import/sync cycle). To be specific, when implementing a workflow-based solution to do this there is a small but nonetheless realistic chance that 2 user requests being processed in parallel calculate exactly the same AccountName value, and
of course one will succeed and the other will fail ... and of course by default this will fail the entire request.
I solved the problem in my case by adoption option #2 using an approach where I reserved a unique accountName in the MV (downside is that in some cases the user may never end up being provisioned to AD if this is in advance of the actual hire date), thereby
avoiding clashes by getting the FIM Sync Service to control integrity rather than the FIM Service where parallelism is a design feature :).
So just make sure you understand the pros and cons of each approach when deciding what is best for you. Note that this discussion has come up many times before on previous posts on this forum, and it will be worth looking through these if you are still
in the early stages of formulating your approach.
Bob Bradley (FIMBob @
TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM -
If an Organisation wants a User (lets Say- Paul Walker) to act as a Sub-Administrator, Who can see the Security Groups or My SGs or My SGs Membership in its Naigation Resource Bar in Fim Portal and the Search Scope as well to view
that Data.
Found a Solution.
Hello,
NavigationBar, HomepageResources and SearchScopes are also displayed via Permission MPRs.
You have to deal with UsageKeywords also. You can get an overview of how this works if you take a look on how this is done with the BasicUI Keyword to display the default elements.
As an example you can do the following:
1. Add the Usage SubAdminUI to the Navigation, Homepage and Searchscope elements you need.
2. Create a set for each of the 3 having a dynamic filter UsageKeyword = "SubAdminUI"
3. Create a set to combine the 3 sets to one using filter ResourceID in "Name of the Sets"
4. Create a Set "SubAdminUI Users" and add the Admin Users to them. (dynamic or static)
5. Create an permission MPR and grant SubAdminUI Users read to the Objects in Set created in Step 3
6. Perform an iisreset to clear cache
You should now see the Portal elements as the SubAdmin. Next you need make sure that SubAdmin can read and edit group resources. Create permission MPRs as well for this. How to do this depends on if you use the owner attribute of the groups or not.
Regards
Peter
Peter Stapf - Doeres AG - My blog:
JustIDM.wordpress.com -
I'm trying to install KB2870703 however I have our servers setup this way:
Server A: FIM Service & Sync Service
Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal
When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly
The errors from the log:
Action 12:27:15: CheckSharepointAdminServiceRunning.
Action start 12:27:15: CheckSharepointAdminServiceRunning.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
SFXCA: Binding to CLR version v2.0.50727
Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value .
at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
Action ended 12:27:15: INSTALL. Return value 3.
Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\On Wed, 26 Mar 2014 00:15:57 +0000, jmanley WI wrote:
I installed it on server B I need to install on server A to update the Database Schema. My understanding is having the portal seperated from the portal is supported. Is that incorrect?
You don't mention the FIM Portal at all in your first post.
Paul Adare - FIM CM MVP
"The day Microsoft makes something that doesn't suck is probably the day
they
start making vacuum cleaners" -- Ernst Jan Plugge -
Hi,
One of my user is facing issue in creating new time sheet,
"The time sheet creation failed, because of problems with the project server or with data validations".
This issue is coming to only few members out of 10000 members.
Note: For the same user, can able to do in other machines. only the problem in his machine. Have ran the office diagnostics, but still the problem persists.
Is any add-on's/any settings need to update in IE. Could any one please help me on how to fix this issue?
Many thanks in advance.I would check the compatibility settings in IE etc, or try another browser (chrome, safari etc.)
Ben Howard [MVP] | web |
blog | book -
Excise Invoice Cancellation on Date validation only
Hi Experts,
i am having critical requirement from Business, which is not available in SAP Standard, So i need help from you guys...
Excise invoice can be cancelled on the same day of system/posting date. but when the system date and posting dates are not matching it should through error..
Example : i created Excise invoice on 17th june,2011 this is posting date of excise invoice, if i try to cancell on 17th june , it should allow.
but when i try to cancell the excise invoice on 18th june (system date) , it should not allow to cancell and it say Error !!!
i heard there will be possible through User Exit OR Function Module OR Routins ... Please help me
Thanks and Regards
MadhuDear Madhusudhanan,
Following are the list of User Exits available for J1IIN
J_1I7_USEREXIT_EXCISE_BEF_SAVE User exit after the excise header and details are written and they can changed in J1IS , J1IIN and Automatic creation of Excise Invoice.
J_1I7_USEREXIT_EXINV_ADDL_DATA User exit for Excise Invoice Additional Data in J1IS and J1IG
J_1I7_USEREXIT_J1I5_MATFORM User exit for J1I5 material form changes
J_1I7_USEREXIT_J1I5_VALIDATE User exit for subsequent J1I5 data validation
J_1I7_USEREXIT_J1IEX_BEF_SAVE User exit for J1IEX before the data is saved
J_1I7_USEREXIT_J1IEX_CHANGE User exit for changing data before display
J_1I7_USEREXIT_J1IS_BASE_VALUE User exit to Change base value in J1IS
I strongly believe that the first exit will serve the purpose.
Now if you are cancelling it using J1IH, Check the following thread.
J1IH-User Exit
Thanks & Regards,
Hegal K Charles -
How to delete the orphaned Expected Rule Entries exist in the FIM portal
Hi,
How to delete the orphaned Expected Rule Entries exist in the FIM portal.
A large number of orphaned Expected Rule Entries exist in the FIM portal (originally 140000k+ objects, currently 75000+ objects). They consume the a lot of FIM database space and slows down the identity lifecycle management synchronization processes.
Regards
Anil KumarHello,
in my environments i use this approach:
https://social.technet.microsoft.com/Forums/en-US/1af6cf77-4c55-4a3e-93cc-0baae80bc88f/expiration-workflow-cannot-delete-ere?forum=ilm2
This sets up a compination of Sets, Workflow and MPR to let the "Expiration Workflow" delete EREs as soon as they get orphaned.
This works fine since 3 years now, even if there are comming SQL-Jobs within a FIM update, but I implemented this before this was done.
I would suggest to clear the current orphaned EREs with PowerShell to avoid request flooding when implementing the above solution. Then implement that housecleening above.
Regards
Peter
Peter Stapf - ExpertCircle GmbH - My blog:
JustIDM.wordpress.com -
Data Validation - a feature that Numbers really needs.
Right now, the newly purchased Numbers app for iPad/iPhone is little more than a crippled document viewer for me because numbers doesn't support 'data validation' (as implemented in excel).
Its not a hard concept and likely utilized in a LOT of spreadsheets on the planet. Not supporting such a critical feature is a problem, as it makes numbers, at least for me, rather pointless as an authoring tool since I cannot change or update data in my worksheet without likely corrupting the document's data integrity.
Hopefully, someone at Apple is working on fixing this.
Given that one cannot use data validation - how do I lock down a spreadsheet so I don't accidentally change cell contents?
The fact that there is no 'undo' button on the iPhone version that I do get on the iPad (same app) makes it worse.. I'm occasionally and unintentionally dragging selections of stuff around the page really hosing up the iPhone spreadsheet.
So I need to just remember what needs to be updated, update the excel spreadsheet when I can, then delete the iWork-iCloud doc, upload the replacement, then refresh the iPhone/iPad version.. very cumbersome and not at all 'cloud-like' or usefull.
Apple developers.. are you paying attention?Yeah I know that apple likely has the same system as Microsoft in sending general support to a forum such as this. And maybe thae same stupid moron that not paying attention to the forums if their users is a food idea.
That doesn't change the point of the issue nor that apple directs ,e here to ask said question
Written in the iPad split soft keypad that covers up the forum post I'm typing. Joy
Maybe you are looking for
-
My iCal has frozen when I tried to add a cut and paste to the calendar for notes on a meeting I'm attending. I have to force quit but the next time I open it is still frozen and everything I've tried doesn't erase the message so I can continue using
-
How to find delete message from iphone
how to find delete message from iphone?
-
How to pass a LogicalSchema as parameter
Hi all, is there a way to pass the LSchema to a package? I try to explain my situation. I have a source with 3 different schema (one for each company) with the same table structure. I have a target with 3 different schema (one for each company) with
-
Correct NLS_LANG in distributed environment
I have a 10.2.0.4 database running locally on Windows 2008 64-bit. That database runs with a database character set of WE8ISO8859P1 (not my choice!). If I run SQL*Plus on that server and enquire what client NLS_LANG settings are in place, I get this:
-
Problems with itunes can't log in
My itunes was working fine this week until wednesday and I couldn't log in to itunes store i dont an error message I get an accessing itunes store and thats it. I tried all the apple support and it still doesn't work, also tried to reinstall it and c