I am using CA IDM 14.0 version and i want to add a custom criteria for Show only objects meeting the following rules in Search User Screen.
From Search User Screen, only user reporting to admin (logged in user) should display, for this i want to put rule like manager = Admin's login id
But i am not able to find this kind of rule for Search User Screen.
Can anyone help me on this ?
Thanks in advance
This is configured in Admin Role's member scoping rules. Specifically, you create an Admin Role, add the tasks that you want the members of this role to be able to execute and then you also define which objects are in scope (including users). See a screenshot of what you are asking for:
Thanks for your reply!!!
I have tried with this and it is working, but facing issue with below scenario.
Scenario is to update Users Manager and requester is User's current manager.
1. I have created a manager Admin Role with scope rule as User's Manager = admin's UserID.
2. I have created task to Update users manager and added it to manager admin role.
3. applied user search screen which is giving only users reporting to manager.
4. To update manager, i have given an User Selector field to search new manager, but as the scope of this task is set to User's Manager = admin's UserID, its not returning all users.
I really appreciate if you can help me on this scenario.
Also with Scope Rule as User's Manager = admin's UserID, i am getting error while updating manager, its saying User is not in admin scope on manager update.
Thanks in advance !!!
Sorry for the belated response. I am traveling and I did not have access to an IM console.
For every task there is a possibility to disable the following behavior (from IM documentation):
The following is the screenshot of the setting I am talking about:
On the other hand, because the scope of the users is limited based on the Admin Role members rule you specified, using the default search options such as a user selector you cannot view users outside of the Admin's scope. So if you want to provide a type of a selector for your manager you may need to write a Logical Attribute Handler or similar.