• State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 62 subscribers
  • Views 10579 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add Managed Unit to Self Service Site

lrigs
over 7 years ago

Hello,

Can someone tell me how to add a managed unit to self-service webportal in ARS?

I also need to add the search option to the self-service site.

Any assistance is appreciated.

I have both 6.9 and 7 that i use to manage separate domains.

We plan to move to 7 for the other but have not got there yet.

Thank you,

Lu

  • +1 over 7 years ago
    The challenge with what you are trying to do is that you are effectively moving from the Self Service Site's paradigm of a view of an individual user's details to the object browsing view offered by the "full" sites.

    The "quickest", most supportable way to get there would be to take a copy of the Admin or Help Desk site and, using the built-in customization capabilities, remove those elements you don't need. You could even keep your Self Service site and just add a link to this custom site from its home page. Yes, it's tedious and a bit clumsy but it will get you there.

    I believe the alternative would get you into making invasive site modifications to your Self Service site that you may find don't tolerate upgrades well.

    My 2 cents.
  • 0 over 7 years ago
    Thank you Johnny for the suggestions. I will try this out.
    I apprecaite the quick response.
  • 0 over 7 years ago
    Johnny,
    I was able to copy the web site and remove all items from the new site.
    Can you tell me if you have any methods for a membership rule that will state Primary Owners.

    Essentially I want a managed unit that will list all the group the person logged on is primary owner of.
    I have the managed unit and all the ARS Templates for users to view users/group and add / remove if primary owner. Now i just need a way for a user to see a list of all the groups they own. The search method will allow them to find the groups but wanted to see if I can do a little extra and give them a list.
    Thanks again for all your help.

    Lu
  • +1 over 7 years ago

    I would suggest you use the edsvaPublished virual attribute to include groups in your MU.  Stamp this to TRUE on groups you want in there and then reference this virtual attribute in your membership rule.

    The next part is setting the delegation on the MU.

    You want to make the Primary Owner as the Trustee (this is an AR built-in object/alias) - you can find in the AR object picker and then select the "Self - Group Management" access template (found under the User Self Management category of pre-defined Access Templates) to grant the Owner access.

     

     

     

    This should get you down the path you want.

  • 0 over 7 years ago
    Johhny,
    Thanks for all the help.
    I was able to get it worked out and have exactly what i need.

    I created a MU with the groups in scope without using the is Published virtual attribute.
    Then I added the "Self - Group Management" access to Primary and Secondary Owners.
    Lastly i added Authenticated Users with a custom template that has the following permissions.
    MU Read control
    MU List Content
    Container List
    Container List Content
    Container Read All
    OU Read All
    Domains - Read

    I now how a MU that users can list the groups where they are the ManageBy.
    This is great!!!
    Thank you for all your help!
    Lu
  • 0 over 7 years ago
    Excellent! You are most welcome.

    Yes, my bad - I forgot to add something about granting read access to the MU structure.

    FWIW, what I've normally done for that was to create a group called "Group Owners" and grant it the read access that you gave to Authenticated Users.
  • 0 over 7 years ago
    Thanks for sharing this solution!

    Johnny, regarding that "Group Owners" group, would this be done through a Dynamic (query based) group? Or do you have a different method for that?
  • 0 over 7 years ago

    Concern: ARS SSM Published Groups functionality (scenario 'User triggers request to resource/group') was removed from ARS 6.8 and later in favor for One Identity Manager.
    Now you recreating the scenario with means of the ARS engine manually.
    The scenario requires built-in ARS objects: "Self - Group Management" access template, "Owner - Group Management' to be provided by ARS OOB. After decommission of the scenario, it might be possible that some of the objects left as legacy, but not supported anymore.
    Therefore, for Enterprise Level Front End Application "ARS", I would raise concern of supportability of the scenario in future releases (like legacy "Self - Group Management" AT not used anymore for any other purposes).