This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to generate a Managed Unit on the fly based on a users department or site code?

Hello,

Is it possible to generate a Managed Unit on the fly based on a users department or site code?

Client has large number of AD user accounts, wants to limit the view and modification to only users in same department or site code.

I was looking at Managed Units for the fix but the client has over 1000 departments / site codes.

Is it possible to generate an managed unit for the user to view only those users in their site?  without creating 1000+ MUs?

Like a on demand MU ?

Parents
  • Assuming you are talking about a delegated admin seeing "their" users, you could achieve this by making the user a SecondaryOwner (AR virtual attribute) of the user population in question and setting the perms on a generic MU such that only Secondary Owners can see (and/or edit) objects.  AR will automagically filter the view for you so no need for lots of MUs.

  • I have created an MU named  (All APAC users), it just queries all APAC users from other OUs in AD.

    Attempted to grant secondary admins as an AD group and/or a specific user.

    Delegated the User-Helpdesk AT on the MU to the ARS built-in secondary Owners.   

    This is not show any users?

    As the secondary owner, I can only see the MU container (delegated the AR-MU view).

Reply
  • I have created an MU named  (All APAC users), it just queries all APAC users from other OUs in AD.

    Attempted to grant secondary admins as an AD group and/or a specific user.

    Delegated the User-Helpdesk AT on the MU to the ARS built-in secondary Owners.   

    This is not show any users?

    As the secondary owner, I can only see the MU container (delegated the AR-MU view).

Children
  • We don't know about the contents of your 'User-Helpdesk AT'.  Specifically, does it contain permissions entries for "seeing" the contents of AD?  Without these, you may not be able to see the objects (unless you have another access template that grants visibility - for example, Users - read all properties, Groups - read all properties).