Monday, November 17, 2014

FIM Create and Populate Custom Resources

Being new to Microsoft Forefront Identity Manager ( FIM 2010 R2), this apparently one simple task took quite bit of my time and lot of unsuccessful googling. Finally I figured it out by some help of one blogpost. 

Issue: I had created a new custom resource type and was then getting "access denied" errors while trying to create new resources for that type.

In summary the process of creating and populating custom resource types are

1. Create a new resource type, say Branch,  at  http://localhost/IdentityManagement/aspx/schema/Schema.aspx 

2. [Optional] create new attributes

3. [Optional] create new bindings (adding the attributes to your new resource type)

4. Create a new 'Set', say 'All Branches', for your resource type or reuse an existing 'Set' to add your new resource type. This is to allow the MPR to operate on the resource type when it comes to allowing or disallowing resources creation.

5. Either create a new Management Policy Rule (MPR) or update an existing one. What basically you want to do is to update the permissions so that an Admin or some other user is authorised to create new resources (or populate the new resource type ). In the MPR you choose permissions like create update etc and then for target resources you choose "All Branches" twice.

6. Now you can go to 
http://localhost/IdentityManagement/aspx/customized/AllCustomizedObjectTypes.aspx, select the new resource type from the list and then add new branches.

See the following blog for the steps but it was missing step 4 form above.