Applies To:
GroupID 8, 9, 10 - Self-Service
Business Use Case:
With the GroupID role-based architecture, we can specify a different New Object policy for different roles. For example, we can:
- Limit users to create new objects in specified containers.
- Configure a default container for creating new objects. With this, you can apply any of the following scenarios:
This article addresses the topic of configuring a default container and then applying the three scenarios to it.
More Information:
Using the Self-Service portal, we can create User, Contact, Group, Smart Group, and Mailbox, based on what is allowed. See How To: Allow users to create specific objects using Self Service.
The Create wizard in the Self-Service portal can be customized from the Designs node in GroupID Management Console. This allows us to have different Create wizard configurations and customizations for object types.
In this article, we will configure a default container for creating new groups and see how container selection can be disabled or made hidden in the Self-Service portal.
Steps:
- In GroupID Management Console, select Self-Service > Portals > [required portal] > Designs [required identity store].
- Click the Create Object tab. This tab is used to customize the Object Creation wizard.
- In the Select Directory Object drop-down list, select the object for which you desire to set a default container. For reference in this article, I have selected Group.
- In the Name list, select General and click Edit.
- On the Edit Category dialog box, select Container in the Fields area and click Edit.
- On the Edit Field dialog box, click Advanced options.
-
Next, you can apply any of the following options:
- Specify a default container while allowing users to change it.
- Enforce a default container and disable container selection.
- Enforce a default container and hide container selection.
Specify a default container while allowing users to change it:
In the Default Value box, provide the distinguished name of the container that you want to set as default.
Expected Results:
On the Create Group wizard in the Self-Service portal, the specified container will be selected as the default container for creating new groups. However, users will be able to click Browse and select another container.
Enforce a default container and disable container selection:
On the Edit Field dialog box, if you specify a default container and select the Is Read Only check box, no user under any role will be able to select a container during object creation. Rather, users will only be able to create new groups in the default container. In this scenario, the New Object Policy we defined in Limit users to create new objects in specified containers will become insignificant for group creation but will still remain meaningful for creating other objects.
Expected Results:
On the Create Group wizard in the Self-Service portal, the specified container will be displayed as the default container and the Container field will be disabled. Users can only create new groups in the default container.
Enforce a default container and hide container selection:
On the Edit Field dialog box, we can use the Visibility Role option to determine the user roles who will be able to see the Container field in the portal. When we select a role under Visibility Role, only the selected role and roles with a higher priority value will be able to see the Container field. All roles with a lesser priority value will not be able to see or change the default container.
Expected Results:
On the Create Group wizard in the Self-Service portal, the Container field will be hidden and users will be creating groups without knowing the container the group is being created in.
| Note: | If we are hiding the Container field for any role, we must provide a default value for this field; else those roles will not be able to create groups. |