Hi All,
We have a small set of users (belonging to a particular department) who should be able to login to the portal and manage a select set of groups - the users should be able to add and remove members from these said groups. In most of the cases, the groups already exist in Active Directory and we bring them into FIM Portal.
I have done the following so far:
a) Created a set of users based on their departments - works fine
b) Created a set of groups that the users in (a) should be managing - works fine
c) Created 3 MPRs (resembling the MPRs that already exist for Group Management by administrators). 1 of these MPRs allows the set of users to read the attributes of the groups in the set in (b). The second allows the set of users to create and delete groups in the set. The third allows the set of users to "add a value to a multi-valued attribute", "remove a value from a multi-valued attribute", and "modify a single-valued attribute". In the list of attributes, I have included most of the attributes including "Manually-managed membership". All these 3 MPRs have the grant permission box checked.
I (as a member of the set of users in (a)), can login to the portal, view the groups in set (b), modify the description, add an owner, remove an owner etc. When I try to add or remove a member from a group where I am one of the owners, everything is fine. BUT, when I try to add or remove a member from a group where I am not listed as an owner, it gives me an "Access denied" error with these details: "The request included members which the requestor is not authorized to add and/or remove from this group"
I am a member of the set in (a) and can remove/add members from the groups that I am the owner of. My questions are:
A) What else do I need to do to add/remove members from a group that I am not the owner of but this group still belongs to the set (b).
B) Why does the Portal force me to add an owner to every group that of set (b) that I click to view/edit. Isn't there a way around that i.e. not having to put any owner and still be able to add/remove members. For all the groups in set (b), the Join Instruction is set to "None" (i.e. any user can become a member of the group).
I hope someone can shed some light on this. I have seen similar questions on the forum from a few years ago but they hadn't been answered (completely).
Thanks