GroupID 8 - Self-Service
With the GroupID 8 new role-based architecture, we can apply the New Object policy differently for different roles. For example, we can:
- Limit users to create objects in one or more specified containers.
- Configure a default container for creating new objects. With this, you can apply any of the following scenarios:
- Allow users to create an object in the default container or select another container.
- Enforce the default container and disable container selection.
- Enforce the default container and hide the container option completely from users.
This article addresses the topic of configuring a default container and then applying the three scenarios to it.
Using the Self-Service portal, we can create User, Contact, Group, Smart Group, and Mailbox, based on what is allowed. See How To: Allow creation of specific Objects from Self Service?
The Create wizard in the Self-Service portal can be customized from the Designs node in GroupID Management Console; this allows us to have different Create wizard configurations and customizations for each object.
In this article, we will configure a default container for creating new groups and see how container selection can be disabled or made hidden in the Self-Service portal.
- In GroupID Management Console, select Self-Service > Portals > [required portal] > Designs [required identity store].
- Click the Create Object tab. This tab is used to customize the Object Creation wizard.
- In the Select Directory Object drop-down list, select the object for which you desire to set a default container. For reference in this article, I have selected Group.
- In the Name list, select General and click Edit.
- On the Edit Category dialog box, select Container in the Fields area and click Edit.
- On the Edit Field dialog box, click Advanced options.
Provide the distinguished name of the container that you want to set as default in the Default Value box.
On the Create Group wizard in the Self-Service portal, the specified container will be selected as the default container for creating new groups. However, users will be able to click Browse and select another container.
On the Edit Field dialog box, if you specify a default container and select the Is Read Only check box, no user under any role will be able to select a container while object creation. Rather, users will only be able to create new groups in the default container. In this scenario, the New Object Policy we defined in Limit the New Object Creation to one or multiple Containers will become insignificant for group creation but will still remain meaningful for creating other objects.
On the Create Group wizard in the Self-Service portal, the specified container will be displayed as the default container and the Container field will be disabled. Users can only create new groups in the default container.
On the Edit Field dialog box, we can use the Visibility Role option to select which user role will be able to see the Container field in the portal. When we select a role under Visibility Role, only the selected role and roles with a higher priority value will be able to see the Container field. All roles with a lesser priority value will not be able to see or change the default container.
On the Create Group wizard in the Self-Service portal, the Container field will be hidden and users will be creating groups without knowing the container the group is being created in.
If we are hiding the Container field for any role, we must provide a default value for this field; else those roles will not be able to create a group since the container is a mandatory field.
- How To: Enforce Group Type as Distribution or Security Groups
- How To: Allow creation of specific Objects from Self Service
- How To: Limit the Container Selection to one or multiple Containers
In previous versions, this was a portal setting; newobject.container.