Managing other users' BHOLD roles in the FIM Portal
Applies To: Forefront Identity Manager
By using the Microsoft BHOLD features in the Microsoft Forefront Identity Manager 2010 R2 SP1 (FIM) portal, you can request activation of roles for yourself or for other users that you supervise. When requesting role activation for others, you can perform the following tasks:
See an overview of the roles of users that you supervise
View the users that you supervise
Request activation of a role for another user
Revoke a role for another user
Delegate a role for another user
View requests that you have submitted
See an overview of the roles of users that you supervise
The BHOLD features in the FIM Portal include a dashboard that provides summary information about the roles and the permissions assigned to users that you supervise. Two bar charts presented: one that shows the number of roles assigned to the top 10 users (by number of roles), and one that shows the number of access rights (permissions) granted to the top 10 users (by number of permissions). The two lists will vary because some roles grant more permissions than others.
To see an overview of the roles of users that you supervise
- In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Dashboard tab.
View the users that you supervise
You can see a complete list of the users that you supervise, including their email addresses and the departments (organizational units) that they belong to.
To view the users that you supervise
- In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the My Users tab.
Request activation of a role for another user
You can request activation of a proposed role for a user that you supervise. If the role requires approval, the required approvers will be sent an email message informing them of the request and providing instructions on how to approve or deny the request. If the role does not require approval, BHOLD will automatically activate the role.
To request activation of a role for another user
In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Manage Users tab.
On the New Request page, under the Add column, click the button next to the user that you want to activate a role for, and then click Select User.
In the Activate column, select the check box next to the role that you want to activate.
Tip
You can select more than one role.
Tip
To see the permissions granted by the role, click the Information button next to the role name.
In the Context list, if the user belongs to more than one organizational unit in the list, click the organizational unit for which you want the role to be activated.
In Justification, type information you want to send to approvers that explains why the user needs the role to be activated.
Select the Period check box if you want to limit the duration when the role will be effective, and then click the Calendar buttons to select the beginning and end dates.
Select the Receive notification when approved if you want to receive an email message informing you when the request has been approved.
Click Submit Request(s).
Revoke a role for another user
When a user that you supervise no longer needs the permissions provided by a proposed role, you should revoke the role to prevent the user from having inappropriate access to applications and information that the user no longer uses.
To revoke a role for another user
In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Manage Users tab.
On the New Request page, under the Add column, click the button next to the user that you want to revoke a role for, and then click Select User.
On the New Requests page, under Manage current roles, in the Revoke column, select the check box next to the role that you want to revoke.
Note
Only proposed roles that were previously activated have check boxes. Other roles are assigned automatically and cannot be revoked.
Tip
You can select more than one role.
Click Submit Request(s).
Delegate a role for another user
You can delegate a user’s role to another user. This is useful if you need the delegated user to be able to perform actions on behalf of the user who was originally assigned the role. You can limit the duration during which the delegation will be effective.
To delegate a role for another user
In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Manage Users tab.
On the New Request page, under the Add column, click the button next to the user that you want to delegate a role for, and then click Select User.
On the New Requests page, under Manage current roles, in the Delegate column, select the check box next to the role that you want to delegate.
Note
Only proposed roles that were previously activated have check boxes. Other roles are assigned automatically and cannot be delegated.
Tip
You can select more than one role.
In Delegate to, type the name of the user you want to delegate the role to.
Click the Calendar buttons to select the beginning and end dates when the delegation will be effective.
Click Submit Request(s).
View requests that you have submitted
You can see a list of requests that you have submitted, including the user that you made the request for (the beneficiary), the number of items in the request, and the completion percentage of the request, as well as other details. You can view all requests that you have submitted, or you can search for a set of requests that match a search string.
To view requests that you have submitted
In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Manage Users tab.
Click Status Request.
On the Status request page, type a search string in the box, and then click the Search button.
Tip
To list all of your requests, leave the search box empty.
Click an item in the list to see more information about the status of the item.