Hi All,
I've got this requirement that when I first heard it thought would be quite simple but it's turned out not so easy. I'm trying to set up configuration so that a user in the FIM Portal when viewing their own details can click on the hyperlink in the Manager attribute and see their Managers details. This is simple if you just allow all users to read all attributes of all users but the requirement states that users should not be able to read all others, just themselves and their Manager. The problem is that there is no way to target relative to the requestor.
I've thought about adding a new attribute on user called something like "Manages" that would contain users the user manages and use a WF to populate this attribute from Managed By effectively reversing the reference then it's possible to use a relative requestor MPR that points at the new Manages attribute. But this seems like waaay too much overhead for something that seems so simple. Are there any other approaches I could take here?