Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (Microsoft)
  • When: 11 May 2012 3:47 PM
  • Last revision by (8MVP, Microsoft Partne)
  • When: 11 May 2012 6:19 PM
  • Revisions: 2
  • Comments: 1
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  TROUBLESHOOTING: Group Administrator gets Access Denied when attempting to Add/Remove a member from a group they do not own

TROUBLESHOOTING: Group Administrator gets Access Denied when attempting to Add/Remove a member from a group they do not own

TROUBLESHOOTING: Group Administrator gets Access Denied when attempting to Add/Remove a member from a group they do not own

Table of Contents



OVERVIEW / PURPOSE
The purpose of this article is to explain the problem / cause / resolution of why we might get an Access Denied when a Group Administrator attempts to Add/Remove a member from a group they do not own.
 

PROBLEM STATEMENT 
You are attempting to setup the FIM Portal so that Group Administrators have the ability to Add/Remove Members to a group that they do not own.  In testing the process you receive an Access denied



You click [Details] to explore more information on the error message.  You notice that the Request Workflow Remarks produces a more detailed message.

Request Workflow Remarks: The request included members which the requestor is not authorized to add and/or remove from this group.
 

CAUSE
The reason this happens, is because the request fires an Authorization Workflow that is controlled by 1 or 2 Management Policy Rules (MPRs).
  • Group management workflow: Validate requestor on add member to open group
  • Group management workflow: Validate requestor on remove member

If you investigate these MPRs you will see that the Requestor is the All Non-Administrators Set.  The All Non-Administrators Set is All FIM Users that are not a FIM Administrator.  This would include Group Administrators. 

 

RESOLUTION
 To resolve the issue, you will need to update the All Non-Administrators Set.  You can find the steps to do this here.
 

SEE ALSO
, , , , , , , , [Edit tags]
Leave a Comment
  • Please add 4 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 1 (1 items)