5 Minute FIM Hacks: Hiding the "New" and "Delete" User Buttons

This is the third in a series of posts we’ll be calling “5 Minute FIM Hacks”. The purpose of these posts will be to provide quick and simple tips and tricks for customizing FIM to make it perform better or be easier to use.

 

In today’s 5 Minute FIM Hack, we’re going to look at hiding the “New” and “Delete” user buttons from normal (non-administrative) users. The natural question here is “why?”. The answer is if I, as a regular user, access the FIM portal to update my own attributes, I will see buttons for “New” and “Delete”. Being somewhat over-zealous (and tired of waiting on the IT department), I decide I can create an account for one of my new employees/coworkers. I click “New”. I spend a few minutes inputting all of their information. Finally, on the last step, I click “Submit” only to receive the following:

Not understanding what is going on, I click on “View Details” and see:

This spawns a call to my Help Desk to open a ticket. After all, if I don’t have permission to create a new account, why do I have a button that says “New”? After the friendly person on the Help Desk explains that I do not, in fact, have the ability to create and delete users, I’m still left asking the question, “then why do I have the buttons to (seemingly) allow me to do so?”.

 

Rather, as an administrator, why not hide the buttons, remove the temptation and avoid the whole thing? While there are several ways to do so, much of the documentation available online details creating a custom search scope. However, there is a simpler way of doing this by changing set membership. To begin, navigate to “Sets”:

In the “Search for:” box, type “user” and click the magnifying glass.

 

Click on the “User Administrators” set to open it. Next, click on the “Criteria-based Members” tab. Here we see the default criteria:

Click on “Add Statement”. In this scenario, I have selected “Resource ID” “in” “Administrators” (where “Administrators” is a set).

 

 

Rather than the “Administrators” set, this could be a set you’ve created (such as “HR”, “Help Desk”, etc.).

 

To finish, click “Submit”.

 

On the service portal server, open an elevated command prompt and type “iisreset”.

Now, as a regular user (not a member of the chosen set), when we click on “Users” in the portal, we see:

 

 

Questions? Comments? Love FIM so much you can't even stand it?

EMAIL US>WE WANT TO HEAR FROM YOU!<

 

## https://blogs.msdn.com/connector_space # #

Comments

• Anonymous
  January 22, 2015
  Thanks! this worked like a charm without creating any search scope and customizing it. However I am also looking for the configuration to hide the NEW button from Distribution List tab. Thanks in Advance. HW

• Anonymous
  January 23, 2015
  Using Search scopes would be the only supported method for removing "HIDE" the new button for Group Management

• Anonymous
  January 25, 2015
  HW, Anthony is referring to the method Bob Tucker briefly outlines in this post: social.technet.microsoft.com/.../fim-portal-disable-create-user-button There is another article about it with more detail here: social.technet.microsoft.com/.../2139.how-to-remove-new-delete-and-other-buttons-from-fim-portal-pages.aspx -Andrew

• Anonymous
  November 17, 2017
  it hides for administrators too.. tried on mim 2016 version 4.4.1642