Skip to main content

Configure the ShoppingFor Mode for the IAM Shop

Administrators can leverage IAM Shop modes and visibility filters to configure various aspects of the IAM Shop. These configurations include restricting the scope of access to resources and limiting the number of users available for selection in the "Shop For" control. This article demonstrates how to configure and apply the ShoppingFor mode for the IAM Shop.

Procedure

To configure the ShoppingFor mode, follow these steps:

  1. Navigate to Visibility Restriction Policies
    On the navbar, expand Role Management and select Visibility Restriction Policies.

  2. Create a Visibility Restriction Policy
    On the Find Visibility Filters page, click the Create Policy tab. This opens the "Create a Visibility Restriction Policy" form.
    Create Policy Tab

  3. Complete the Policy Form

    • Assign Policy To: Select the type of assignee to whom the policy will be applied. Assignee types include:

      • Person
      • Group
      • Business Role and Location
      • Management Role
      • Management Role Definition
      • Query-Based Collection (SetGroup)

    • Enter a <Assignee Type> Name to Search: Enter the name of the specific assignee instance you want to target. For example, if you selected Management Role as the assignee type, search for and select the relevant Management Role. Note that <Assignee Type> is replaced by the selected assignee type in the form.

    • Object Type To Restrict: Select Person as the object type.

    • Assignment Type: Define the scope of the visibility restriction. For the "Shopping For" control, choose one of the following options:

      • Scoped At Location: Limits the visible users to those in the selected location and its sub-locations.
      • Target Group: Limits the visible users to members of the selected group.
      • Target Management Role: Limits the visible users to members of the selected Management Role.
      • Target Query-Based Collection: Limits the visible users to those in the selected collection.

    • Enter a <Target Assignee> Name to Search: Depending on the assignment type chosen, search for and select the specific instance. For example, if you selected Management Role, search for and select the relevant Management Role.

    • Priority: Enter a priority value for the policy. Lower values indicate higher priority, ensuring that users with multiple assignments receive the policy with the highest priority.

    • Mode: Replace "Default" with "ShoppingFor"

    • Enabled: Leave this option checked to enable policy enforcement immediately or uncheck it to disable the policy.

    In the example image below, the policy is assigned to a Management Role named "Docs-SA" and is restricted to people belonging to a group called "HDQ Sales." This configuration ensures that members of the Docs-SA Management Role can only shop for users who are part of the "HDQ Sales" group.
    Example Policy Configuration

  4. Click Save.

Expected Results

Policy assignees should only see people meeting the policy's conditions as users for whom they can shop. To verify this, sign in to the IAM Shop as a user assigned the policy and verify that no other users appear in the Shop For control of the IAM Shop.