"IsHiddenFromRequester" in user template doesn't work

Question

Hello, everybody,

Employees should be able to request new user accounts via the ARM web interface.
For this I have built a template with all necessary LDAP attributes.

Some LDAP attributes should not be visible for the requesters.
Data owners and admins - the approvers - should be able to edit all LDAP attributes (even the hidden ones) on demand.

I assumed that the "IsHiddenFromRequester" parameter should be suitable for this.
Unfortunately, if I set it to "true", the corresponding LDAP attributes will still be displayed to the requester.

Is this a known problem or am I doing something wrong?
We use Access Rights Manager 2019.4.0.129.

Thanks,
Jonas

Edit:

The parameter "IsHiddenFromRequester" must not be under "Definition", but must be set before it.
Then the corresponding attributes are hidden.

Unfortunately, the attributes cannot be edited by the approver because they are also hidden here.

Does anyone know a solution for this?

The parameter "IsHiddenFromRequester" also does not work with Exchange attributes.
I would like to hide the selection of the Exchange database so that the approver decides in which database the new mailbox is stored, not the requester.

Is this somehow possible?

Greetings,
Jonas

jwolff · Answer

Hi Bjoern,

thank you very much for your answer.

Our Exchange server manages two accepted Domains.

For one of these domains we have four databases, for the other one eight.

The only difference is whether you want to create a new mailbox in one or the other domain.
Besides, there is no clear specification in which database a new mailbox should be created.
We primarily use the database in which the most space is available.

I guess we only have the possibility to display the database selection to the requesters and then select the correct database as the approver?

Nevertheless, thank you very much!

Greetings
Jonas

bjoern-cusatum · Answer

The template is basically the blueprint for the WebUI to generate the form, that's why the approvers/admins don't see the attributes when editing the request.

The mailbox part, afaik, does currently not support this parameter. How are your mailboxes split over the databases? Is there maybe a rule which can be applied by creating multiple templates with each having the correct database selected?