FIM CM permissions
Permissions for FIM CM are set in five different places, sometimes making it hard to troubleshoot permission errors. On the other hand, the granular permission model makes it possible for a granular policy to be defined.
If, for example, you have a policy that managers in the USA should only be able to issue Smart Cards for consultants in the USA but not in Europe, you can do so.
Service Connection Point
The Service Connection Point , SCP, permissions determine whether a user is assigned a management role in the FIM CM deployment.
When you run the configuration wizard, the SCP is decided but the default is the one shown in the following figure:
If a user is assigned any of the FIM CM permissions available on the SCP, the administrative view of the FIM CM portal will be shown.
The FIM CM permissions are defined on Microsoft Technet, http://aka.ms/FIMCMPermissions. For your convenience, I have copied parts of the following information:
FIM CM Audit: Generates and displays FIM...