Permissions for FIM CM are set in five different places, sometimes making it hard to troubleshoot permission errors. On the other hand, the granular permission model makes it possible for a granular policy to be defined.
If, for example, you have a policy that managers in the USA should only be able to issue Smart Cards for consultants in the USA but not in Europe, you can do so.
The Service Connection Point , SCP, permissions determine whether a user is assigned a management role in the FIM CM deployment.
When you run the configuration wizard, the SCP is decided but the default is the one shown in the following figure:
If a user is assigned any of the FIM CM permissions available on the SCP, the administrative ...