A previous post introduced you to Microsoft Identity Lifecycle Manager "2"'s concept of policy. We provide a user interface for managing and creating policies. Here are some screenshots stepping through the process of creating a policy to allow users to read any information about themselves (which may or may not be a policy that you would want to create).
This shows the list of all policies:
The first page of the policy wizard is shown here. On this page, one gives one's policy a name, and indicates whether or not this will be a policy that grants permissions:
On this page, I have indicated that I want to create a policy that applies to all full-time employees. That is, to everyone in the set of full-time employees. I have also said that my policy defines what those folk can read.
On this page, I express the idea that my policy allows full-time employees to read information about themselves, and I choose to say that I am allowing them to read any information about themselves, and not just the information contained in specific attributes:
This next page would allow me to trigger the execution of Windows Workflow Foundation workflows in response to requests covered by my policy:
The last page of the wizard summarizes the new policy that I am about to submit: