Assign a role to a user already created

Similar Questions

• Assignment of roles to the user when creating the user

  Hi all
  
  I gave a roll deposited (< dsp:input bean = "ProfileFormHandler.value.roles.role" maxsize = "30" size = "30" type = "text" / > on the registration page.) After registration, each field in db except role (table dps_role).
  Pls let me know what I am doing wrong.
  
  Thank you

  You should not assign roles to the user as 'ProfileFormHandler.value.roles.role' of 's profile. You can link formhandler property to which you can pass the name or id of the role that you want to assign role assignment must always route through safety ATG API in order to properly update the mappings of Homeland Security. Because of these dependencies, you should not try the role of simply call profile.setPropertyValue ('roles',...) The code cannot fail this way, but if you assign the role in this way then it may not work as expected when checking for role based privileges. Here's one possible way to do it:

  1. in your file properties formhandler declare a dependency on the directory of the default user, which by default points to the profile database:

  userDirectory = / atg/userprofiling/ProfileUserDirectory

  So, in the form Manager, you declare corresponding setUserDirectory() and getUserDirectory().

  2 then in the formhandler, get the DirectoryPrincipal objects associated with the user profile and the role you want to assign and then assign the role to the user:

  import atg.userdirectory.UserDirectory;
  import atg.userdirectory.DirectoryPrincipal;
  import atg.userdirectory.User;
  import atg.userdirectory.Role;
  import atg.userdirectory.DirectoryModificationException;
  
  import java.util.Collection;
  import java.util.Iterator;
  
  ..
  ..
  
  private boolean assignRoleToUser(String roleName, String userId) {
  
    UserDirectory userDirectory = getUserDirectory();
    DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
    DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);
  
    User user = (User)userPrincipal;
  
    Collection collection = userDirectory.getRoles();
  
    boolean status = false;
  
    Iterator iter = collection.iterator();
    while(iter.hasNext())
    {
      Object obj = iter.next();
      if(obj instanceof Role) {
        Role role = (Role)obj;
        if(roleName.equals( role.getName() ) && user!=null) {
          try {
            status = user.assignRole(role);    //will return true if the role was added otherwise false
          }
          catch (DirectoryModificationException e) {
         //handle exception
          }
          break;
        }
      }
    }
    return status;
  }
  

  In the code above 'roleName' parameter is the name of the role to be assigned to the profile with the id as "userId". If you want to do the role assignment when creating the user, then you can do the things above in postCreateUser() so that you can get the Principal associated with the profile. For more information about the interfaces and classes used here, you can refer to the documentation of the API of the ATG.

  http://docs.Oracle.com/CD/E26180_01/platform.94/APIDoc/ATG/userDirectory/package-summary.html

• How to divide the request to assign a role to multiple users in several.

  Hello
  
  While we are assigning a role to multiple users OIM11g at the same time, demand has cut several queries to get approved by the Manager of beneficiaries. Please let us know ways to apply the composite to divide the application.

  Why two separate approval process? Instead of two only have a license deal with assignment of dynamic loop based Manager of beneficiary to the owner of the role, and attach it to the level of the operation and you should be good (with auto level template and request approval).
  The child requests are generated only at the level of the operation and NOT to any two previous levels. It is the engine of the application for you.

  -BB

• Assign an IOM custom role to a user in OIM 11 g R2

  Hello world

  I created a role whose type is "IOM roles."

  Given that this role should not be assigned per catalog.

  This is not seen on the catalog.

  When I opened the details of this role, I can't assign this role to a user directly.

  How can I assign this role to a user?

  Thank you.

  Best regards.

  Rather than defining the category as the roles of the IOM, you can set the IS_REQUESTABLE flag to 0 in the table of the CATALOGUE on the IOM scheme that will not display the item in the catalog, but it can still be assigned to the users.

  -xelsysadm

• Code examples need to assign the admin role to a user

  I'm looking for a sample code snippet assign administrative roles to a user.
  
  Help, please.

  Try this.

  Private Sub (String userLogin, String roleName) {} assignAdminRole
  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  Client caches = ars.getAdminRole (roleName);
  Arm AdminRoleMembership = new AdminRoleMembership();
  arm.setAdminRole (pine);
  arm.setUserId (getUserKey (userLogin));
  arm.setScopeId("3");
  arm.setHierarchicalScope (false);
  ars.addAdminRoleMembership (arm);
  }

  private String getUserKey (String userLogin) {}
  Take string = null;

  Try
  {
  UserManager usrService = oimClient.getService (UserManager.class);
  User user = usrService.getDetails ("User Login", userLogin, null);
  = Take user .getAttribute ("usr_key") m:System.NET.SocketAddress.ToString ();
  }
  catch (Exception e) {}
  e.printStackTrace ();
  }
  System.out.println ("user key =" + take);
  Return take;
  }

• Assign the role automatically to newly created users

  Hello everyone

  We have a requirement in OIM 11 g R1 where whenever a new user is created (it can be manually or through reconciliation), a specific role shall be automatically allocated to him.

  Can someone provide me with documentation (or) some examples on how to do it? After some research, I realized that the best method is to create a preprocessor Manager that will affect the role. Any suggestions or some blogs will be greatly useful.

  Thanking you

  Sam

  You can create a role in the IOM based on the attribute of the user. Let's say that you want to assign the user a role based on its location. Then you must create multiple roles, such as: US, CA, IN... Then, for each role, you assign a rule for membership

  Country == "". IOM automatically check the attribute of the user's country and affect a relevant role.

• Ask local users and creates local users

  I am trying to automate the creation of a Local user in ESXi using the Perl SDK.

  I know how to extract a list of users with permissions to the host.

  My $userAccounts = $authorizationMgr-> RetrieveAllPermissions;
  for my {$user (@$userAccounts)}
  If ($user-> eq main $add_user) {}
  # The user exist
  If ($user-> roleId = $add_roleId) {}
  Print "user already exists with correct role, OK\n";
  Exit 0
  } else {}
  Print STDERR "user exists but with wrong roleId.\n";
  Print STDERR "request for role = (". ")" $add_role. (''), got (";"
  {for(@$roleList)}
  If ($user-> roleId eq $_-> roleId) {}
  Print STDERR $_-> name. ») \n » ;
  }
  }

  Exit 1;
  

  }
  }
  }

  But it is possible for an account to be included in the local users and groups, but not have any assigned permissions.

  Does anyone know how query if the local account exist? In vSphere Client when connected directly to a host of local users and groups tab displays this info, I am lookling access in Perl.

  Also I was trying to create a local user account and have no chance

  Code:

  My $accountManager = Vim::get_view (mo_ref = > $service_content-> contact).
  $accountManager-> CreateUser (user = > {id = > 'Inventory2', password = > "aBc!}) ({56hh', description = > 'Inventory2'});

  Output:

  Should HostAccountSpec for the argument of the 'user '. (eval 17) line 100
  VimService::get_arg_string ('HASH (0x1f49c160)', 'user', 'HostAccountSpec') called at (eval 17) line 132
  VimService::build_arg_string ('ARRAY (0x1f085fc0)', 'HASH (0x1f085f40)') called at (eval 17) line 4163
  VimService::CreateUser ('VimService = HASH (0x1f214220)', '_this', 'ManagedObjectReference is HASH (0x1f2db240)', 'user', 'HASH (0x1f49c160)') called at /usr/lib/perl5/5.8.8/VMware/VICommon.pm line 1693
  ViewBase::invoke ('HostLocalAccountManager = HASH (0x1f49c760)', 'CreateUser', ' user', 'HASH (0x1f49c160)') called at (eval 36) line 4
  HostLocalAccountManagerOperations::CreateUser ('HostLocalAccountManager = HASH (0x1f49c760)', 'user', 'HASH (0x1f49c160)') called at vmware_user_add.pl line 151

  I think I made a stupid mistake by calling the method.

  Thanks for any help you can give.

  -Daniel

  To list the users, you must use the managed object userDirectory rather http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.wssdk.apiref.doc%2Fvim.UserDirectory.html and use RetrieveUserGroups

  Joint a quick example is called listUsers.pl

  VI-admin@vMA51:~ >./listUsers.pl--vesxi51-1--username root of the server
  Enter the password:
  Name: administrator
  Group: 0
  Main: root

  Name: DCUI user
  Group: 0
  Main: dcui

  Name: Account administration VMware VirtualCenter
  Group: 0
  Main: vpxuser

  Name: ESXi user
  Group: 0
  Main: vslauser

  Name: william
  Group: 0
  Principal: william

  For your CreateUser() method, you do not pass in the type of such expect property indicated in the reference on the http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.wssdk.apiref.doc%2Fvim.host.LocalAccountManager.AccountSpecification.html API, which is a HostAccountSpec of vSphere

  It should be:

  My $userSpec = HostAccountSpec-> new (id-online 'Inventory2', password-online "aBc! 56hh", description =>"Inventory2");

  $accountManager-> CreateUser (user-online $userSpec);

  The QAnywhere vSphere is your friend

  Good luck

• Assigning the role of system administrator

  I am able to create tenants using the SSO account (Administrator @vsphere.local). Is there a way to create the other users or LDAP/AD groups for the System Administrator role account

  Unfortunately, that won't work. I went through a lot of tests on this and in the current versions, there is no way to assign the system administrator role to another user.

  Grant

• Assignment of roles Admin in OIM11gR2 using the API

  Hi guys,.
  
  We have a requirement to assign administrator privileges to users (depending on their level of employment) in GR 11, 2 IOM to provide admin access on the Organization (in terms of create users, application roles, update users to view users, etc). We plan to leverage Admin roles available to the title of the Organization in GR 11, 2 IOM for this. But we found no API to assign these administrator roles to users using code custom. Kindly help.

  Try the code below

  AdminRoleService EI = oimClient.getService (AdminRoleService.class)
  Client caches = ars.getAdminRole (("OrclOIMEntitlementAdministrator");
  Arm AdminRoleMembership = new AdminRoleMembership();
  arm.setAdminRole (pine);
  arm.setUserId("5") - this is my user USR_KEY
  arm.setScopeId("4") - key organization under which users need to assign the role of the Admin
  arm.setHierarchialScope (false);
  ars.addAdminRoleMembership (arm);

  Let me know the result

• URM notification based on roles rather than users.

  When you configure URM there is possibility to assign a writer to the category and a critic of Notification for a provision. Unfortunately, two of them allow for individual users as far as we can tell. In addition, there is the role of RMAReviewers that seems to "notify" users that something has occurred, but there seems to be a break. Does anyone know how to assign the role of RMAReviewers (or any role) to the author or a reviewer Notification so anyone having this role will see the provisions assigned to this role in My Content Server pending / My documents assignments? As it is, that one user will actually see these provisions, unless they all click list.
  
  Thank you.

  So first up front, what you ask is not completely and cleanly as possible OOTB. You can get to the 'part' of the solution, but overall, it sounds a bit like an enhancement request.

  'RMAReviewers' is not a 'role', but simply an 'alias' with special meaning. It is a great distinction - impossible to assign users to an alias based on the membership of a group in AD/LDAP. (I do not think that Fishbowl offers such customization, but this isn't an OOTB scenario.) Adding a user to the alias is manual.

  URM11g, and then uses this alias to do two things - 1) send notifications to members of the alias and 2) control access to users who could potentially see the layout any list, treatment more so than just the items for which the user is directly responsible. As a general rule, such a group of users are admins of documents, so that they in theory should be able to see all the actions to come anyway. (But you might have a group of 25 records admins, with only 1 or 2 actually responsible for approvals other content not directly attributed to them. Put these 1 or 2 people in the alias then limited who can see and act on the global list).

  In AAU/URM, there is no concept of a group of 'own' a given object. It is always an individual user who has actually. (I don't see this change.) Given that the category is "owned" by an individual, you will only get the option to choose a user. The stage of notification is similar, where you can choose a user, rather than a group.

  So the just solution of 'Party' emphasis on the aspect of the notification. (In any case, you can use the option "list all the '.) If this additional button click is simply boring, create one link somewhere else for the complete list.)

  To report a group of people, you will need to create a generic user who will be the "author" / "owner" of the category. This user will also be an email address that is simply a group mailbox. When the Treaty system, it retrieves the generic user's e-mail address and send the mail. The mailbox of the group then just send a copy to all the people who are assigned to the mailbox of the group. In this way, everyone gets warned that action is necessary and can enter the system to act.

  Repeat the same process for the step of the notifier, except with another generic user.

  It certainly isn't the cleanest way, but probably as close as you will get OOTB.

• Assign the role, the Group initiated human when task

  Hi all
  Currently, what connection of the user to the BPM and create the new instance of the task, I can get the roles and this user by programming groups. I want to assign roles to user for this task instance dynamically when the user click on the "SUBMIT" button (because I want to limit the users belong role are able to perform this task, each user belongs to a role and group can do).
  
  Help someone?
  
  Thank you.

  Hi Ming
  1. If you want to catch all the Actions a task as Save, Submit, approve, reject etc., you can create your own class as MyAppTaskValidationCallback that implements oracle.bpel.services.workflow.task.ITaskValidationCallback and in it, overwrite a method named validateTaskOperation (bunch of parameters). To do this, see API.

  In this method, you can get the action performed on the task. You can also get the full charge of the task, including your custom load and the stuff of task standard payload as history, attachments, comments etc. You can write simple XML parser utility methods to get and set attributes in the payload xsd schema. So in your case, in this method, get roles, groups of the logged in user. Verification of the action. If it is not authorized to perform this operation, remove the error of this method. Otherwise, continue your logic. Create first class java as above, add this code snippet and explore data.

  Now, just curious. If your condition is really for control actions based on role/user groups, have you tried to use the output of the features and to avoid this custom logic. Say for the BPM Applications, we have the corridors / roles. Only users belonging to that role, can work on this task. Try to use tricks box as much as possible, unless you really need custom logic of assignment.

  Thank you
  Ravi Jegga

  The code snippet to get an idea just to give. But refer to the API online for more information.

  public void validateTaskOperation(ITaskValidationCallback.TaskAction taskAction, IWorkflowContext iWorkflowContext, Task task, Map parameters, Locale locale, List errors) {
  try {
    Element taskPayload = task.getPayloadAsElement();
    String taskTitle;
    String taskOutcome;
    SystemAttributesType taskSystemAttributes = task.getSystemAttributes();          
  
    taskTitle = task.getTitle();
  
    System.out.println("MyAppTaskValidationCallback::validateTaskOperation() Begin For TaskTitle: " + taskTitle + " -> TaskAction: " + taskAction + " -> Parameters:\n" + parameters);
  
    if(taskAction == TaskAction.ACQUIRE) {
        System.out.println("Inside ACQUIRE");
        //parameters.put("AcquiredBy", iWorkflowContext.getUser());
    } else if(taskAction == TaskAction.OUTCOME_UPDATE) {
      System.out.println("Inside OUTCOME_UPDATE");
    }
  } catch (Exception anException) {
    anException.printStackTrace();
  }
  }
  

• Change the printer to an email you have already created on connected HP?

  Whenever I re - install the drivers / software for my 7510 Photosmart all-in-one, as the time where to find a new PC or reinstall Windows, I have to go into HP connected on the web and 'add a device '. After that, it makes you choose an email address to assign to your printer. From what I see, you cannot use a printer e-mail address that you already created.  And you cannot go back connected HP and change the email of your printer that you already created - it gives you a "taking" error (Well, of course it is taken - by me!)

  See picture attached for clarification.

  Of course, I tried to submit a request for assistance and sent an e-mail after that my product is out of warranty, I knew, but connected HP is relatively new and this seems to be a bug, unless I'm missing something.

  Thanks for any info, someone has.

  

  Sorry, found my response on another thread - except connected HP is referred to as ePrint...

  Could not find a way to remove this post.

• How to prevent the user to create the 'analysis' and 'dashboard '?

  We have a requirement that is to restrict the user create new 'analysis' and 'dashboard '. As we know when the connection ' host: port / analytical, in the top of the page there is a drop down list of 'New' where users can create new 'analysis' and 'Dashboard', how to set up the privilege to disable the option 'Analysis' and 'dashboard '?

  OBIEE version: Oracle Business Intelligence 11.1.1.7.0

  Thank you
  Jinbo

  Summary:

  1 set the "New Menu" permission in the 'home page and Header' refusal, then the 'New' menu will disappear from the top right of the page, which prevents the user to create dashboards and new anlysis

  2. in order to not allow the user to modify the catalog, set the permission of "access user interface of the catalogue"in the ' welcome and header' to refuse."

  3. even made 1 and 2, we have always have a path that the user can create new report, it's "House"menu." To avoid this, our method is to set the explicit right to catalog for the application role.

  Thank you
  Jinbo

• You are not allowed to add the e-mail address of your account and user already exists

  Hi Experts,

  My SAP CLM (Contract Lifecycle Management) System integrated system of Echosign by SAP itself and we test the functionality.

  Everything works fine and I am able to send documents to the signature of the CLM system and the beneficiaries are able to sign the document and even get all historical information and the status of it.

  But I am facing problems below 2 cases,

  1. for a particular user, whenever the user sends the document to the signature, we get the error:-"you are not allowed to add that e-mail address to your account.

  2. for another user,who already have created account itself, whenever the user sends the document to the signature, we get the error:- 'user already exists: [email protected]"" " ."

  
  

  For question 1, I googled and found the link the specified item was not found. , who seems to have the answer, but unfortunately, this link seems to be outdated.

  

  Any help would be great.
  

  Thank you

  Uday Chassagne

  Hi Uday,

  I sent you a message in response. Please check and provide the requested information.

  -Usman

• Revoke ROLE on the user table

  Hi team,

  I'm trying to revoke grant on the user table

  The Sub statement gives error saying

  [code]

  REVOKE < role_nm > on < a.table_nm > to < b.user_nm >

  Error: ORA 00990: missing or invalid privilege

  [/ code]

  But the following works fine

  [code]

  REVOKE ALL ON < a.table_nm > to < b.user_nm >

  [/ code]

  Please suggest me to revoke the grant on the user table

  Smile says:

  [code]

  REVOKE on of

  Error: ORA-00990: missing or invalid privilege

  [/ code]

  A GRANT on table is assigned to a ROLE and that ROLE is assigned to the USER. So when you want to REVOKE a specific GRANT what is assigned to a user by ROLE. You must REVOKE any ROLE to the user or REVOKE the GRANTING OF THE ROLE.