Assign an IOM custom role to a user in OIM 11 g R2

Similar Questions

• How to get the IOM Admin roles for a user using API

  Hi all
  
  I'm trying to get the roles of administrator to a user by using the API. I'm using the code below, but it is returning null, even if the user has two Admin roles...
  
  private void getUserAdminRoles (String userID)
  {
  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  The list < customer > a = ars.getAdminRolesForUser (userID, null);
  System.out.println ("*" + a.size ());
  }
  
  Thanks in advance

  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  List = ars.getAdminRolesForUser (userID, null);
  System.out.println ("*" + a.size ());

  Go to take instead of the user name.

• Assign a role to a user already created

  Hi experts,
  
  I created a rule, a role, a strategy of access and every time I have to create a new user of the access policy is properly triggered and appropriate resources are properly assigned.
  If I manually assign a role to a user, IOM provisions automatically objects associated with the role.
  The problem is that all users created before the creation of the role, do not belong to the role: what should I do to give the role to all users?
  
  Thank you

  1 create an access policy and audit indicator change see details below

  #If renovation flag is set for the policy

  These assessments do not immediately occur after the action. Instead, they occur during the next run to evaluate the schedule task user policies. Evaluations can occur in the following scenarios:

  * Definition of strategy is updated so that the indicator adaptation is defined on IT. Policies are evaluated for all users there.
  * A role is added or removed from the definition of the policy. Policies are evaluated only for roles that is added or removed.
  * A resource is added, deleted, or the flag value revoke if no. Longer applies is changed for the resource. Policies are evaluated for all users there.
  * When the policy data are updated or deleted. This includes data form of the mother and the child. Policies are evaluated for all users there.

  2. a way to do this is to write a scheduled task and using the API assign the role of the user
  Check below link
  http://docs.Oracle.com/CD/E14571_01/doc.1111/e14309/spmlapi.htm
  Article 29.3

• Code examples need to assign the admin role to a user

  I'm looking for a sample code snippet assign administrative roles to a user.
  
  Help, please.

  Try this.

  Private Sub (String userLogin, String roleName) {} assignAdminRole
  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  Client caches = ars.getAdminRole (roleName);
  Arm AdminRoleMembership = new AdminRoleMembership();
  arm.setAdminRole (pine);
  arm.setUserId (getUserKey (userLogin));
  arm.setScopeId("3");
  arm.setHierarchicalScope (false);
  ars.addAdminRoleMembership (arm);
  }

  private String getUserKey (String userLogin) {}
  Take string = null;

  Try
  {
  UserManager usrService = oimClient.getService (UserManager.class);
  User user = usrService.getDetails ("User Login", userLogin, null);
  = Take user .getAttribute ("usr_key") m:System.NET.SocketAddress.ToString ();
  }
  catch (Exception e) {}
  e.printStackTrace ();
  }
  System.out.println ("user key =" + take);
  Return take;
  }

• Grant a role to a user using API in GR 11, 1 IOM material

  Friends,
  
  Could you please provide me with some snippet of code to configure a role to a user using API in IOM - R1?
  
  Thank you
  Vetri

  Try this code.

  public void GrantRole (String userLogin, String roleName) {}
  Try
  {
  Take string = getUserKey (userLogin);
  String roleKey = getRoleKey (roleName);

  RoleManager roleMgr = oimClient.getService (RoleManager.class);
  UserKeys value = new HashSet();
  userKeys.add (take);
  Result = roleMgr.grantRole (roleKey, userKeys) RoleManagerResult;
  System.out.println("Status:"+result.getStatus());)
  }
  catch (Exception e) {}
  e.printStackTrace ();
  }
  }

  public String getRoleKey (String roleName)
  {
  String roleKey = null;
  Try
  {
  RoleManager roleMgr = oimClient.getService (RoleManager.class);
  The list of roles = null;
  Criteria of SearchCriteria = null;

  criteria = new SearchCriteria (RoleManagerConstants.ROLE_NAME, roleName, SearchCriteria.Operator.EQUAL);

  roles = roleMgr.search (null, null, criteria,);
  roleKey = (String) roles.get (0) .getAttribute (RoleManagerConstants.ROLE_KEY);
  }
  catch (Exception e) {}
  e.printStackTrace ();
  }
  Return roleKey;
  }

  public String getUserKey (String userName) throws Exception
  {
  UserManager usrService = oimClient.getService (UserManager.class);
  User user = usrService.getDetails ("User Login", username, null);
  String = take user .getAttribute ("usr_key") m:System.NET.SocketAddress.ToString ();
  Return take;
  }

• Assignment of roles to the user when creating the user

  Hi all
  
  I gave a roll deposited (< dsp:input bean = "ProfileFormHandler.value.roles.role" maxsize = "30" size = "30" type = "text" / > on the registration page.) After registration, each field in db except role (table dps_role).
  Pls let me know what I am doing wrong.
  
  Thank you

  You should not assign roles to the user as 'ProfileFormHandler.value.roles.role' of 's profile. You can link formhandler property to which you can pass the name or id of the role that you want to assign role assignment must always route through safety ATG API in order to properly update the mappings of Homeland Security. Because of these dependencies, you should not try the role of simply call profile.setPropertyValue ('roles',...) The code cannot fail this way, but if you assign the role in this way then it may not work as expected when checking for role based privileges. Here's one possible way to do it:

  1. in your file properties formhandler declare a dependency on the directory of the default user, which by default points to the profile database:

  userDirectory = / atg/userprofiling/ProfileUserDirectory

  So, in the form Manager, you declare corresponding setUserDirectory() and getUserDirectory().

  2 then in the formhandler, get the DirectoryPrincipal objects associated with the user profile and the role you want to assign and then assign the role to the user:

  import atg.userdirectory.UserDirectory;
  import atg.userdirectory.DirectoryPrincipal;
  import atg.userdirectory.User;
  import atg.userdirectory.Role;
  import atg.userdirectory.DirectoryModificationException;
  
  import java.util.Collection;
  import java.util.Iterator;
  
  ..
  ..
  
  private boolean assignRoleToUser(String roleName, String userId) {
  
    UserDirectory userDirectory = getUserDirectory();
    DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
    DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);
  
    User user = (User)userPrincipal;
  
    Collection collection = userDirectory.getRoles();
  
    boolean status = false;
  
    Iterator iter = collection.iterator();
    while(iter.hasNext())
    {
      Object obj = iter.next();
      if(obj instanceof Role) {
        Role role = (Role)obj;
        if(roleName.equals( role.getName() ) && user!=null) {
          try {
            status = user.assignRole(role);    //will return true if the role was added otherwise false
          }
          catch (DirectoryModificationException e) {
         //handle exception
          }
          break;
        }
      }
    }
    return status;
  }
  

  In the code above 'roleName' parameter is the name of the role to be assigned to the profile with the id as "userId". If you want to do the role assignment when creating the user, then you can do the things above in postCreateUser() so that you can get the Principal associated with the profile. For more information about the interfaces and classes used here, you can refer to the documentation of the API of the ATG.

  http://docs.Oracle.com/CD/E26180_01/platform.94/APIDoc/ATG/userDirectory/package-summary.html

• How to divide the request to assign a role to multiple users in several.

  Hello
  
  While we are assigning a role to multiple users OIM11g at the same time, demand has cut several queries to get approved by the Manager of beneficiaries. Please let us know ways to apply the composite to divide the application.

  Why two separate approval process? Instead of two only have a license deal with assignment of dynamic loop based Manager of beneficiary to the owner of the role, and attach it to the level of the operation and you should be good (with auto level template and request approval).
  The child requests are generated only at the level of the operation and NOT to any two previous levels. It is the engine of the application for you.

  -BB

• Change the role of the user once authenticated LDAP authentication

  Hi forum,
  
  I do know that if it is possible, I have not found a solution so far
  
  I have a simple web application with LDAP authentication. We would like to use LDAP for authentication and store the information of user roles in the database. After authentication, LDAP assigns the role of "guest" to the user and the home page (the only page available for this role) is displayed.
  
  In this home page, the user must select a profile (the same user can have multiple profiles) in a list retrieved from the database. The profile of each user has an associated role. After selection, we want to change the role of the user "guest" to the role associated with the selected profile.
  
  I don't think that implementation of a custom plug-in fits my needs because the role assignment requires the participation of the user.
  
  Any suggestions?
  
  Thanks in advance,
  
  Tatiana.

  Hello

  Well, the problem is that you need to change the subject of the user authenticated, who's a JAAS thing to do. The only way this can work is indeed use a custom LoginModule and then access the user object to add a security principal that represents the role you want to add.

  Frank

• Remove custom roles that are not in use

  I have a bunch of custom roles, I have created and not any user permissions.

  I want to automate the removal of roles (I'll submit a CSV with the list of roles and use Remove-ferrule) along with a check that confirms that the role is not in use. Is there a check available cmdlet/script that the role is not in use.

  I used PowerCLI 4.0 U1 208462

  Try something like that.

  When you are sure that the correct roles are selected for deletion, remove the WhatIf parameter.

  $hashTab = @{}
  Get-VIRole | %{
    $hashTab.Add($_.Name,$_)
  }
  Get-VIPermission | %{
    $hashTab.Remove($_.Role)
  }
  
  $hashTab.GetEnumerator() | where {!$_.Value.IsSystem} | %{
    Remove-VIRole -Role $_.Value -Confirm:$false -WhatIf}
  

• Revoke ROLE on the user table

  Hi team,

  I'm trying to revoke grant on the user table

  The Sub statement gives error saying

  [code]

  REVOKE < role_nm > on < a.table_nm > to < b.user_nm >

  Error: ORA 00990: missing or invalid privilege

  [/ code]

  But the following works fine

  [code]

  REVOKE ALL ON < a.table_nm > to < b.user_nm >

  [/ code]

  Please suggest me to revoke the grant on the user table

  Smile says:

  [code]

  REVOKE on of

  Error: ORA-00990: missing or invalid privilege

  [/ code]

  A GRANT on table is assigned to a ROLE and that ROLE is assigned to the USER. So when you want to REVOKE a specific GRANT what is assigned to a user by ROLE. You must REVOKE any ROLE to the user or REVOKE the GRANTING OF THE ROLE.

• WS SPML IOM customer number

  Hello...
  
  I created a WS SPML for IOM customer with eclipse and apache CXF. On execution of the AddRequest operation for a user, I get the following error: UNSUPPORTED_EXECUTION_MODE.
  
  Reading oracle documentation, I understood that this is the error when a synchronization service is called asynchronised mode, but I don't know how to change the mode of the code before calling for service.
  
  Please let me know if you have encountered a similar situation...
  
  
  
  Thank you...

  Import oracle.iam.wsschema.model.spmlv2.core.AddRequestType;
  Import oracle.iam.wsschema.model.spmlv2.core.ExecutionModeType;
  Import oracle.iam.wsschema.model.common.pso.ProvisioningObjectType;
  Import oracle.iam.wsschema.model.common.pso.ProvisioningObjectType;

  ...
  ...
  ...

  SPMLService ss = new SPMLService (wsdlURL, service_name);
  SPMLRequestPortType port = ss.getSPMLServiceProviderSoap ();

  Pot of ProvisioningObjectType = new ProvisioningObjectType();
  pot.setIdentity (user);

  Art AddRequestType = new AddRequestType();
  art.setExecutionMode ( ExecutionModeType.ASYNCHRONOUS ) ;// or replace SYNCHRONOUS, according to your need
  art.setData (pot);
  AddResponseType response = port.spmlAddRequest (art);

  If it is useful or appropriate, please mark accordingly and also mark the answer question so that others can also benefit.

• user belongs to a domain and user does not belong to the local administrator or power users groups, or any custom group and the user is not part of the domain administrators group, but user show that it is admin

  WinXP
  user belongs to a domain and user does not belong to the local administrator or power users groups, or any custom group and the user is not part of the domain administrators group, but user show that it is admin

  I did a gpupdate/force and restart twice PC
  Yet, user indicate it is always admin when we right click on Start menu and see the possibility to open all users

  Hi elena_ad,

  Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the public on the TechNet site. Please post your question in the below link:

  http://social.technet.Microsoft.com/forums/en/winserverManagement/threads

• What is the role that the user points?

  What is the role that the user points? Who can tell me

  Reoddy

  You will find the information here:

  http://en.community.Dell.com/Dell-groups/new-to-community/f/3511/t/19566154

  Bev.

• Gets the expiration of user password, any OOTB/task in IOM which disables / deletes the user automatically.

  In IOM after expiration of the user password gets after certain number of days, is there any task/project OOTB in IOM which disables / deletes the user automatically.

  Thank you

  We had to write our own task to disable the user after than XX days since

  password expiration (r2ps2)

• How to assign a creative cloud license to a user name

  How to assign a creative cloud license to a user name? I can't get through to anyone useful adobe - they are all very polite but not very useful. Adobe are all to take your money, but not for providng any service.

  You have not provided enough information, if you have a mind-specific agreement.  Otherwise, sign this user for their own subscription and organize the system of payment for them.