Assignment of roles to the user when creating the user

Hi all

I gave a roll deposited (< dsp:input bean = "ProfileFormHandler.value.roles.role" maxsize = "30" size = "30" type = "text" / > on the registration page.) After registration, each field in db except role (table dps_role).
Pls let me know what I am doing wrong.

Thank you

You should not assign roles to the user as 'ProfileFormHandler.value.roles.role' of 's profile. You can link formhandler property to which you can pass the name or id of the role that you want to assign role assignment must always route through safety ATG API in order to properly update the mappings of Homeland Security. Because of these dependencies, you should not try the role of simply call profile.setPropertyValue ('roles',...) The code cannot fail this way, but if you assign the role in this way then it may not work as expected when checking for role based privileges. Here's one possible way to do it:

1. in your file properties formhandler declare a dependency on the directory of the default user, which by default points to the profile database:

userDirectory = / atg/userprofiling/ProfileUserDirectory

So, in the form Manager, you declare corresponding setUserDirectory() and getUserDirectory().

2 then in the formhandler, get the DirectoryPrincipal objects associated with the user profile and the role you want to assign and then assign the role to the user:

import atg.userdirectory.UserDirectory;
import atg.userdirectory.DirectoryPrincipal;
import atg.userdirectory.User;
import atg.userdirectory.Role;
import atg.userdirectory.DirectoryModificationException;

import java.util.Collection;
import java.util.Iterator;

..
..

private boolean assignRoleToUser(String roleName, String userId) {

  UserDirectory userDirectory = getUserDirectory();
  DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
  DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);

  User user = (User)userPrincipal;

  Collection collection = userDirectory.getRoles();

  boolean status = false;

  Iterator iter = collection.iterator();
  while(iter.hasNext())
  {
    Object obj = iter.next();
    if(obj instanceof Role) {
      Role role = (Role)obj;
      if(roleName.equals( role.getName() ) && user!=null) {
        try {
          status = user.assignRole(role);    //will return true if the role was added otherwise false
        }
        catch (DirectoryModificationException e) {
       //handle exception
        }
        break;
      }
    }
  }
  return status;
}

In the code above 'roleName' parameter is the name of the role to be assigned to the profile with the id as "userId". If you want to do the role assignment when creating the user, then you can do the things above in postCreateUser() so that you can get the Principal associated with the profile. For more information about the interfaces and classes used here, you can refer to the documentation of the API of the ATG.

http://docs.Oracle.com/CD/E26180_01/platform.94/APIDoc/ATG/userDirectory/package-summary.html

Tags: Oracle Applications

Similar Questions

Assign a role to a user already created
Hi experts,

I created a rule, a role, a strategy of access and every time I have to create a new user of the access policy is properly triggered and appropriate resources are properly assigned.
If I manually assign a role to a user, IOM provisions automatically objects associated with the role.
The problem is that all users created before the creation of the role, do not belong to the role: what should I do to give the role to all users?

Thank you
1 create an access policy and audit indicator change see details below

#If renovation flag is set for the policy

These assessments do not immediately occur after the action. Instead, they occur during the next run to evaluate the schedule task user policies. Evaluations can occur in the following scenarios:

* Definition of strategy is updated so that the indicator adaptation is defined on IT. Policies are evaluated for all users there.
* A role is added or removed from the definition of the policy. Policies are evaluated only for roles that is added or removed.
* A resource is added, deleted, or the flag value revoke if no. Longer applies is changed for the resource. Policies are evaluated for all users there.
* When the policy data are updated or deleted. This includes data form of the mother and the child. Policies are evaluated for all users there.

2. a way to do this is to write a scheduled task and using the API assign the role of the user
Check below link
http://docs.Oracle.com/CD/E14571_01/doc.1111/e14309/spmlapi.htm
Article 29.3

How to divide the request to assign a role to multiple users in several.
Hello

While we are assigning a role to multiple users OIM11g at the same time, demand has cut several queries to get approved by the Manager of beneficiaries. Please let us know ways to apply the composite to divide the application.
Why two separate approval process? Instead of two only have a license deal with assignment of dynamic loop based Manager of beneficiary to the owner of the role, and attach it to the level of the operation and you should be good (with auto level template and request approval).
The child requests are generated only at the level of the operation and NOT to any two previous levels. It is the engine of the application for you.

-BB

Automatic assignment of record parent registration RN when created by OPA and involve a custom object

The question that we face, it's what seems to be the forced transfer of the child for parent records records when she is using OPA integrated with RightNow to create records. This scenario is a little complex, so I put try it below with a structure to make it easier.
- Scenario: creating records in RightNow across an interview of the OPA
- OPA setting of mapping:
  - Personal contact Center (account)
  - At the beginning of the interview, load data related to an individual: Incident
  - At the end of the interview, update Incident
- Data models:
  - OPA: Global-> [object custom-1] > [custom object 2]
    - all containment relationships
  - RN: Incident-> 1-> object custom object custom 2
    - All relationships of association
- Detailed description: in Takeovers we are inferring creating two records personal 2 object with a Custom single object 1. In these registers Custom object 2, we put directly the field that contains the link PK 1 custom, object so that each personal object 2 is actually assigned in RN for different Custom object 1s. Some examples of data to explain:
  - Custom 1 object associated with the Incident, read in the OPA
    - ID is set to 123
  - 2 custom object created in OPA under instance of Custom 1 object with ID = 123
    - Link to PK for 1 item 123-custom
  - 2 custom object created in OPA under instance of Custom 1 object with ID = 123
    - PK link for 1 custom object on 345 (different from the Custom object 1 read OPA)
- Expected behavior: the object two custom 2s are created and assigned to their respective different personal 1 item RightNow records.
- Actual behavior: the object two custom 2s are created and assigned to the Custom object with ID 123 1
To continue the investigation, we then tested using a different set of objects, standard objects, but with the same rules:
- Data models:
  - OPA: Global-> contact-> the incident
    - all containment relationships
  - RN: Organization-> (current) Contact-> Incident (custom object)
    - all relationships of association
  - Detailed description: same logic as the previous
  - Customer expected: same as previous
  - Actual behavior: Matches expected behavior. The Incidents have been correctly assigned to their two different respective Contacts
This behavior of divestiture now seems specific to custom objects, but can ayone confirms that this is the case and the behavior expected please?
In addition, we are confident that when you test this feature about 2 weeks ago, we received the expected behavior in BOTH cases to 80%. Maybe it's because changing the configuration in our RN environment that we are not aware of, so we are investingating cela, but are there changes to the OPA / connectors deployment for customer environments in recent weeks that could have caused this please?
Finally, if this could be affected by a change of configuration of RN, nobody knows what this configuration can be please?

I can confirm that this is the expected behavior. A few more details are given in the article of doco hierarchies entity Understand - he explains how the containment relationships mapped determines the assignment to the parent.

The reason for this behavior is that most of the time, it makes sense that the registration of the new entity instances to 'work', feel that they are saved in exactly the same hierarchy of containment that was present in the OPA, and in a way that ensures referential integrity (we support in particular the case where the whole hierarchy of objects is created at the same time if the parent does not yet exist at the time of the creation of the rule (, so you couldn't possibly know its ID). Otherwise, as Matt says, is up to the author of the rule to make sure that, for example, 345 is a valid foreign key.

This behavior should be the same for the built-in objects as well as custom objects, and as Brad says he has not changed recently. If you see this behavior in some cases but not in others, what this means is that probably in cases where it works as expected, there are multiple relationships between the parent and the child object, and it happens that the foreign key that you set manually is different from the foreign key of the mapped containment relationship.

Code examples need to assign the admin role to a user
I'm looking for a sample code snippet assign administrative roles to a user.

Help, please.
Try this.

Private Sub (String userLogin, String roleName) {} assignAdminRole
Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
Client caches = ars.getAdminRole (roleName);
Arm AdminRoleMembership = new AdminRoleMembership();
arm.setAdminRole (pine);
arm.setUserId (getUserKey (userLogin));
arm.setScopeId("3");
arm.setHierarchicalScope (false);
ars.addAdminRoleMembership (arm);
}

private String getUserKey (String userLogin) {}
Take string = null;

Try
{
UserManager usrService = oimClient.getService (UserManager.class);
User user = usrService.getDetails ("User Login", userLogin, null);
= Take user .getAttribute ("usr_key") m:System.NET.SocketAddress.ToString ();
}
catch (Exception e) {}
e.printStackTrace ();
}
System.out.println ("user key =" + take);
Return take;
}

Assign an IOM custom role to a user in OIM 11 g R2

Hello world
I created a role whose type is "IOM roles."
Given that this role should not be assigned per catalog.
This is not seen on the catalog.
When I opened the details of this role, I can't assign this role to a user directly.
How can I assign this role to a user?
Thank you.
Best regards.

Rather than defining the category as the roles of the IOM, you can set the IS_REQUESTABLE flag to 0 in the table of the CATALOGUE on the IOM scheme that will not display the item in the catalog, but it can still be assigned to the users.

-xelsysadm

Error code: 400 back when create user on the Organization

I write a simple php code that use the createUser function to create a new user on the body. The following error appears:

"POST ". https://xx.XX.XX.XX/API/v1.0/Admin/org/1421086956/users failed, return code: error 400,:, request data: User_Full_Name " [email protected] true Pa55w0rd '

What does this error mean?

Here is my code:

 
/**
 * Function to create a VMware_VCloud_API_UserType data object.
 */
function createUserObj($userName, $password, $role=null, $isEnabled=null, $fullName=null, $emailAddress=null, $description=null) {
    $obj = new VMware_VCloud_API_UserType();
    $obj->set_name($userName);
    $obj->setFullName($fullName);
    $obj->setDescription($description);
    $obj->setPassword($password);
    $obj->setRole($role);
    $obj->setIsEnabled($isEnabled);
    $obj->setEmailAddress($emailAddress);

    return $obj;
}
 
/**
 * Create a new user on an existing organization.
 */
try {
    // create a service object
    $service = VMware_VCloud_SDK_Service::getService();
    // login to the service portal,
    $service->login($server, $auth, $httpConfig);
    // create an SDK Admin object
    $sdkAdmin = $service->createSDKAdminObj();
 
    // get references to administrative organization entities
    $adminOrgRefs = $sdkAdmin->getAdminOrgRefs('testOrg1'); // testOrg1 Organization are already created.
    // create SDK AdminOrg object
    $sdkAdminOrg = $service->createSDKObj($adminOrgRefs[0]);
    // get references to roles
    $adminRoleRefs = $sdkAdmin->getRoleRefs('Organization Administrator');
 
    // create a VMware_VCloud_API_UserType data object
    $userObj = createUserObj('API_Sample_user', 'Pa55w0rd', $adminRoleRefs[0], true, 'User_Full_Name', '[email protected]');
    // invoke createUser function on an SDK AdminOrg object
    $user = $sdkAdminOrg->createUser($userObj);
 
    // Print user list
    $userList = $sdkAdminOrg->getUserRefs();
    echo "<br> User List <br>";
    foreach ($userList as $user) {
        echo "{$user->get_name()} <br>";
    }
} catch (Exception $e) {
    echo $e->getMessage() . "\n";
}

Error code 400 is the standard HTTP status code, indicating the incorrect query.

The problem is when you get a role of reference, the XML tag for this reference is "RoleReference".

When you create a user, the XML tag that is expected for the role reference is 'Role '.

So after getting the reference to the role of the admin vCloud (VCloudType) object.

$adminRoleRefs = $sdkAdmin-> getRoleRefs ('organisation administrator');

the user must make one more step to convert the tag.

There are two ways to do this:

1. with the help of $adminRoleRefs [0]-> set_tagName ('Role');

2. with the help of VMware_VCloud_SDK_Helper::createReferenceTypeObj ($adminRoleRefs [0]-> get_href());

I will record a bug in development of the SDK for this question.

Thank you

Kimberly

Create a role using the web client

Hello team,
Sorry for the lame question, but I can't find it anywhere:
connected to vsphere 5.5 Web client
I wanted to create a custom role to assign to the specific user. I don't see any possibility to create a custom role.
On vcenter level in manage / I can only use predefined roles permissions. How to create a custom role?
Thank you

Please try to use the account "[email protected]".

André

Revoke ROLE on the user table

Hi team,
I'm trying to revoke grant on the user table
The Sub statement gives error saying
[code]
REVOKE < role_nm > on < a.table_nm > to < b.user_nm >
Error: ORA 00990: missing or invalid privilege
[/ code]
But the following works fine
[code]
REVOKE ALL ON < a.table_nm > to < b.user_nm >
[/ code]
Please suggest me to revoke the grant on the user table

Smile says:

[code]

REVOKE on of

Error: ORA-00990: missing or invalid privilege

[/ code]

A GRANT on table is assigned to a ROLE and that ROLE is assigned to the USER. So when you want to REVOKE a specific GRANT what is assigned to a user by ROLE. You must REVOKE any ROLE to the user or REVOKE the GRANTING OF THE ROLE.

Mapping of the external LDAP user with the role of the Complutense University of MADRID
Hello WebCenter content masters,

I'm having trouble mapping a group LDAP to the role of the Complutense University of MADRID.
Let me explain the situation.

I have an external LDAP (Apache DS) with two groups (groupofuniquenames), 'Administrators' and 'Test' and two users 'ldap_admin' and 'ldap_user '. ldap_admin is a uniqueMember administrators and the ldap_test a test uniqueMember.

At the University Complutense of MADRID, I created a custom role 'Test' with privileges "RWD" group 'Public '.

I guess that the external LDAP has been configured successfully as an LDAP authenticator provider - myrealm settings tab, since I can see groups and external LDAP users, and they can connect the DCU with their user id and password.

However, ldap_user is unable to perform the check, and on their profile page, the role is "invited, authenticated."
And when I pass ldap_user in the test group to the Administrators group, the role is then "invited, authenticated, admin, sysmanager, refineryadmin, rmaadmin, pcmadmin, ermadmin.
It seems that the Administrators group is mapped correctly, but not the group test.

I try to apply the advice given in these two threads:
External LDAP user has only priviledge research at the Complutense University of MADRID
Unable to map external users to roles in content Webcenter 11 g

I have created a 'externalLdapMap' identification card, completed the provider.hda file and put the map "Test, Test". I also tried with "Test, contributor" that I was not sure about the first mapping.
Whatever it is, after restarting the server of the University Complutense of MADRID, I'm still not able to grant the privilege of writing for a user to the Administrators group.

I missed something in the process?
Thank you for your attention and of course any help would be greatly appreciated.
L.
Hello

I think that you have enabled the LDAP authenticator credits and that this error will go up.

You must create an OpenLDAPAuthenticator and do the same settings with flag set up and then test the scenario.

Thank you
Srinath

Assignment of roles Admin in OIM11gR2 using the API
Hi guys,.

We have a requirement to assign administrator privileges to users (depending on their level of employment) in GR 11, 2 IOM to provide admin access on the Organization (in terms of create users, application roles, update users to view users, etc). We plan to leverage Admin roles available to the title of the Organization in GR 11, 2 IOM for this. But we found no API to assign these administrator roles to users using code custom. Kindly help.
Try the code below

AdminRoleService EI = oimClient.getService (AdminRoleService.class)
Client caches = ars.getAdminRole (("OrclOIMEntitlementAdministrator");
Arm AdminRoleMembership = new AdminRoleMembership();
arm.setAdminRole (pine);
arm.setUserId("5") - this is my user USR_KEY
arm.setScopeId("4") - key organization under which users need to assign the role of the Admin
arm.setHierarchialScope (false);
ars.addAdminRoleMembership (arm);

Let me know the result

Problem with the role and the user; the user cannot see the table
Hello forum,.

I created a role:

Enr_service CREATE ROLE;
GRANT CONNECT TO enr_service;
GRANT ALL ON tenants TO enr_service;
GRANT ALL ON enr_service TO user;
GRANT ALL ON sportsmen TO enr_service;
GRANT SELECT ON test TO enr_service;

and also a user:

CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED on USERS;
GRANT enr_service to ENR1;
ALTER USER ENR1 by DEFAULT ROLE enr_service;
ALTER USER DEFAULT TABLESPACE USERS ENR1;

I can connect to the database with this user, but when I try to query a table that has been granted access I get an error message:

SELECT * ATHLETES;
ORA-00942: table or view does not exist

I don't see what I did wrong. Any help is appreciated.

Sebastian
user2019788 wrote:
Hello forum,.

I created a role:

Enr_service CREATE ROLE;
GRANT CONNECT TO enr_service;
GRANT ALL ON tenants TO enr_service;
GRANT ALL ON enr_service TO user;
GRANT ALL ON sportsmen TO enr_service;
GRANT SELECT ON test TO enr_service;

and also a user:

CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED on USERS;
GRANT enr_service to ENR1;
ALTER USER ENR1 by DEFAULT ROLE enr_service;
ALTER USER DEFAULT TABLESPACE USERS ENR1;

I can connect to the database with this user, but when I try to query a table that has been granted access I get an error message:

SELECT * ATHLETES;
ORA-00942: table or view does not exist

I don't see what I did wrong. Any help is appreciated.

Sebastian

This is probably because ENR1 isn't any table named ATHLETES and he did not qualify the name of the table with the schema name...

It is not possible to program the report with a user with the role of the author.
Hello

I tried to schedule the report using weblogic user (who has the admin role) it worked perfectly. But when I try to log on by using the user (who has the role of the author) and when I try to schedule a report I get the following error. It is clustered environment.

[nQSError: 77006] Oracle BI presentation server error: A fatal error occurred during the processing of the request. The server responded with: an authentication failure.
Error codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
Geographical area: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
ODBC driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access to the requested connection is denied.
[nQSError: 43113] The message returned by OBIS.
[nQSError: 13039] The imposter does not exist in the Security Service of BI. (08004)

Error codes:
Geographical area: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
.
Error codes: AGEGTYVF
AgentID: / users/richard/Test Mail Report
... Retry Agent response content loop... Sleep for 8 seconds. [nQSError: 77006] Oracle BI presentation server error: A fatal error occurred during the processing of the request. The server responded with: an authentication failure.
Error codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
Geographical area: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
ODBC driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access to the requested connection is denied.
[nQSError: 43113] The message returned by OBIS.
[nQSError: 13039] The imposter does not exist in the Security Service of BI. (08004)

Error codes:
Geographical area: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
.
Error codes: AGEGTYVF
AgentID: / users/richard/Test Mail Report
... Retry Agent response content loop... Sleep for 6 seconds. [nQSError: 77006] Oracle BI presentation server error: A fatal error occurred during the processing of the request. The server responded with: an authentication failure.
Error codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
Geographical area: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
ODBC driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access to the requested connection is denied.
[nQSError: 43113] The message returned by OBIS.
[nQSError: 13039] The imposter does not exist in the Security Service of BI. (08004)

Error codes:
Geographical area: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
.
Error codes: AGEGTYVF
AgentID: / users/richard/Test Mail Report

Exceeded number of retries of request for the GetResponseContent method.

Can someone help me with this.

Thank you
Rondo.

Published by: RONDO on December 12, 2012 16:07
Check Doc ID 1446877.1

According to the doc Fix to apply the hotfix 13553428:

The fix for this problem is to apply the hotfix for the following new bug.

Bug 13553428 - QA:BLK:DELIVER Corp. OID LDAP users FAILED WITH the COPYCAT DOES'NT ARE.

Patch 13553428: QA:BLK:DELIVER users to Corp OID LDAP FAILED WITH the COPYCAT DOES'NT ARE.

The patch is available on MOS and can be applied to all platforms.

Or access via this link:
https://updates.Oracle.com/Orion/services/download/p13553428_111160_Generic.zip?Aru=14732325&patch_file=p13553428_111160_Generic.zip

Please refer to the Readme file. It is important to shut down the system before applying the patch. Then restart.
When you restart Weblogic should automatically detect that bimiddleware.ear has changed to OH and automatically redeploy it the application

If it helps pls mark as correct

Published by: VIEREN Srini December 12, 2012 19:39

How to make the fields of metadata required when creating folders
Hi all...

Related issue with SR 3-6472229431 and 3-6471130611 SR.
We use SAY 11.1.6 64 - bits (2011_11_29 (rev 9756) 11.1.6.97) in a Workstation Windows 7 64-bit (with the AAU 11.1.1.5 in a Linux machine). Check-in of images at the Complutense University of MADRID's fine.
I'm doing some metadata fields required when creating a folder. These fields are required at check-in, but not in the creation of records.
Folders_g is enabled. DesktopTag too.
EDIT: The Patch: 14695303 - COE 11.1.1.5.0 BUNDLE (MLR 16) November 6, 2012 applied.

Is this possible?

Thank you for all.

Published by: fgomes on 11/22/2012 03:24
After reading your response and re-reading the original question a bit closer, the function of metadata guidance does not apply to the creation of new files, only content.

Again, however, I think that the focus is in the wrong place. The metadata applied to a folder are intended to be applied to the content. You can create global rules that fire on submitting content to check if a field has a value and throws an error if the value is empty.

If you expect that users create folders (and apply effectively all the metadata in the file real itself), you will be disappointed. Experience shows that users are not interested in this level of detail when creating content, not to mention records. Leave typical users to create folders is a bad idea anyway, because they tend to create the same ineffective folder structures, they created previously in shares within Content Server.

If you need control over the attributes of the file, you will be better served by locking the ability to create new folders. Otherwise, you are looking at some kind of customization. Remember that you will not be able to customize the behavior of right click and SAY. Any changes to the SAID should be an enhancement request.

What a privilege it must compare the roles and the users of the model
Hi all

I want to compare the roles that I created in the model and the roles I have in the database,
I want to know if is posible to compare objects that you have granted to roles between the model and the database.

the problem is perhaps because the user I selected for the connection to the database has no privilege enough,
could you tell me, please
what privileges needs of the user of the connection in order to compare with the roles, packages and other objects in the physical model?

Thanks in advance
Hello

I'm afraid, it is not possible to compare users, roles, or packages at the moment.

David

Assignment of roles to the user when creating the user

Similar Questions

Maybe you are looking for