Configuration of the roles of IOM (11gr2ps2) in AD

Hi all

I have a scenario where I want to configure a role of IOM in AD. E.g. If, I create 'Test' role in IOM should directly in the ad. So any body knows how can we achieve this? Any help will be very useful.

Creation of Planner will help here?

Thank you

Sonya

(1) it should go directly after the creation of the IOM. It is not dependent on the user operations.

(2) is a time of activity. you need not change every time. But the r cles uses only the attributes that are mapped to the directory

Note:

The LdapContainerRules.xml file may contain rules using only the attributes are mapped to the directory. A rule cannot be written using the attributes of objects or attributes that are not part of the entity. This is true for user and role entities. For example, role Email can use rules for roles, and the Organization of the user name cannot be used for the user entity.

~ J

Tags: Fusion Middleware

Similar Questions

Recon DBAT user is not linking the accounts to the users in IOM 11gr2ps2

HI -.
I configured the DBAT for IOM 11gr2ps2 connector. I am able to ask and get provisioned successfully.
When I run the reconstruction work, user accounts are themselves drawn in IOM, but accounts are not get related users of the IOM. Am I missing something?
In DC, I clicked on "Create profile reconciliation" in the tab object reconciliation under the management of the resources
Thank you
SK

Make sure that you set the key field correctly in PD for DBAT. have you checked the recon event? What did he say?

clarification of the role of admin Help Desk in IOM

Hello
I have granted few users with the role help desk Admin, I got the below list of permissions of the document oracle.
When the user tried to change the attribute of the user (name, first name etc...), he went for approval. But in the list above permission to the role of assistance, there is no mention of user to change access rights.
How is the user was able to edit the attribute name? Is this regular behavior? I see the admin role Viewer user has permission to modify user (attribute-level security) .
Help Desk role inherits permissions of other admin roles (display of use / other role)?
What is meant by request or direct exploitation?
What is meant by scope organization permissions?
Please provide details?
Thank you

Yes, you need to use in the same way, as described in the link button change user below. You must create a sandbox, apply EL expression and publish the sandbox.

Oracle security solutions: IOM 11 GR 2 - show elements and hide the user interface based on a role

The wink below shows the similar expression you need to set for users of the system of administration.

The other activity in relation to the Helpdesk will work as it is. He expression will only hide the button change for all users except Admins system (xelsysadm). We have working in one of the previos project. This should work for you as well.

~ J

difference between the roles of the IOM and the default roles

Hello
I would like to know what is the difference between the roles of the IOM and the default roles.
Thank you

I forget which, but one of the categories will not be charged in the catalog for available roles apply.

-Kevim

How to create a role in IOM so that he doesn't end up in the OID?

Hello
Is there a way to create a role that does not end in OID?
I tried with the category of the roles of the IOM and the default category. They all end up in OID.
I just have to use the role aimed access to AD policy and do not want these roles being in the OID. Is there a way to do this?
I'm on 11 GR 2, PB07.
Thank you
Khanh

I think that LDAP synchronization gives no option for the selective provision of (means we cannot define some roles to be synchronized and others do not). Here, I assume you have LDAP Synch enabled in IOM.

For more details, consult this oracle support note: 1585915.1

Thank you

Pallavi Chaudhari

Script to join the domain, the role of configuration, add permissions and activate/SNMP configuration

So I'm writing a script to install our vSphere hosts to work with our monitoring software. Right now, it's all done by hand and I would like if possible to automate it. So far, I came up with this. I get to step 5 and that's where it fails. I can get it manually run the Get-VIAccount command, but in the script, it fails.
These are my steps
1. connect to an existing host and retrieve role properties.
2. connect to the new host
3 join the domain.
4. disconnect the new host and reconnect with the credentials of domain
5. get the domain account, role of research/create and add permissions to host
6. enable and configure SNMP
7 restart MGMT officers.
#Variables
$vmhost = "Host03".
$domaintojoin = "Domaine.org".
$domainAlias = "domain".
# $usernametograntpermissions = "service.account".
$rolename = 'team - account control service '.
#Connect to host17 to retrieve the role privileges
to connect-viserver host17
#Extract of privileges for the role of vcenter Monitoring Service
$privsforrole = get-viprivilege-role (get-ferrule-name $rolename)
Server VI #disconnect
disconnect-viserver *-confirm: $false
VSphere hosts #Connect above (enter the credentials of the root when prompted)
SE connect-viserver-Server host03
#Join field
Get-vmhostauthentication - VMhost ctcvsphere3 | Game-VMHostAuthentication-domain $domaintojoin - user %-% - JoinDomain-confirm password password: $false
credentials of the #disconnect root
disconnect-viserver *-confirm: $false
#reconnect with the credentials of domain
SE connect-viserver-Server ctcvsphere3-user username-password password % domain\username
#Get domain account and add to the host
$viAccount = get-VIAccount-DOMAIN-User - ID service.account
# Get the role
$viRole = get-ferrule-name $roleName
If (-not $viRole) {}
throw the "Role of the creation.
New-ferrule-name $rolename - Server $vmhost
Together-ferrule-role (Get-ferrule-name $rolename - Server $vmhost) - AddPrivilege (get-VIPrivilege-id $privsforrole - Server $vmhost)
}
# Add permissions on VMHost
New-VIPermission-Director $viAccount-role $viRole - entity $vmHost
all VIServers #disconnect
Disconnect-VIServer *-confirm: $false
}
#Configure SNMP
Get-vmhostsnmp | set-vmhostsnmp-enabled: $true
Get-vmhostsnmp | game-vmhostsnmp - ReadOnlyCommunity 'SNMP.
#Restart Mgmt officers
Get-VMHostService - VMHost $vmhost | where {$_.} Key - eq "vpxa"} | Restart-VMHostService - Confirm: $falese - ErrorAction SilentlyContinue
Here is my error:
Get-VIAccount: 27/02/2014-16:03:11 VIAccount Get A general system
rror occurred: access to the directory error
C:\ps1\vmware\snmp1.ps1:42 char: 28
+ $viAccount = get-VIAccount < < < < - domain - User - ID SERVICE. ACCOUNT
+ CategoryInfo: NotSpecified: (:)) [Get-VIAccount], SystemError)
+ FullyQualifiedErrorId: Client20_VmHostServiceImpl_RetrieveUserGroups_Vi
Error, VMware.VimAutomation.ViCore.cmdlets.Commands.PermissionManagement.GE
tVIAccount
Get-VIAccount: 27/02/2014-16:03:11 Get - VIAccount VIAccount with the id
"service.account" was not found using the specified filters.
C:\ps1\vmware\snmp1.ps1:42 char: 28
+ $viAccount = get-VIAccount < < < < - domain - User - ID SERVICE. ACCOUNT
+ CategoryInfo: ObjectNotFound: (:)) [Get-VIAccount], VimExceptio)
n
+ FullyQualifiedErrorId: Core_OutputHelper_WriteNotFoundError, VMware.VimA
utomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIAccount
New-VIPermission: Impossible to validate the argument on the parameter "principal." The argument
ent is null or empty. Provide an argument that is not null or empty, and then try
the command again.
C:\ps1\vmware\snmp1.ps1:56 tank: 40
+ New-VIPermission-main < < < < $viAccount - $viRole - entity role
y $vmHost
+ CategoryInfo: InvalidData: (:)) [new VIPermission], ParameterBi)
ndingValidationException
+ FullyQualifiedErrorId: ParameterArgumentValidationError, VMware.VimAutom
ation.ViCore.Cmdlets.Commands.PermissionManagement.NewVIPermission
The term 'catch' is not recognized as a cmdlet, function, script fi
the, or an executable program. Check the spelling of the name, or if a path has been included
DED, make sure the path is correct, and then try again.
C:\ps1\vmware\snmp1.ps1:57 tank: 12
+ captures < < < < {}
+ CategoryInfo: ObjectNotFound: (catch: String) [], CommandNotFou
ndException
+ FullyQualifiedErrorId: CommandNotFoundException
Thanks in advance!

Dimitar did a nice write-up of this phenomenon and a possible solution.

See ESXi hosts to join a domain and licensing with PowerCLI

Create the role attribute to a recipient user after user approval - IOM 11.1.2
Hi all

I ve created a composite custom for creation of the user. Once a user of the applicant (for example user-R, other than the xelsysadm) creates a user (say User1), he would go to approaval to the Manager of the applicant (say user-RM). Once the applicant manager approves the request, the user is created in the IOM.

Now, once the user is created, I need to assign a role personalized the User1 by using APIs. For some reason, we will not use the role membership rule.

My Situation
----------------
-J' created a handler for post (for MODE = CRΘER) which generate custom "user login" and also assign a role personal to the user. Role was being entrusted "Beneficial user" if created by "xelsysadm", for, there was no approval triggered.

But when I create one recipient user with other than 'xelsysadm', the workflow is triggered and role assignment is a failure in the event handler.

Please suggest me a way to assign the role (using API) on the 'recipient user', once the application is approved by the assignee.
See the Article: 1532267.1

-Marie

Enabling LDAP synchronization after configuration of the IOM in R2
Friends,

Did anyone tried enabling the LDAP synchronization after configuration of the IOM in R2?

I'm doing the steps the below url.

http://docs.Oracle.com/CD/E27559_01/integration.1112/e27123/oid_oim.htm#IDMIG4357

But I'm not finding below.

/ db/LDAPUser
/ db/LDAPRole
/ db/LDAPRoleHierarchy
/ db/LDAPRoleMembership
/ DB/RA_LDAPROLE. XML
/ DB/RA_LDAPROLEHIERARCHY. XML
/ DB/RA_LDAPROLEMEMBERSHIP. XML
/ DB/RA_LDAPUSER. XML
/ DB/RA_MLS_LDAPROLE. XML
/ DB/RA_MLS_LDAPUSER. XML

Few of them exist in/metadata/iam-features-ldap-sync, but not all. I'm not find LDAPContrainerRules.xml anywhere at all.

I do something wrong or this documentation is wrong.

Please suggest.
Another post, try the following
I do not have the tiried yet, it seems ok. After your results/experiences, must also try.

Find the detailed steps in the link below
http://docs.Oracle.com/CD/E27559_01/install.1112/e27301/OIM.htm#CDDGJIBJ
http://docs.Oracle.com/CD/E14571_01/install.1111/e12002/oidonly014.htm

IOM 11.1.1.5.0 Configuration of the generic UNIX BP02 connector problem
I have a survey concerning the configuration of the generic UNIX connector on 11.1.1.5 to IOM. Basically, when I try to do the first Recon and Shell Recon group, I get an error saying:

Oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value of a [Host] key is not defined in the plan provided.

I followed the connector guide UNIX documentation and has also created an attribute in the OIM Design Console called privateKey [LOADFROMFILE] that contains a value of file:\\\home\oracle\Oracle\Middleware\Oracle_OIM1\server\ConnectorDefaultDirectory\SSH\config\oim_rsa.

I also tried to set up a user with UNIX resources but I get an error message saying:

CREATEUSER running
Target class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
< 2 July 2012 18:20:32 PHT > < error > < ORACLE. IAM. CONNECTORS. ICFCOMMON. Prov. ICPROVISIONINGMANAGER > < BEA-000000 > < oracle.iam.connectors.icfcommon.prov.ICProvisioningManager: createObject: error while creating user
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: the value of a [Host] key is not defined in the plan provided.
at oracle.iam.connectors.icfcommon.util.MapUtil.getRequiredValue(MapUtil.java:94)
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:122)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:133)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:141)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:253)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.CREATEUSER(adpUNIXCREATEUSER.java:109)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.implementation(adpUNIXCREATEUSER.java:54)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx (unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
to $Proxy329.retryTasksx (Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke (unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx (unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
to $Proxy167.retryTasksx (Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
to $Proxy328.retryTasksx (Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks (unknown Source)
at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
to oracle.security.jps.ee.http.JpsAbsFilter$ 1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged (Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.wrapRun (WebAppServletContext.java:3730)
to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.run (WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>

I would like to ask if there is one configuration step that I missed that causes this error?

Thanks in advance!
Hello

Check in the resource COMPUTER provided you a value for the host.

Concerning
user12841694

In what concerns the Elimination of roles in the Administration of IOM and Console user
Hello

Administration of IOM and Console user, I created a user, role, rule. Now I'm trying to delete a role and a rule. IM able to remove the rule element in the console design, but not able to remove Rule.At time when I tried to remove the role that it displays "cannot remove role because he has already exixsting relationship '.

Please suggest how to remove the role as rule.
On the ruler, click on the use tab, if something exists, then find the role and deleting the membership are entrusted to him. Now, the use must be empty, and you can remove it.

-Kevin

tcObjectNotFoundException error during the configuration via the API of the IOM

Hello
I'm trying to provide resources using the client API IOM. I use the following code which generates the exception mentioned after the code snippet:
*******************************Code*******************************
java.util.Hashtable env = new java.util.Hashtable ();
env.put (oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
oimInitialContextFactory);
env.put (oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient (env);
Thor.API.Operations.tcUserOperationsIntf userIntf = (Thor.API.Operations.tcUserOperationsIntf.class) client.getService;
Thor.API.Operations.tcObjectOperationsIntf objIntf = (Thor.API.Operations.tcObjectOperationsIntf.class) client.getService;
Thor.API.Operations.tcFormInstanceOperationsIntf formIntf = (Thor.API.Operations.tcFormInstanceOperationsIntf.class) client.getService;
Thor.API.Operations.tcProvisioningOperationsIntf provIntf = (Thor.API.Operations.tcProvisioningOperationsIntf.class) client.getService;
Thor.API.Operations.tcUserOperationsIntf userOper = (Thor.API.Operations.tcUserOperationsIntf.class) client.getService;
java.util.Hashtable mhSearchCriteria = new java.util.Hashtable ();
Hashtable ObjectHash = new Hashtable();
objectHash.put ("Objects.Name", "ITAX_GTC");
Data com.thortech.xl.vo.ResourceData = userIntf.provisionResource (Long.parseLong (userId), objectKey);
long userObjectInstanceKey = Long.parseLong (data.getOiuKey ());
long objectInstanceKey = Long.parseLong (data.getObiKey ());
Hashtable InputHash = new Hashtable();
Fill out the entry below with data from object
for (int b = 3; b < row.length; b ++)
{
inputHash.put (header [b], [b] row);
}
Sets the data object
formIntf.setProcessFormData (objectInstanceKey, inputHash);
*********************************************************************************************
Thor.API.Exceptions.tcObjectNotFoundException
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_1035_WLStub.revokeObjectx (unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
to $Proxy2.revokeObjectx (Unknown Source)
at Thor.API.Operations.tcUserOperationsIntfDelegate.revokeObject (unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
to Thor.API.Base.SecurityInvocationHandler$ 1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs (weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke (SecurityInvocationHandler.java:79)
to $Proxy3.revokeObject (Unknown Source)
at com.infotech.tra.organization.RoleAssignment.ProvisionResources(RoleAssignment.java:1013)
at com.infotech.tra.organization.RoleAssignment.main(RoleAssignment.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:56)
Caused by: Thor.API.Exceptions.tcObjectNotFoundException
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.revokeObject(tcUserOperationsBean.java:3184)
at Thor.API.Operations.tcUserOperationsIntfEJB.revokeObjectx (unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
to $Proxy344.revokeObjectx (Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.__WL_invoke (unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.revokeObjectx (unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_WLSkel.invoke (unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
to weblogic.rmi.internal.BasicServerRef$ 1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Add the line before retrieving the key of the object:

set.goToRow (0); assuming that one record is returned in the result

IOM 11gR2PS2 Auth policy

Can someone please confirm if the custom roles created in IOM 11gR2PS2 can be controlled by OES? I read somewhere that only IOM OOB Admin roles can be ordered by OES.
If that's the case then to limit the actions of the normal user (ALL USERS) (edit/view user) we can use OES to create the authorization policy. How about this then?

Yes, as far as I KNOW only Admin roles can be controlled by OES.

For users with normal role, you must use the EL Expressions to achieve your requirement. You can hide the dynamic button based on the role of the user.

http://docs.Oracle.com/CD/E27559_01/dev.1112/e27150/uicust.htm#OMDEV5175

~ J

Ad groups associated with a role of IOM
Hello gurus,

I am currently using OIM 11 g r2 with an AD 9.1.1.7.0 connector. I was curious to know if there was a way to link a handful of ad groups (ie., administrator, account operators, etc.) to a role in the IOM.

If anyone has the documents they could point me, or a step by step, that would be greatly appreciated!
Yes, if you have the access policy for the supply of AD account then you can save the list of groups/payments in the form of the child while the creation of access policy itself and it will be assigned by default once the account is configured on the target system.

You can also check out below the doc for "operation of the law in r2. which is attributed to rights

http://docs.Oracle.com/CD/E27559_01/admin.1112/e27149/appInstance.htm#CHDBIGHD

several resources configured by the access policy, allow multiple set to no
Hi Experts,

I have a problem with the automatic supply of the resource based access policy Ad and Exchange resource (or any two resources that are dependent on each other).

That's what I'm doing (11.1.1.3 bp2):
The user of the ad and the Exchange are the two auto-save, auto - prefill and do not allow several. Exchange depends on the AD Server (which assigns the user ad). Based on a rule, the user gets a role, having an access policy giving the user of the ad server and Exchange resources.

Because my AD Server/user implementation updates the user profile during deployment of the access policy is either revalued. At this point the resource Exchange has not any State yet, even if it is waiting on the AD resource to be configured. Accordingly, another Exchange resource is added to a kind of queue, no AD resource yet again in a wait state. As soon as the resource AD is supplied all the wait resource Exchange are provided leading to many Exchange resources.

On a side note, when a resource is assigned manually in the interface web IOM, that once all void tasks are made (or failed) the resource appears on the tab "resources" for a user. I think it would be more logical that this resource is listed immediately to the provision of status. Maybe it's to be able to perform a restore or validation occurs only after all the tasks are performed.
Bundle 4 Patch did not help at all.

Suggestions are welcome.

Kind regards

Jan Willem Beusink
Hello

Thank you, we did the debug more. The real problem was setting a value on the profile of the user, by a membership rule added a user to a different role, leading to the evaluation of access policies. in the process of AD in combination with prepopulators on the Exchange form that take time to complete (a few seconds). If Exchange prepops where not ready before access where assessed to new policies, we got two exchange resources. We solved the problem by using (a variant of) your suggestion leaving the task of Exchange processes a UDF and adapt the rule to check for this field's initial membership.

Hi low (member of the team of Jan Willem)

FBus Monitor may not work with Configurator at the same time

I am using NI USB-8486 material and I can get Fbus Configurator work on it. But whenever I run the FBus monitor, the Configurator will go wrong. (Device on the Fbus become invalid)

I checked the Configuration OR-FBUS Interface utility, I have seen that the use of the port can be either OR-FBUS or Bus-monitor. Since the USB-8486 only has a port, it means we can only support a single application (Configurator or monitor), instead of two at the same time?

I'd appreciate any help!

Hi Steve,.

That's correct - USB-8486 can function as an interface device or monitor buses at the same time, and the role is configured in intensive care.

If you want to have two roles at the same time work, you will need two NICs installed.

Configuration of the roles of IOM (11gr2ps2) in AD

Similar Questions

Maybe you are looking for