Grant a role to a user using API in GR 11, 1 IOM material

Similar Questions

• How to get the IOM Admin roles for a user using API

  Hi all
  
  I'm trying to get the roles of administrator to a user by using the API. I'm using the code below, but it is returning null, even if the user has two Admin roles...
  
  private void getUserAdminRoles (String userID)
  {
  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  The list < customer > a = ars.getAdminRolesForUser (userID, null);
  System.out.println ("*" + a.size ());
  }
  
  Thanks in advance

  Ars AdminRoleService = oimClient.getService (AdminRoleService.class);
  List = ars.getAdminRolesForUser (userID, null);
  System.out.println ("*" + a.size ());

  Go to take instead of the user name.

• Need help with deprovision as a single resource to the user using API profile

  Hello
  I need to write a little code, where I can layout only one resource profile of the user via the API of the IOM. Please help me to start coding.
  
  Thank you
  Kalpana.

  Change your code to do this

  String oiuKey = resultset.getStringValue ("User-Object Instance to User.Key");

  You must pass the oiuKey method revokeObject no Object Key

  See more details here revokeObject method [IOM] - howto?

• the role of multiple users

  Hi gurus,

  I don't know if I'm in the right forum or this thread must be in pl/sql forum, so please move if necessary.

  Im working on 11.2.0.3 windows 7 and must grant a role to multiple users (all users who begin by "OPS$"), but I can't find a solution for me, so I need your knowledge:

  I tried:

  SQL >

  1 start

  2 C1 looping (select username from dba_users where username like "OPS$ % ')

  3 immediate execution

  4 ' grant of TP_RW to | C1. UserName;

  5 end of loop;

  6 * end;

  Start

  *

  ERROR on line 1:

  ORA-00933: SQL not correctly completed command

  ORA-06512: at line 3 level

  what I am doing wrong?

  I got it

  DECLARE

  v_cmd VARCHAR2 (64);

  BEGIN

  C1 in (SELECT username FROM dba_users where username like "OPS$ % ')

  LOOP

  v_cmd: = ' grant of TP_RW to | '"' || C1.username |' » ' ;

  dbms_output.put_line (v_cmd);

  EXECUTE IMMEDIATE v_cmd;

  END LOOP;

  END;

  Chris script just "OPS_USER" with quotes.

  Thank you guys

• Grant read only to a user only with the role

  Legends of dear,

  Req: create user selection/read-only join specific 3-5 tables in a specific schema and no selection/read only access to the sys/system schema.

  After surfing and tried to grant the "read-only" access for a user as follows.

  create user readonly identified by readonly123;

  create read_only_role role identified by read_only_access;

  Grant connect, read-only resources.

  Grant select on applications. FND_PRODUCT_GROUPS read-only;

  Grant select on applications. FND_USER read-only;

  grant read_only_role read-only;

  The above statements

  1. created user, role

  2. granted to connect/create user session and I am able to run the following query

  logged in as readonly

  Select * from APPS. FND_PRODUCT_GROUPS;

  Where I am able to select even sys or system tables.

  But I'm not able to make the same read only access provided to a role and assign the role to the user subsequently,.

  create user readonly identified by readonly123;

  create the role of read_only_role identified by read_only_access;

  Grant connect to read_only_role;

  Grant select on applications. FND_PRODUCT_GROUPS to read_only_role;

  Grant select on applications. FND_USER to read_only_role;

  grant read_only_role read-only;

  Let me know your suggestions,

  Ref:roles and privileges of user management

  Roles of the Oracle

  GRANT statement

  https://forums.Oracle.com/thread/2223362

  Thank you

  Knockaert

  Hi, Karthik,

  If a role has a password (as in this case), then the user must activate this role during its current session in order to to use, like this:

  ROLE of the read_only_role IDENTIFIED BY read_only_access VALUE.

  If the role does not have a password, then it is enabled by default as soon as the user opens a session.

  Remember, the roles do not count inside procedures AUTHID DEFINE stored (which is the default type).  If you need to use the table inside an AUTHID DEFINER stored procedure, then the privileges must be granted directly to the user and not just a role.

  I hope that answers your question.

  If this isn't the case, after a complete test script that people can run to recreate the problem and test their ideas.  You started great: CREATE instructions you posted were perfect, but you need to add the CONNECTIONS and SELECT statements (and the SETTINGS, if necessary) to show how the error occurs.

• Assignment of roles Admin in OIM11gR2 using the API

  Hi guys,.
  
  We have a requirement to assign administrator privileges to users (depending on their level of employment) in GR 11, 2 IOM to provide admin access on the Organization (in terms of create users, application roles, update users to view users, etc). We plan to leverage Admin roles available to the title of the Organization in GR 11, 2 IOM for this. But we found no API to assign these administrator roles to users using code custom. Kindly help.

  Try the code below

  AdminRoleService EI = oimClient.getService (AdminRoleService.class)
  Client caches = ars.getAdminRole (("OrclOIMEntitlementAdministrator");
  Arm AdminRoleMembership = new AdminRoleMembership();
  arm.setAdminRole (pine);
  arm.setUserId("5") - this is my user USR_KEY
  arm.setScopeId("4") - key organization under which users need to assign the role of the Admin
  arm.setHierarchialScope (false);
  ars.addAdminRoleMembership (arm);

  Let me know the result

• grant the role of service to service user service tenant: failed when you try to deploy VIO

  Hello

  I have problems when you try to deploy VIO with integration of ads.  I am able to successfully deploy Violence without AD as an authentication source.  However, when I try to deploy VIO with AD as the source of authentication right about 85%, I get an error in the /var/log/jarvis/ansible.log:

  > > 2016-04-14 17:29:11, 597 p = 354 u = jarvis |  TASK: [config-controller | create endpoint of keystone] *.

  > > 2016-04-14 17:29:12, p = 354 737 u = jarvis |  changed: [172.22.33.31]

  > > 2016-04-14 17:29:12, 738 p = 354 u = jarvis |  TASK: [config-controller | create tenant services] *.

  > > 2016-04-14 17:29:13, 714 p = 354 u = jarvis |  changed: [172.22.33.31]

  > > 2016-04-14 17:29:13, 715 p = 354 u = jarvis |  TASK: [config-controller: grant the role of service to service user tenant service] *.

  > > 2016-04-14 17:29:15, 152 p = 354 u = jarvis |  has failed: [172.22.33.31] = > {'impossible': true}

  > > 2016-04-14 17:29:15, 153 p = 354 u = jarvis |  MSG: exception: name

  > > 2016-04-14 17:29:15, 154 p = 354 u = jarvis |  FATAL: all hosts have already failed - abandonment

  I tried Googling this error and was brought to this thread: problem of Installation of VIO - status: Bootstrap failed controller node but he is actually getting an LDAP error that I'm not.

  This thread suggest you check the log of the key, but there is not keystone on my VIO Device directory:

  > > root@localhost:~# ls/var/log/keystone

  > > ls: cannot access/var/log/keystone: no such file or directory

  So I'm puzzled.

  This ended up being a bad configuration of the options of the AD.

• Search for users using java API IOM 11 with the value of null field

  Hello
  
  I find user using java api findUsers (HashMap hash), but I need get all users where a custom field is equal to null
  
  Example:
  
  HashMap userHash = new HashMap();
  userHash.put ("USR_UDF_CUSTOM", "NULL");
  userData tcResultSet = userOps.findUsers (userHash);
  
  Someone help me?

  Do not use this search functionality. The user that:

  UserManager usermgr = Platform.getService (UserManager.class);
  Criteria of SearchCriteria = new SearchCriteria ("Custom Label", null, SearchCriteria.Operator.EQUAL); Suppose USR_UDF_CUSTOM label is personalized
  List of users of = usermgr.search (null, null, criteria);
  for (user: user) {}
  perform the action here
  }

  -Kevin

• What is the potential security risk to give 'any analysis' to a role or a user of 11.2.0.3 base data?

  What is the potential security risk to give 'any analysis' to a role or a user of 11.2.0.3 base data?

  Thank you

  Larry

  What is the potential security risk to give 'any analysis' to a role or a user of 11.2.0.3 base data?

  This is a HUGE security risk.

  Any person who uses the ANALYZE statement may accidentally or INTENTIONALLY, destroy the overall system performance.

  Just look at what the ANALYZE statement can do:

  https://docs.Oracle.com/CD/E11882_01/server.112/e41084/statements_4005.htm

  Goal

  Use the ANALYZE instruction to collect statistics, for example, to:

  • Collect or delete statistics on an index or index partition, table or table partition, table held in index, cluster, or scalar object attribute.

  The ANALYZE statement has been deprecated for statistics for the DBMS_STATS package.

  But what happens if the real and accurate data use by your important questions have been removed or replaced with nonsense, invalid statistical totall?

  You could bring your system to its knees INSTANTLY. The system could start making full of HUGE tables table scans instead of using an appropriate index.

  TERRIBLE, TERRIBLE thing to do to grant this privilege unless absolutely necessary.

• With the help of the ORA-00904 granted by ROLE

  Hi all

  I have an error using the grant through ROLE (Oracle 11.2.0.1 on redhat Linux)

  Here is the explanation of my problem:

  I create a package to wear patterns

  create or replace 
  PACKAGE                     usera.pkg_utils AS 
   function f_my_function return RAW;
  END pkg_utils;
  

  I create the package body:

  create or replace 
  PACKAGE BODY usera.pkg_utils  AS 
   function f_my_function return RAW  is
    v_uuid RAW(16);
  begin
    v_uuid := sys.dbms_crypto.randombytes(16);
    return (utl_raw.overlay(utl_raw.bit_or(utl_raw.bit_and(utl_raw.substr(v_uuid, 7, 1), '0F'), '40'), v_uuid, 7));
  end f_random_uuid;
  END pkg_utils;
  

  I create a 'R_ROLE1' role to which I admit "EXECUTE ON USERA. PKG_UTILS TO R_ROLE1.

  I give you that R_ROLE1 to the PUBLIC so that each user can access the package USERA. PKG_UTIS

  If I call another user f_my_function, it works well.

  If I call another user from a procedure f_my_function I get "ORA-00904".

  ex: to UserB

  create or replace 
  PROCEDURE P_PROC
  AS
  num int;
  uuid_ RAW(16);
  BEGIN
      select usera.pkg_utils.f_my_function() into uuid_ from dual;
  END P_PROC;
  /
  

  If I give you that directly "GRANT EXECUTE ON USERA. PKG_UTILS TO PUBLIC' so it works well.

  Thus, the error comes from the fact that I use a role, but I can't fix it. I don't understand why USERB does not use its grant to the role of r_role1 granted to PUBLIC.

  Is there something as USERB is unusable cascade role during the call to a procedure? is there something to "activate"? ".

  Thank you all

  See the doc database security for your answer and the explanation of what others have said.

  http://docs.Oracle.com/CD/B28359_01/network.111/B28531/authorization.htm#i1007304

  Operation of the roles in PL/SQL blocks

  The use of roles in a PL/SQL block depends on if it is an anonymous block, or a block named (stored procedure, function, or trigger), and if it runs with the rights of the author or the rights of the applicant.

  Roles used in the appointed with rights to define blocks

  All roles are disabled in any PL/SQL block named (stored procedure, function, or trigger) that runs with the rights of the author. Roles are not used to privilege control, and you cannot define roles within the procedure of a DEFINER rights.

  The SESSION_ROLES view shows all roles that are currently enabled. If a named PL/SQL block that runs with Definer Rights queries SESSION_ROLES , then the query will return no rows.

• Assignment of roles to the user when creating the user

  Hi all
  
  I gave a roll deposited (< dsp:input bean = "ProfileFormHandler.value.roles.role" maxsize = "30" size = "30" type = "text" / > on the registration page.) After registration, each field in db except role (table dps_role).
  Pls let me know what I am doing wrong.
  
  Thank you

  You should not assign roles to the user as 'ProfileFormHandler.value.roles.role' of 's profile. You can link formhandler property to which you can pass the name or id of the role that you want to assign role assignment must always route through safety ATG API in order to properly update the mappings of Homeland Security. Because of these dependencies, you should not try the role of simply call profile.setPropertyValue ('roles',...) The code cannot fail this way, but if you assign the role in this way then it may not work as expected when checking for role based privileges. Here's one possible way to do it:

  1. in your file properties formhandler declare a dependency on the directory of the default user, which by default points to the profile database:

  userDirectory = / atg/userprofiling/ProfileUserDirectory

  So, in the form Manager, you declare corresponding setUserDirectory() and getUserDirectory().

  2 then in the formhandler, get the DirectoryPrincipal objects associated with the user profile and the role you want to assign and then assign the role to the user:

  import atg.userdirectory.UserDirectory;
  import atg.userdirectory.DirectoryPrincipal;
  import atg.userdirectory.User;
  import atg.userdirectory.Role;
  import atg.userdirectory.DirectoryModificationException;
  
  import java.util.Collection;
  import java.util.Iterator;
  
  ..
  ..
  
  private boolean assignRoleToUser(String roleName, String userId) {
  
    UserDirectory userDirectory = getUserDirectory();
    DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
    DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);
  
    User user = (User)userPrincipal;
  
    Collection collection = userDirectory.getRoles();
  
    boolean status = false;
  
    Iterator iter = collection.iterator();
    while(iter.hasNext())
    {
      Object obj = iter.next();
      if(obj instanceof Role) {
        Role role = (Role)obj;
        if(roleName.equals( role.getName() ) && user!=null) {
          try {
            status = user.assignRole(role);    //will return true if the role was added otherwise false
          }
          catch (DirectoryModificationException e) {
         //handle exception
          }
          break;
        }
      }
    }
    return status;
  }
  

  In the code above 'roleName' parameter is the name of the role to be assigned to the profile with the id as "userId". If you want to do the role assignment when creating the user, then you can do the things above in postCreateUser() so that you can get the Principal associated with the profile. For more information about the interfaces and classes used here, you can refer to the documentation of the API of the ATG.

  http://docs.Oracle.com/CD/E26180_01/platform.94/APIDoc/ATG/userDirectory/package-summary.html

• Assign a role to a user already created

  Hi experts,
  
  I created a rule, a role, a strategy of access and every time I have to create a new user of the access policy is properly triggered and appropriate resources are properly assigned.
  If I manually assign a role to a user, IOM provisions automatically objects associated with the role.
  The problem is that all users created before the creation of the role, do not belong to the role: what should I do to give the role to all users?
  
  Thank you

  1 create an access policy and audit indicator change see details below

  #If renovation flag is set for the policy

  These assessments do not immediately occur after the action. Instead, they occur during the next run to evaluate the schedule task user policies. Evaluations can occur in the following scenarios:

  * Definition of strategy is updated so that the indicator adaptation is defined on IT. Policies are evaluated for all users there.
  * A role is added or removed from the definition of the policy. Policies are evaluated only for roles that is added or removed.
  * A resource is added, deleted, or the flag value revoke if no. Longer applies is changed for the resource. Policies are evaluated for all users there.
  * When the policy data are updated or deleted. This includes data form of the mother and the child. Policies are evaluated for all users there.

  2. a way to do this is to write a scheduled task and using the API assign the role of the user
  Check below link
  http://docs.Oracle.com/CD/E14571_01/doc.1111/e14309/spmlapi.htm
  Article 29.3

• Granting of privileges to another user

  Hello
  
  I'm new to plsql. During my apprenticeship. I created two paintings, BOOKS and AUTHORS in database(10g) by SYSDBA orcl.
  
  Yet once I logged user SCOTT account and I am unable to see tables of BOOKS and AUTHORS.
  
  Please let me know how to grant privileges to administrator (to edit, delete, insert and update) to the user SCOTT for these tables.
  
  Thank you and best regards,
  Hortense.

  808099 wrote:
  1A obtained now that SYSDBA role and SYS is user.
  2. I was able to connect to sqlplus by giving "/ as SYSDBA" under the user name. That's why I felt it as a user.

  "/ as sysdba" connects to the database that the SYS user using operating system with the SYSDBA role authentication enabled.

  3. in the second place, I don't know what my table BOOKS belong to the. Because I just ran a script to create table in scott/tiger@orcl. Please suggest how can I know what pattern belongs to.

  If you connected to the database as user SCOTT and run the script to create the table, the table would be almost certainly owned by SCOTT. If you connected to the database as the user SYS and run the script to create the table, the table would be most likely owned by SYS. If the script specified in the schema owner, i.e.

  CREATE TABLE library.book ...
  

  the table should be created in the specified schema. But you must have privileges very powerful to create objects in the patterns of the other user and SCOTT does not have these privileges, unless you have specifically granted them.

  4. in the third place, I delete the BOOKS and the AUTHORS of SYS and create them in the user SCOTT. But thought if GRANT privileges may be an alternative.

  Not really. It is often best to have the paintings belonging to the correct schema in the first place. You use grants to allow other users to access (or modify) the tables but other users will not have the same level of privileges (for example, they will be able to run the DDL against the table).

  Justin

• How to give the privilege for the task to the role or named users

  I am for the first time using dbms_scheduler instead of dbms_job.

  We have a situation where multiple users have privilege to run and change / delete a created with dbms_scheduler job.

  The job is running and I'm able to administer as a creator/owner there but is not able to grant privileges to other users.

  I executed:

  -Grant create any job to < user

  -Grant manage scheduler < user >
  but without success.

  When reading the documentation is seems it should be possible to grant privilege on work using alter < user > my_job grant but I don't get that ORA-00990: missing or invalid privilege

  I tried to use dbms_scheduler.create_job.
  What do I have to use dbms_scheduler.create_program?
  With the help of 11.2.0.2.0 (linux)
  I missed something fundamental?

  Regards Niclas Eklund

  Hi Niclas,

  Yes, you can grant the privilege to alter on a job. As pointed Asy, maybe you just forgot the key word WE?

  That being said, the privilege of CREATING a TASK also allows you to edit any job. However, this privilege is very powerful, so you should be very careful before you give him.

• I want to create sub-task "Human task" programmatically by using APIs, any help?

  I want to create sub-task "Human task" programmatically by using APIs, any help?

  Solved

  ' public void createSubTask (String title, String username) survey StaleObjectException, {WorkflowException}

  oracle.bpel.services.workflow.task.model.ObjectFactory objFac = new oracle.bpel.services.workflow.task.model.ObjectFactory ();

  oracle.bpel.services.workflow.metadata.routingslip.model.ObjectFactory rObjFac = new oracle.bpel.services.workflow.metadata.routingslip.model.ObjectFactory ();

  DecomposeTaskModel.IParticipantGenerator generator = null;

  DecomposeTaskModel decomposeTaskModel = new DecomposeTaskModel();

  DecomposeTaskModel.SimpleGenerator simpleGenerator = decomposeTaskModel.new SimpleGenerator();

  generator = simpleGenerator;

  Assignee list = new ArrayList();

  assignee. Add (new TaskAssignee (username, "user"));

  Participants participants = generator.generate (null, null, assignee,);

  DTI DecomposeTaskInfo = objFac.createDecomposeTaskInfo ();

  dti.setTitle (title);

  RoutingSlip rs = rObjFac.createRoutingSlip ();

  rs.setParticipants (participants);

  This.Task is WorklistServiceLocator.getTaskService () .decomposeTask (this.task.getSystemAttributes (.getTaskId ()), rs, wfCtx, dti);.

  }