OIM 11 g R2 role assignment

All,

Everyone knows a scenario where OIM 11 g R2 does not assign a role to users when creating when applies the rule for this role to users?
It seems that the event/process role assignment manager is only the trigger on a user create or maintain up-to-date, but does not trigger on the new creation of a role. If anyone else has experienced or has developed a workaround solution, let me know.

Thank you
D

Looks like that it evaluates only membership in roles on a creation or update. Evaluate user task policies does not affect membership roles.

To trigger this, I think I can create a scheduled task that merely updates an attribute on a user to trigger policy.

Tags: Fusion Middleware

Similar Questions

  • Error in the role assignment

    Hi all

    I had created a strategy to access the OIM 11 g to work for a final user role. Also, I've created a membership rule in design console to verify that a custom page attribute create a user called UserRole had the value of the end user. I applied this rule as membership rule in the role of the end user so that the role be assigned self if I chose EndUser in UserRole attribute then create user phase. Also, I assigned the access policy that I created for this role in the access policies tab. After this, whenever I created the user with attribute UserRole EndUser role was automatically assigned to the user as well as the access policy is invoked and it worked great.

    Then I activated the LDAP sync today and to check it worked I have disabled access policy by changing the role assignment he had to another role temporarily so that he would not get invoked. After awhile, I started the old role in the access policy so that it works as before. But now the access policy has stopped working. Also the user role is not automatically assigned. And on top of that, I'm still not able to assign the role to any user I create later manually. The error I get is:
    An error occurred. The corresponding error code is 0080062 IAM
    can someone please guide me to get the solution for this unacceptable mistake? I don't understand how I am unable to assign roles as well. If at all there is problem with the access policy so only he should have stopped working. But being not not able to manually assign roles is simply amazing. Help, please.

    Thank you
    $id

    Hey $id,

    Please run these scheduled tasks:

    LDAPSync Post allow provision users to LDAP

    LDAPSync Post Enable provision roles to LDAP

    LDAPSync Post Enable provision of roles for LDAP group memberships

    LDAPSync Post Select available role hierarchy in LDAP

    If you follow these scheduled tasks predefined LDAP above, all users of provisioning, roles and role memberships, as well as hierarchy, role of LDAP is reached.

    Please let me know if you have any doubt.

    I hope this helps.
    Leoncio Thiago.

  • Unable connect user AD to any role assignment

    We created users being authenticated by OBIEE 11 g AD. In the ad, we currently have the user, password and information associated with all created users group.

    According to the behavior of the system if group a user an is not mapped to a role within the EM, it should automatically be labeled authenticated role which, being a part of their role of 'BIConsumer' will give the privileges to this user. This doesn't seem to be the case. Any point of view on why this would be the case?

    -If there is a group associated to AD user in the active directory itself, is it mandatory that ad groups be associated with a role? What I mean by that is, if we block init level RPD to map users authenticated to imported within the RPD and EM custom database roles, they would not work unless there is a direct ad group for role assignment?

    The RPD had no access 'Authenticated users' and "Consumer Bi-role" nec for all areas, among other permissions layer of presentation, so at least that a user has been assigned to a role that could access any of the areas of knowledge, that the default authentication would not work.

  • Handler to process post is prevents the role assignment

    Guys,

    I have a process post event handler which runs on Trusted recon, is the issue that I am facing

    1 each time a new user is created the display name field becomes null (although I do not put any name to display in custom code, or I'm doing any first name, family name manipulation)

    which basically means that OOB event handler for the display name is not triggered. I checked it by removing the custom event handler, then full name starts the fill on Recon trust.

    FYI, the Custom event handler has a prescription = 1008

    2 event Handler is also bent the role assignment, which is a member of the rule.


    I tried to use the User Manager APIs in the events and also entityManager API, but the results are the same.


    Can help here.

    Thank you
    AK

    You must use the UserManager API to update the user if you are in the event of change of station. EntityManager does not trigger the spread through research.

    -Kevin

  • User role assignment

    I configured a security constraint in my web.xml file.

    < security constraint >
    < web-resource-collection >
    < web-resource-name > jmx monitoring < / web-resource-name >
    *.jsp < url-pattern > < / url-pattern >
    < / web-resource-collection >
    <>auth-constraint
    < role name > jmx_monitoring < / role name >
    < / auth-constraint >
    < / security constraint >
    <>login-config
    BASIC < auth-method > < / auth-method >
    < domain name > jmx_monitoring_realm < / realm-name >
    < / login-config >
    <-security role >
    < description > to access the JMX monitoring role. < / description >
    < role name > jmx_monitoring < / role name >
    < / security role >



    The role is visible in the weblogic console. My problem is how to assign the role to a user. In websphere it works so I am sure that my web.xml is valid. How can I do this in weblogic?

    You use the query weblogic.xml file to map the Web application security role and one or more directors (group or user) in WebLogic Server.

    See this:
    http://download.Oracle.com/docs/CD/E12840_01/WLS/docs103/webapp/weblogic_xml.html

    tag security-role-assignment


    jmx_monitoring
    User1
    User2
    Group1

    Also, as you have the entry below:
    jmx_monitoring_realm

    If you need to create a security domain in weblogic server with the name: > jmx_monitoring_realm
    and users must be created in this area.

    or simply, you can delete this entry and weblogic server will use the default domain that is myrealm.

    Thank you
    Sandeep

  • Role assignment of the system administrator to a new user in OIM 11 g 2

    I am trying to assign full access as xelsysadm to a newly created user, but not able to. Unable to identify the possibility to add the system administrator role. Admin system administrator role there is no SUPERIOR organization and we cannot create a new user at the TOP. any suggestions would be helpful.

    GoTo-> organization-> search and select high organization of the page-> open from the page detail->, Admin role-> select client (System Administrator)-click-> click the Assign button-> select user and add-> finally click OK.

  • OIM11gR2 - an organization using API role assignment

    Hi all

    Is there an API available to assign roles to organizations?

    Thank you

    List EntitiesToPublish = new ArrayList();
    EntityPublication entToPublish = new EntityPublication();
    entToPublish.setEntityId (role.getEntityId ());
    entToPublish.setEntityType (PolicyConstants.Resources.ROLE.getId ());
    Object objActKey = organization.getAttribute (OrganizationManagerConstants.AttributeName.ID_FIELD.getId () m:System.NET.SocketAddress.ToString ());
    String act_key = null;
    If ((objActKey instanceof String))
    act_key = (String) objActKey;
    else if ((objActKey instanceof Long)) {}
    act_key = ((Long) objActKey) m:System.NET.SocketAddress.ToString ();
    }
    entToPublish.setHierarchicalScope (true);

    entToPublish.setScopeId (act_key);
    entitiesToPublish.add (entToPublish);
    service.addEntityPublications (entitiesToPublish);
    }

    Concerning

    Shashank

  • The error of the user role assignment

    Oracle 10.2.05
    Linux environment

    I just to give a role to a user, but the user has no role-based privileges.

    Here's what I did:

    First create a user (db_user) using system id
    Then, create the schema_admin_role role
    Then run the script to assign privileges to the role
    (SELECT ' grant select, insert, update, delete on ' | owner |) '.'|| table_name | ' schema_admin_role;' from dba_tables WHERE OWNER = "another_schema";

    Then run
    grant schema_admin_role to db_user;

    The problem:
    When db_user tries to update the table X own another_schema, he gets no sufficient privileges

    But when I run (select the owner, table_name, and privilege of dba_tab_privs where dealer = "SCHEMA_ADMIN_ROLE";), I see all the privileges belonging to this role.

    All your end solution will be appreciated.

    db_user start a new session after the GRANT?

  • Error in postprocesshandler user role assignment

    Hey, 11 GR 1 material here.

    In my custom process manager post I am trying to assign roles to the user when creating, but I'm a java.lang.RuntimeException: method not implemented.

    Here is the code:

    String USER_KEY = "5";
    String roleKey = "12";
    < String > userKeys value = new HashSet < String > ();
    userKeys.add (USER_KEY);
    (..)
    RoleManager roleMgr = Platform.getService (RoleManager.class);
    roleMgr.grantRole (roleKey, userKeys);

    The grantRole is to launch a GrantRoleException caused by the RuntimeException that says the method is not implemented. It seems that the grantRole method calls a method that is not implemented, but I can't find a clue in addition.

    Edit: I also tried with the addMemberUser in the tcGroupOperationsIntf without success

    Thank you in advance for your help!

    The stack trace is complete:
    [2012-10 - 09T 14: 34:07.586 + 02:00] [oim_server1] [NOTIFICATION] [IAM-3056013] [oracle.iam.identity.rolemgmt.utils] [tid: [ASSETS].] [ExecuteThread: '2' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: oiminternal] [ecid: 2b4b40dd6bd9493d :-46b5b083:13a457d730d :-8000-000000000000110 d, 0] [APP: IOM #11.1.1.3.0] search for role with the specified criteria.
    [2012-10 - 09T 14: 34:07.669 + 02:00] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: [ASSETS].] [ExecuteThread: '2' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: oiminternal] [ecid: 2b4b40dd6bd9493d :-46b5b083:13a457d730d :-8000-000000000000110 d, 0] [APP: IOM #11.1.1.3.0] process Orchestration moved to doesn't have a stadium, and the error corresponding East - {0} []
    java.lang.RuntimeException: method not implemented
    at oracle.iam.request.eventhandlers.RequestDataActionHandler.execute(RequestDataActionHandler.java:110)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:897)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
    at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:740)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:499)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:444)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:378)
    at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.grantRoles(RoleManagerImpl.java:574)
    at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.grantRole(RoleManagerImpl.java:560)
    at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.grantRole(RoleManagerImpl.java:541)
    at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.grantRolex (unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    to $Proxy357.grantRolex (Unknown Source)
    at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl.__WL_invoke (unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl.grantRolex (unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    to $Proxy159.grantRolex (Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    to $Proxy356.grantRolex (Unknown Source)
    at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.grantRole (unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcGroupOperationsBean.addMemberUsers(tcGroupOperationsBean.java:418)
    at com.thortech.xl.ejb.beansimpl.tcGroupOperationsBean.addMemberUser(tcGroupOperationsBean.java:368)
    at Thor.API.Operations.tcGroupOperationsIntfEJB.addMemberUserx (unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    to $Proxy372.addMemberUserx (Unknown Source)
    at Thor.API.Operations.tcGroupOperationsIntf_13pobh_tcGroupOperationsIntfRemoteImpl.__WL_invoke (unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at Thor.API.Operations.tcGroupOperationsIntf_13pobh_tcGroupOperationsIntfRemoteImpl.addMemberUserx (unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    to $Proxy188.addMemberUserx (Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    to $Proxy369.addMemberUserx (Unknown Source)
    at Thor.API.Operations.tcGroupOperationsIntfDelegate.addMemberUser (unknown Source)
    at solucom.iam.identity.support.orgrules.FranceHQSupportProcess.execute (unknown Source)
    at solucom.iam.identity.eventhandlers.UserPostProcessHandler.execute (unknown Source)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1169)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:711)
    at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:745)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:791)
    at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:129)
    at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:101)
    at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:71)
    at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    to $Proxy352.onMessage (Unknown Source)
    at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
    at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
    at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:380)
    at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
    at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
    at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
    to weblogic.jms.client.JMSSession.access$ 000 (JMSSession.java:115)
    to weblogic.jms.client.JMSSession$ UseForRunnable.run (JMSSession.java:5170)
    to weblogic.work.SelfTuningWorkManagerImpl$ WorkAdapterImpl.run (SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

    Published by: 955407 on October 9, 2012 06:53

    Published by: 955407 on October 9, 2012 07:16

    Published by: 955407 on October 9, 2012 08:03

    In addition, I did not mention the following. In my case, Execute, I have the following code to see if the creation was application and running only add it to the role if the request is:

    >
    HashMap requestContext = (HashMap) ContextManager.getValue ("requestData", true);
    String requestKey = "";
    long reqKey = 0;

    Checks whether the context of the request is null which means that the task was created through an application, otherwise, no action taken
    If (requestContext! = null) {}
    requestKey = (String) requestContext.get("requestKey").getObjectValue ();
    If (requestKey! = null &! requestKey.isEmpty ()) {}
    reqKey = Long.parseLong (requestKey);
    debug ("Key Request [" + reqKey + "]");
    }

    RoleManagerResult roleResult is addUserToRole (orchestration.getTarget () .getEntityId (), "Insertion role name here");.
    {if(roleResult!=null)}
    If (roleResult.getFailedResults () .size ()! = 0) debug ("failed to add to the role [" + roleResult.getFailedResults () + "]");
    If (roleResult.getSucceededResults () .size ()! = 0) debug ("success adding to the role [" + roleResult.getSucceededResults () + "]");
    }
    }
    >

    -Kevin

  • Administrator system role assignment

    How do you give the Administrator role to a user of 11g R2

    R2 mainly has the new feature called ROLE ADMIN who has the list of roles OOTB and you can assign to any user.

    Click on organization-> research organization-> 'Top'-> open detail page go to the Admin role tab-> select role 'SYSTEM ADMINISTRATOR'-> click on the button "assign"-> the user to find now that you want to assign to the site-> click on the button 'Add'-> finally click ok.

    Make sure that check the option 'including suborganization'. If the user keep on IOM together.

    Why 'Top'-> because the Top is the parent of any organization. If you want the user to be administrator for particular org then you can choose that.

    However, normal role can be assigned using the catalog
    Search for and select user-> open-> tab "My Role" goto detail page-> click on "Demand accounts"-> now add the role of 'SYSTEM ADMINISTRATOR' catalog and finally to complete the request.

  • Limiting the administrator tab to the user with the role by default OIM 11 g R2

    Hello

    I have a question, if we create a user in OIM 11 g R2 without any admin role, then connect on screen Self Service (identity) with the newly created user, we can see that the Administration tab is visible to the user.

    Is that mean that user a admin role assigned to him in some admin activities do this by default.

    Please let me know how to control this behavior and do not display the Administration tab the user until and unless it is to have an admin of roles assigned.

    Help, please.

    See this article on measures to hide the Admin tab for users with the role for all THE USERS.

    http://venkatanunna.blogspot.com/2013/01/removing-Admin-tab-for-general-users-in.html

  • Assignment of roles to the user when creating the user

    Hi all

    I gave a roll deposited (< dsp:input bean = "ProfileFormHandler.value.roles.role" maxsize = "30" size = "30" type = "text" / > on the registration page.) After registration, each field in db except role (table dps_role).
    Pls let me know what I am doing wrong.

    Thank you

    You should not assign roles to the user as 'ProfileFormHandler.value.roles.role' of 's profile. You can link formhandler property to which you can pass the name or id of the role that you want to assign role assignment must always route through safety ATG API in order to properly update the mappings of Homeland Security. Because of these dependencies, you should not try the role of simply call profile.setPropertyValue ('roles',...) The code cannot fail this way, but if you assign the role in this way then it may not work as expected when checking for role based privileges. Here's one possible way to do it:

    1. in your file properties formhandler declare a dependency on the directory of the default user, which by default points to the profile database:

    userDirectory = / atg/userprofiling/ProfileUserDirectory

    So, in the form Manager, you declare corresponding setUserDirectory() and getUserDirectory().

    2 then in the formhandler, get the DirectoryPrincipal objects associated with the user profile and the role you want to assign and then assign the role to the user:

    import atg.userdirectory.UserDirectory;
import atg.userdirectory.DirectoryPrincipal;
import atg.userdirectory.User;
import atg.userdirectory.Role;
import atg.userdirectory.DirectoryModificationException;

import java.util.Collection;
import java.util.Iterator;

..
..

private boolean assignRoleToUser(String roleName, String userId) {

  UserDirectory userDirectory = getUserDirectory();
  DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
  DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);

  User user = (User)userPrincipal;

  Collection collection = userDirectory.getRoles();

  boolean status = false;

  Iterator iter = collection.iterator();
  while(iter.hasNext())
  {
    Object obj = iter.next();
    if(obj instanceof Role) {
      Role role = (Role)obj;
      if(roleName.equals( role.getName() ) && user!=null) {
        try {
          status = user.assignRole(role);    //will return true if the role was added otherwise false
        }
        catch (DirectoryModificationException e) {
       //handle exception
        }
        break;
      }
    }
  }
  return status;
}

    In the code above 'roleName' parameter is the name of the role to be assigned to the profile with the id as "userId". If you want to do the role assignment when creating the user, then you can do the things above in postCreateUser() so that you can get the Principal associated with the profile. For more information about the interfaces and classes used here, you can refer to the documentation of the API of the ATG.

    http://docs.Oracle.com/CD/E26180_01/platform.94/APIDoc/ATG/userDirectory/package-summary.html

  • Query with OIM 11 g role

    My administrator role when try to make a new application for respurce as:
    Applications-> Create queries-> others-> request becomes 'you are not allowed to increase demand for others. "

    When I go to the ROLE of XYZ-> Data Object permissions-> get the PERMISSION of ENTITY a lot.

    Can anyone say APPROVAL of the ENTITY should I apply to get rid of this message?

    Thank you
    J

    Proceed in the usual way:

    -Create a model application for your required use cases. example of a Role assign, Create User, provision of resources etc.
    -Assign to a specific role
    -Add your users to this role

    Note: This would automatically create a * political authorisation * to create the demand and you can see the operation required in ask for others. This is the ideal approach.

    You should be through.

    Thank you
    Sunny

  • Re-assign a different role to many users

    Hello

    I need to change the role assigned to a large number of users > 5000. I know that I can do this by using actions in bulk for example

    Command, User, Waveset.Roles
    Update, user1 | Remove | oldRole
    Update, user1 | Merge | newRole
    Update, user2 | Remove | oldRole
    Update, user2 | Merge | newRole

    However, this translates into two actions per user and therefore double the time required to process each user.

    Someone has a method, workflow etc. that will allow me to change a user's role, but only one task.

    Concerning
    Steve

    To get action by user, you can put the two changes on one line, i.e.:

    Command, User, Waveset.Roles, Waveset.Roles
    Update, user1 | List; Remove | oldRole | List; Merge | newRole
    Update, user2 | List; Remove | oldRole | List; Merge | newRole

  • Cannot assign a role

    Hi all

    SQL > select role, privilege of role_sys_privs where role = 'RESOURCE ';

    ROLE OF PRIVILEGE
    ------------------------------ ----------------------------------------
    CREATING CLUSTER RESOURCES
    CREATE SEQUENCE RESOURCES
    CREATE TRIGGER RESOURCES
    RESOURCES CREATE TABLE
    RESOURCE CREATE PROCEDURE
    CREATE TYPE RESOURCES
    OPERATOR TO CREATE RESOURCES
    CREATE INDEXTYPE RESOURCES

    8 selected lines.

    SQL > grant resources to ATG10Production;

    Grant succeeded.

    SQL > conn ATG10Production
    Enter the password:
    Connected.
    SQL > user sho
    The USER is 'ATG10PRODUCTION '.
    SQL > select * from session_roles;

    ROLE
    ------------------------------
    CONNECT

    I couldn't find the role of the RESOURCES granted to the user.

    What wrong with the statement.

    Thank you

    KRRISH... wrote:
    Hello

    It's working... but only the current role is read.

    SQL > conn ATG10Production
    Enter the password:
    Connected.
    SQL > set the role resource
    2;

    Role play.

    SQL > select * from session_roles;

    ROLE
    ------------------------------
    RESOURCES

    What about the rest

    This is how it is supposed to work!

    What you want to achieve?

    If you want to activate all of the roles assigned to the user use

    alter user username default role all;

Maybe you are looking for

  • Icon of Wikipedias missing tab?

    Wikipedias icon isn't load in its tab, so far, it seems as if it was the only site that does this. last night the icon loaded fine on the https://www.wikipedia.org/ page, but nowhere on the site, but this morning it is more support there as well. Thi

  • Satellite P20 S203: what DVD player is picked up and compatible

    I have a P20 S203 the problem I'm having is to identify a replacement DVD (all), I transport but no drive. Can anyone point me in the right direction which readers will work.

  • C# insertion in Teststand steps

    Hi all. I have a few codes that are developed in c#, but I would like to insert these codes c# on Teststand sequencer like the sequence steps. And then run the test sequence. Kindly need experts to advise if it can be done this way. Thank you.

  • HP Envy 700 series: HP Envy 700 series splash screen freezes

    When I go to the boot screen, it is freezing up.  My mouse works but nothing responds.  I have to Ctrl, alt, delete to get out.

  • Scanner not recongised

    I am tring to get a HPscanjet 5590 to work. My wife is now with this scanner at home and she could not find the disk. I downloaded the software and driver from the HP site, and although the icon appears on the screen and work the first time when she