11g R2: Role creation using API

Similar Messages

• Role Creation using CAT Scripts

  Hi,
  Step by step procedure needed.
  I need role creation using scripts(SECATT),org values that needs to maintain
  is full authorization.
  pls help me.
  ram

  Hi Ram,
  There is a SECATT tutorial here: http://www.*********************/tutorials/secatt_user_create.html
  If you learn that & the principles associated with SECATT then you can apply that to creating and populating roles.
  In my opinion SCAT is much easier to use, though less flexible,

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .

• Supplier creation using APIs in R12 (Urgent)

  Hi All,
  I will be working on supplier interface in Payables of R12 version.i would like to use the below APIs
  1.AP_VENDOR_PUB_PKG.create_Vendor
  2.AP_VENDOR_PUB_PKG.Create_Vendor_Site
  3.AP_VENDOR_PUB_PKG.Create_Vendor_Contact
  for above APIs what are the mandatory fields/columns to use the suppler creation, suppler site creation and contact details creation.
  so that i can ask the client to provide the mandatory fields.
  when we use APIs to create suppler what are the tables get effected in R12 version.
  I have created supplier from front-end, i have given bank related information. when i query AP_SUPPLIERS Table, i have not see the BANK ACCOUNT related information in AP_SUPPLIERS TABLE. where can i see/find the bank related information for suppliers.
  please help me to sort out this issue.
  Thanks.

  Suppliers in R12 are included within the TCA.
  Supplier Banks will now be categorized as Parties. You may validate it by checking that the bank information you have loaded into IBY_EXT_BANK_ACCOUNTS would also get loaded into HZ_PARTIES.
  Bank address information will be a part of the Party Site.
  Bank Site and Location information will have to be loaded into HZ_PATRY_SITES and HZ_LOCATIONS. For that, you will have to use the TCA APIs hz_party_site_v2pub.create_party_site and hz_location_v2pub.create_location
  Regards,

• Role Creation using SCAT-Urgent.....

  Hi All,
  I got a spread sheet with roles and transactions to be included in each role.Can anyone let me know how to Map this transactions to roles using SCATT?Please explain in a procedure which would be helpfull to me.Points will be rewarded to the answers.
  Regards
  Krishna

  Hi Krishna,
  If yor are just asking about running a script, than follow the steps below:
  -Open the file, with excel and edit the data as per the requirement, and save the text file
  -To execute the test case using the external variant from file, from the initial CATT screen, enter the test case name and choose Execute.
  In the field Variants, select External from file and choose Choose. Select the file created above, and choose Open. Under Processing mode, select Errors, and choose Execute.
  Note: When you use this method, the file must be imported each time the test case is executed (file remains only on PC).
  If you are very new to CATT script, than use browse the link below:
  http://www.*********************/tutorials/scat.htm
  Hope it helps.
  Please award points if it is useful.
  Thanks & Regards,
  Santosh

• Custom role creation using secatt

  hi sap peers!
  can somebody tell me if it is possible to create custom roles using secatt or catt script.
  if it is possible then how to do it.
  thanks

  Hi,
  I hope This could help you.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/2a/121e3bd711bb04e10000000a114084/frameset.htm
  You can find the eCATT Tutorial in the above link.
  Cheers
  Soma
  Message was edited by:
          soma pradeep

• How to obtain Role name in OIM 11g using API's

  Hello,
  I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
  get deleted from AD.I have written postprocess event handler to achieve this.
  In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
  not able to get role name.
  Is there a way to get role name while deleting roles using API ?
  Thanks,
  Rahul Shah

  Hi Raghav,
  Following is my code :
  tcRODetails = orgOpInterface.getObjects(organizationKey);
  for(int i = 0;i < tcRODetails.getRowCount();i++){
  tcRODetails.goToRow(i);
  // resourceName=AD Group
  if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
  System.out.println("<<<FOUND>>>");
  processKey = tcRODetails.getLongValue("Process Instance.Key");
  provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
  tcProcessSet = oimFormUtility.getProcessFormData(processKey);
  for(int j=0;j<tcProcessSet.getRowCount();j++){
  tcProcessSet.goToRow(j);
  if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
  System.out.println("MATCH FOUND!!!!!");
  orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
  break;
  & i get following error :
  <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
  Thanks
  Rahul Shah

• Creation of a Request in OIM 11G using API's

  Hi Friends,
  I am trying to create a request using OIM 11g API's.
  I am trying to do this for EBS Responsibility resource and this resource has a request dataset has EBS-IT-Resource-Instance, application name, responsibility name, start date and security group. Please note application name, responsibility name, start date and security group are in child form.
  I am trying to populate the request dataset using the below code.
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entity = new RequestBeneficiaryEntity();
  tcITResourceInstanceOperationsIntf tcITResourceIntf = Platform.getService(tcITResourceInstanceOperationsIntf.class);
  HashMap searchcriteria = new HashMap<String, String>();
  searchcriteria.put("IT Resources.Name", "EBSHF-APPS12");
  tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);
  long itResourceKey=resultSet.getLongValue("IT Resources.Key");
  entityAttrList.add(this.getAttrLong("eBusiness Suite Instance Name",itResourceKey));
  entityAttrList.add(this.getAttr("Application Name","3~300"));
  entityAttrList.add(this.getAttr("Responsibility Name", "3~300~52281"));
  entityAttrList.add(this.getAttr("Security Group", "3~0"));
  entity.setEntityKey(getResourceKey("Oracle eBusiness Responsibility"));
  entity.setEntityType(RequestConstants.RESOURCE);
  entity.setEntitySubType("Oracle eBusiness Responsibility");
  entity.setEntityData(entityAttrList);
  private RequestBeneficiaryEntityAttribute getAttr(String name, String value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.String);
  return attr;
  private RequestBeneficiaryEntityAttribute getAttrLong(String name, long value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.Long);
  return attr;
  My code is working fine and a request is getting created. But when I try to open the request dataset(object form) for the newly created request, I am getting null exceptions.
  If I did not populate the fields that are in the child form application name, responsibility name and security group which are highlighted above, then I am able to view the form with the correct IT-Resource-Instance name after request creation.
  So, I am thinking I am doing something wrong while populating child form data in the request dataset.
  Can you please provide me some code snippet to populate the child using 11G API'S?

  Hi Bikash,
  After referring your code, i made changes in mine. Here is my updated code.
  RequestBeneficiaryEntityAttribute parantAttr=null;
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entity = new RequestBeneficiaryEntity();
  parantAttr=this.getAttrLong("eBusiness Suite Instance Name", itResourceKey);
  RequestBeneficiaryEntityAttribute mid1 = new RequestBeneficiaryEntityAttribute();
  List <RequestBeneficiaryEntityAttribute> childAttributesList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  childAttributesList.add(this.getAttr("Application Name", "3~555"));
  childAttributesList.add(this.getAttr("Responsibility Name", "3~555~22862"));
  childAttributesList.add(this.getAttr("Security Group", "3~0"));
  mid1.setChildAttributes(childAttributesList);
  mid1.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entityAttrList.add(parantAttr);
  entityAttrList.add(mid1);
  But when I try to run this, it is getting failed saying "RequestServiceException: IAM-2050033:Invalid attribute name null. No corresponding reference was found in the data set ProvisionResourceOracle eBusiness Responsibility".
  Here is my request data set for your reference.
  <AttributeReference name="eBusiness Suite Instance Name" attr-ref="eBusiness Suite Instance Name" type="Long" length="50" widget="itresource-lookup" required="true" available-in-bulk="true" itresource-type="eBusiness Suite UM"/>
  <AttributeReference available-in-bulk="true" length="10" widget="text" type="String" attr-ref="UD_EBH_RSCP" name="EBS HR Foundation User Responsibilities">
  <AttributeReference name="Application Name" attr-ref="Application Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Responsibility Name" attr-ref="Responsibility Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true" primary="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and lkv_encoded like concat('$Form data.Application Name','~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Security Group" attr-ref="Security Group" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.SecurityGroup' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  I am not sure why it is not referencing to the attribute. In your blog, it is saying your code is to set process form. But i am trying to create a request using API's. so, I need some code snippet to populate request dataset. Do you think, this will serve both?
  Thanks for your help.

• Trying to create Organization in OIM 11g R2 using API

  Hi All,
  I am trying to create Organization in OIM 11g R2 using API's. I able to create a organization with attributes Organization Name and Organization Customer Type but when i am trying to add Parent Organization Name it is throwing me the following error
  Caused by: oracle.iam.platform.entitymgr.UnknownAttributeException: Organization : [Parent Organization Name]
  any help in this regard will be helpful....
  Thanks

  Yes i do have the org with act_key 27
  I have done that changes...still it is throwing the same error
  Exception in thread "main" oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy2.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManagerDelegate.create(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.security.Security.runAs(Security.java:41)
       at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
       at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
       at $Proxy3.create(Unknown Source)
       at oracle.iam.ui.custom.Class1.main(Class1.java:108)
  Caused by: oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:318)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy333.create(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManagerEJB.createx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy331.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused by: oracle.iam.platform.kernel.ValidationFailedException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:337)
       at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:372)
       at oracle.iam.identity.utils.Utils.checkAllowedAttributes(Utils.java:2523)
       at oracle.iam.identity.orgmgmt.impl.handlers.create.CreateOrganizationValidationHandler.validate(CreateOrganizationValidationHandler.java:102)
       at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:258)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:203)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:699)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:547)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:485)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:403)
       at sun.reflect.GeneratedMethodAccessor1171.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy251.orchestrate(Unknown Source)
       at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:306)
       ... 46 more

• Direct provisioing using API in OIM 11g

  Hi Experts,
  I am facing couple of issues.
  *1)* I am trying to provision a resource direcly using API's in OIM 11g. Here I do not have any object form for this resource but I have a process form with some pre-population adapters.
  And I am trying to use the below code for direct provisioining.
  Hashtable objectHash = new Hashtable();
  objectHash.put("Objects.Name", objectName);
  tcResultSet objectResultSet = objIntf.findObjects(objectHash);
  long objectKey = objectResultSet.getLongValue("Objects.Key");
  com.thortech.xl.vo.ResourceData data = userIntf.provisionResource(userKey, objectKey);
  long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
  long objectInstanceKey = Long.parseLong(data.getObiKey());
  And I am getting nulls for the attributes userObjectInstanceKey & objectInstanceKey .
  Please let me know how to provision a resource which has no object form but has some pre-population adapters using API .
  *2)* I am trying to provision a resource direcly using API's in OIM 11g. Here I do have an object form for this resource which has one of the attribute as of type lookup.
  ResourceData data = userIntf.provisionResource(userKey, resourceKey);
  long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
  long objectInstanceKey = Long.parseLong(data.getObiKey());
  Hashtable objectHash = new Hashtable();
  objectHash.put("UD_ADGROUP_NAME",groupName);
  In this case I am getting objectInstanceKey properly but it is not seeting lookup field value but it is setting all other fields on the object form correctly.
  How to set a field of type lookup on the object form while provisioing a resource directly using API's.
  Thanks a lot for your help.

  947670 wrote:
  Hi Pallavi,
  I am not populating any object form. I am trying for direct provisioning a resource thru OIM API's.
  Hence, I need populate all of the process form fields inorder to skip the approval flow. So, I was using setProcessFormData method.
  Here is what happening.
  1) My resource has a request dataset which has only one field called "Group Name".
  2) My resource has a process form with the fields name UD_GROUP_NAME, UD_GROUP_DESCRIPTION, UD_GROUP_OWNER.
  3) When I use the below code, I was able to populate the fields UD_GROUP_DESCRIPTION, UD_GROUP_OWNER (Because pre-populate adapters are getting invoked) as they did not exist on the request data.
  tcFormInstanceOperationsIntf formInstanceOps=Platform.getService(tcFormInstanceOperationsIntf.class);
  ResourceData data = userIntf.provisionResource(userKey, resourceKey);
  long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
  long objectInstanceKey = Long.parseLong(data.getObiKey());
  Hashtable objectHash = new Hashtable();
  objectHash.put("*UD_ADGROUP_NAME*",groupName);
  formInstanceOps.setProcessFormData(objectInstanceKey, objectHash);
  4) I am having this issue only with the fields that are exist on the request dataset. Since, UD_GROUP_NAME exist on the request dataset, even if I try to set some value in the process form, it is not taking.
  Using API's, I am not able to populate any of the attributes on the process form that are exist on the request dataset.
  How to solve this issue.1. Check the process form field name.
  2. Use tcUserOperationsIntfAPI Method provisionObject(userKey,ObjectKey)
  userIntf.provisionObject(userKey, objectKey);
  3. Get the process-instance key.
  tcResultSet objResultSet = userIntf.getObjects(userKey);
                 int objCount = objResultSet.getRowCount();
                 for (int count = 0; count < objCount; count++) {
                      objResultSet.goToRow(count);
                      if (objResultSet.getStringValue("Objects.Name").equalsIgnoreCase(resourceObjectName)){
                           processInstanceKey = objResultSet.getLongValue("Process Instance.Key");
  4. Use tcFormInstanceOperationsIntf API method setProcesFormData(processInstanceKey,dataMap)
  Hope this helps you.

• Need Sample Code for Vendor creation using JAVA API

  Hi,
  I have a scenario like Vendor creation using <b>Java API</b>.
  1.I have Vendors (Main) Table.
  2.I have <b>look up</b> tables like Account Group.
  3.Also <b>Qualifier table</b>(Phone numbers) too.
  Could you please give me the sample code which helps me to create Vendor records using Java API?
  <b>I need Code samples which should cover all of the above scenario.</b>
  <b>Marks will be given for the relevent answers.</b>
  Best Regards
  PK Devaraj

  Hi Devraj,
  I hope the below code might solve all your problem:-
  //Adding Qualified field
  //Creating empty record in Qualifed table 
  //Adding No Qualifiers
  Record qualified_record = RecordFactory.createEmptyRecord(new TableId(<TableId>));
  try {
  qualified_record.setFieldValue(new FieldId(<fieldId of NoQualifier), new StringValue(<StringValue>));//Adding No Qualifier
  catch (IllegalArgumentException e2) {
  // TODO Auto-generated catch block
  e2.printStackTrace();
  catch (MdmValueTypeException e2) {
  // TODO Auto-generated catch block
  e2.printStackTrace();
  //Creating Record in Qualified table
  CreateRecordCommand create_command = new CreateRecordCommand(connections);
  create_command.setSession(sessionId);
  create_command.setRecord(qualified_record);
  try
  create_command.execute();
  catch(Exception e)
  System.out.println(e.toString());
  RecordId record_id = create_command.getRecord().getId();
  //Adding the new record to Qualifed Lookup value and setting the Yes Qualifiers
  QualifiedLookupValue lookup_value = new QualifiedLookupValue();
  int link = lookup_value.createQualifiedLink(new QualifiedLinkValue(record_id));
  //Adding Yes Qualifiers
  lookup_value.setQualifierFieldValue(0 , new FieldId(<FieldID of Yes Qualifier>) , new StringValue(<StringValue>));
  //Now adding LookUP values
  //Fetch the RecordID of the value selected by user using the following function
  public RecordId getRecordID(ConnectionPool connections , String sessionID , String value , String Fieldid , String tableid)
  ResultDefinition rsd = new ResultDefinition(new TableId(tableid));
  rsd.addSelectField(new FieldId(Fieldid));
  StringValue [] val = new StringValue[1];
  val[0] = new StringValue(value);
  RetrieveRecordsByValueCommand val_command = new RetrieveRecordsByValueCommand(connections);
  val_command.setSession(sessionID);
  val_command.setResultDefinition(rsd);
  val_command.setFieldId(new FieldId(Fieldid));
  val_command.setFieldValues(val);
  try
       val_command.execute();
  catch(Exception e)
  RecordResultSet result_set = val_command.getRecords();
  RecordId id = null;
  if(result_set.getCount()>0)
       for(int i = 0 ; i < result_set.getCount() ; i++)
       id = result_set.getRecord(i).getId();     
  return id;
  //Finally creating the record in Main table
  com.sap.mdm.data.Record empty_record = RecordFactory.createEmptyRecord(new TableId("T1"));
  try {
       empty_record.setFieldValue(new FieldId(<FieldId of text field in Main table>),new StringValue(<StringValue>));
       empty_record.setFieldValue(new FieldId(<FieldId of lookup field in Main table>), new LookupValue(<RecordID of the value retrieved using the above getRecordID function>));
  empty_record.setFieldValue(new FieldId(<FieldId of Qualified field in Main table>), new QualifiedLookupValue(<lookup_value>));//QualifiedLookUp  value Retrieved above
  } catch (IllegalArgumentException e1) {
  // TODO Auto-generated catch block
       e1.printStackTrace();
  } catch (MdmValueTypeException e1) {
       // TODO Auto-generated catch block
       e1.printStackTrace();
  //Actually creating the record in Main table
  CreateRecordCommand create_main_command = new CreateRecordCommand(connections);
  create_main_command.setSession(sessionId);
  create_main_command.setRecord(empty_record);
  try
       create_main_command.execute();
  catch(Exception e)
       System.out.println(e.toString());
  Thanks
  Namrata

• Created Role responsibility using TCA API but couldn't view it from Forms

  Hi All,
  Created Role responsibilities using HZ_CUST_ACCOUNT_ROLE_V2PUB.create_role_responsibility. API returned responsibility_id and I could check record in HZ_ROLE_RESPONSIBULITY table. But when I view it from Contact Roles screen, No value but If I click on the field then value appears on screen.
  I am setting below values. Can you please share your thoughts on it.
  l_role_responsibility_rec_type.cust_account_role_id:=335599;
  l_role_responsibility_rec_type.responsibility_type:='DELIVER_TO';
  l_role_responsibility_rec_type.created_by_module:='API_V2';
  HZ_CUST_ACCOUNT_ROLE_V2PUB.create_role_responsibility (
  p_init_msg_list => FND_API.G_TRUE,
  p_role_responsibility_rec => l_role_responsibility_rec_type,
  x_responsibility_id=> x_resp_id,
  x_return_status =>x_return_status,
  x_msg_count =>x_msg_count,
  x_msg_data => x_msg_data
  Thanks
  Vara

  Add the following java script in the submit button click event
                       var cURL = enter the WSDL url generated
       var service = SOAP.connect(cURL);
       xfa.connectionSet.DataConnection.execute(0);

• Create Roles and Permissions using API

  Hello,
  I'm new to Java and I'm trying to create Roles and Permissions in LiveCycle using API's. Can someone please check and correct my code below?
              //Create a ServiceClientFactory object
              ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
              // Create an AuthorizationManagerServiceClient object
              AuthorizationManagerServiceClient amClient = new AuthorizationManagerServiceClient(myFactory);
              RoleImpl ri = new RoleImpl();
              ri.setName("Test ES Role");
              ri.setDescription("Test Role via API");
              ri.setMutableStatus(true);
              amClient.createRole(ri);
  Executing the above code throws exception as below;
  com.adobe.idp.um.api.UMException| [com.adobe.livecycle.usermanager.client.AuthorizationManagerServiceClient] errorCode:16385 errorCodeHEX:0x4001 message:Exception thrown is NOT a DSCException : UnExpected From DSC chainedException:java.lang.IllegalStateExceptionchainedExceptionMessage:null chainedException trace:java.lang.IllegalStateException
            at com.adobe.idp.dsc.clientsdk.ServiceClientFactory$1.handleThrowable(ServiceClientFactory.j ava:72)
            at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:220)
            at com.adobe.livecycle.usermanager.client.AuthorizationManagerServiceClient.createRole(Autho rizationManagerServiceClient.java:159)
            at com.adobe.lc.ManageRolesAndPermissions.main(ManageRolesAndPermissions.java:70)
  Caused by: java.lang.NoClassDefFoundError: javax.ejb.EJBException
            at com.adobe.idp.dsc.clientsdk.ServiceClientFactory.evaluateMessageDispatcher(ServiceClientF actory.java:595)
            at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:215)
            ... 2 more
  Caused by: java.lang.ClassNotFoundException: javax.ejb.EJBException
  Thank you,
  Sandeep

  Mahesh,
  Refer to your other thread ..
  API to create new items in inventory
  API to create new items in  inventory
  Regards,
  Hussein

• Disable the buttons for creation using PFCG roles

  Hi SAP Experts,
     How to disable the buttons for creation using PFCG roles?
  Regards,
  Jaya

  Hi,
  u have to write the code in <b>at selection-screen output</b> event
  AT SELECTION-SCREEN OUTPUT.
    LOOP AT SCREEN.
      IF  <b>P_PRINT</b> = 'X'.  " this is radiobutton
        IF screen-name = 'P_RANGE'.
          SCREEN-INPUT = 0.
        ENDIF.
        modify screen.
      ELSE.
        IF screen-name = 'S_LFDAT-LOW'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_LFDAT-HIGH'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_WERKS-LOW'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_WERKS-HIGH'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'P_LIFNR'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_BUKRS'.
          SCREEN-INPUT = 0.
        ENDIF.
        modify screen.
      ENDIF.
    ENDLOOP.
  Hope it helps.
  Regards,
  Sonika

• Create a Participant and assign roles using API (outside the process)

  I want to create a participant in the BPM directory using API, which I believe is available in the fuegopapi-client.jar file. What is missing is a sample or documentation for that API. PAPI Javadocs found on the web don't cover the rest of the API available in the mentioned jar file.
  There are examples of how to do this within a process, but not outside the context of the process. Any references to documentation or samples, you may have come across is greatly appreciated. I have not had success in finding anything on this forum and the web. Thanks.

  Hope it helps
       private void openSesionDFI() throws ProtocolNotSupportedException, AuthenticationException {
            if (directorySessionRol==null){
                           DirectoryConfigurationManager.getRuntime().setPropertiesFileName(props.getProperty("fuego.custom.replication.config.directoryFile").trim());
  Directory.DEFAULT_ENGINE_PRESET);
                           DirectoryPassport directoryPassport = DirectoryPassport.createWithIDAndPreset(props.getProperty("fuego.custom.replication.config.directoryId").trim(), props.getProperty("fuego.custom.replication.config.preset").trim());
                                if (directoryPassport == null)
                                     throw new RuntimeException("Invalid directory passport for FDI");
                                System.out.println("openSesionDFI: " +directoryPassport.getUrl());
                                directoryPassport.fillPassport();          
                                directorySessionRol = Directory.startAdminSession(directoryPassport);
            System.out.println("openSesionDFI: " +"fin");
       }