Access Policy  Vs Self Service triggered provisioning

Hello Everyone,
I wanted to know if there is any way to differentiate at the process definition level whether the provisioning process is triggered by Access Policy/direct OIM user create or a Self Service Request??
Thanks
N

There is a column in the table for the object instance database object that contains a link to the access policy object. You can break or create this link if you want or don't want resource to be revoked on "policy no longer applies".
I don't remeber exactly what the tables are called (OIU?). Perhaps someone else has this info easily available.
Best regards
/Martin

Similar Messages

  • Info About self service password provisioning

    Hi Guys ,
    Does any one got a chance to work on self service password provisioning in OIM 11gr2.??
    If yes ,Please share relevant docs related to same.

    Password expiry period = 90 days with warning of password expiration given to the user at least five (5) days but no more than ten (10) prior to expiry and at every logon during that time
    All Password Resets must be verified through a ‘closed loop’.  That is there must be verification to a service (e.g. eMail address or Phone Number) known only to the system and the user requesting the reset.  Changes should be notified to the User’s Administrator.
    Email should be sent to user on unsuccessful and successful password change .
    Your help would be highly appreciated .

  • How can we force the access policy to be re-triggered?

    Hello,
    I set up the access policy (AP) for the dbat connector (with Retrofit).  The AP was triggered correctly to give resource DBAT to the user.  When the user login changed, I called "Delete User" in the dbat connector and the resource is revoked from the user.
    My goal is for the AP to be triggered so that a new dbat account is created for the user with the username.
    However, the AP is not triggered again.  I tracked this by selecting the policy_eval_needed in the user_provisioning_attrs table (1 access policy will be re-evaluated, 0 AP not evaluated).
    Is there a way for me to force the AP to be re-evaluated?
    Thanks
    Khanh

    How are you triggering the Access policy Assignation?
    Hopefully ,if this is governed by the grant and revoke of role, you may first revoke the role for the account which is already revoked and grant the same role again.
    As the previous account was in revoked status, a new account would be provisioned for the DBAT connector. Grant and revoke of role can be done through the SElf Service UI or a custom scheduled task.
    Regards,
    Arvind

  • FIM Portal Self Service User Provision Frequency

    Hi All,
    I have a question about fim portal self service.If a user updates their AD attributes (i.e telephone number) in the portal, how long before it appears in AD? Presumably it's dependent on a management agent run profile? If so can this be automatically triggered?
    On the other hand, I assume automatic triggerring in a production environment is a bad idea due to load and frequency?
    thanks

    Hello,
    my shedule is currently not the optimal, best way should be:
    1: AD MA Import
    2: FIM MA Import
    3: AD delta sync
    4: FIM delta sync
    5: AD export & delta import (confirm)
    6: FIM export & delta import (confirm)
    I will also bring my shedules to this order in near future. Currently I am in the process to run imports and export in paralell to speed up things using PowerShell Jobs or Workflows.
    Regards
    Peter
    Peter Stapf - Doeres AG - My blog:
    JustIDM.wordpress.com

  • Problem with Access policy Provisioning on AD

    Hi,
    I have created an access policy, which will trigger the provisioning the user to AD when the user is added to group 'abc'.
    Its without approval.
    We have object form and process form. Process form is autosave.
    But, the problem is, as soon as the user is added to the group 'abc'.
    It triggers the provisioning flow. But the provisioning will be in ready state only.
    When we go and save the resource form only the provisioning flow triggers.
    If we make the object as auto save, it will work. But in our case we cannot make the object autosave as it has a resource form to be filled by user in other flow.
    Is there any approach to solve the issue?
    Regards,
    SK

    Hi Rajiv,
    So, there is no way we can implement this?
    My requirement is same as this,
    OIM: Question about "Auto Save" option on Resource Object
    I have a Resource Object that needs to be provisioned at least two ways:
    1) thru an access policy by group membership
    2) thru user self-request, who is not already in that group membership
    The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
    Is there a way to make both work on the same Resource Object?
    Thanks
    SK

  • Provision to target system via access policy

    I am attempting to provision to Active Directory via an access policy and membership rule in OIM11gR2.  I have a couple different issues associated with this process. 
    First,  I have a membership rule that works fine.  All members of a certain organization are automatically assigned a certain role.  My access policy is set to provision an AD account to any member that is assigned the same role from the membership rule.  This access policy does not seem to get triggered.  The access policy is set to run with no approval, retrofit access policy is enabled, and it is set as priority 1 with "revoke if no longer applies" checked.  It is also assigned the Active Directory Users process form.  I cannot determine why this access policy is not being triggered to provision the role members to AD.  I have manually run the Evaluate Users Policies several times with no affect. 
    I believe this may be happening because the default prepopulate adapters are not working or are not configured correctly.   The 5 mandatory fields each have a prepopulate adapter assigned to them with the Default rule.  Correct me if I am wrong, but I believe the mandatory fields user id, first name, last name, common name, and user principal name?  The Org name and IT Resource are set as static values within the access policy.  Can anyone assist me in determining (1) why the access policy is not working and (2) why the prepopulate adapters such as ADIDC Populate Form Field for User ID and ADIDC Prepopulate UserPrincipalName for User Principal Name are not working?  Is there additional configuration that must take place with these out-of-the box adapters so they know which values to populate?

    Just verify whether following are check in AD prcess Defn:
    Auto Save Form
    This check box is used to designate whether Oracle Identity Manager should suppress display of the custom form associated with this provisioning process or display it and allow a user to supply it with data each time the process is instantiated.If you select this check box, it designates that Oracle Identity Manager should automatically save the data in the custom process form without first displaying the form. If you select this checkbox, you must supply either system-defined data or ensure that an adapter is configured to populate the form with the required data (since the user will not be able to access the form).If you clear this check box, it designates that Oracle Identity Manager should display the custom process form and allow users to enter data into its fields.
    Auto Pre-Populate
    This check box designates whether the fields of a custom form that:
    Are associated with the process
    Contain fields that have pre-populated adapters attached to them
    Also, while running "Evaluate User Policy" , clear the old time stamp and populate it with current time. Sometime I have seen people are doing mistake.
    ~J

  • SAP GRC Compliant User Provisioning (CUP) Password Self Service

    Hello everyone,
    I am setting up Password Self Service within CUP.  For those users that do not already have access to the UME frontend, I know that I need to create a user ID in the UME frontend for each user so that they can access the Password Self Service option.  Since I only want the user to access the Password Self Service option, what UME role do I assign to them to ensure that they cannot access anything else within CUP?
    Thank you!
    Johonna

    Johonna,
    The 3 defined roles are only those suggested by SAP.
    You can create your own roles by assigning the various actions as needed to provide access or restrict as your organisation requires.
    However, depending on your patch level, you may find that certain actions are dependant on others to work properly.
    Also, you either grant access to the functionality or not. There is no partial or display only setting in the java stack.
    Enjoy!
    Simon

  • Access Policy is not getting trigggered after creation of user through GTC

    Hi,
    I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
    If anybody have any idea how to resolve this, please help me in this regards.
    Regards,
    Avijit

    Hi ,
    its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
    do post your results.......
    Regards.

  • Disable AD account with access policy

    Hi all,
    how can I disable AD account with access policy (or create AD account in disabled state)
    Regards,
    Vladimir

    Dewan.Rajiv wrote:
    Access Polcies are just for triggering provisioning. You can custom AD connector or write your own to create user in disabled state using JNDI.Hi Dewan,
    I have to create a simple demo system, and I need a solution which is not too weird (that means use as little of disparate technologies as possible).
    I have two connected systems:
    1. HR system, which is a trusted source for user and organizational data.
    2. AD system, which is my provision destination.
    I want to comply to the following requirements:
    1. When a user is created in HR system, a new OIM account shall be created, and a new AD account shall or shall not (depending on HR data) be created in AD in disabled state
    2. When a user is marked as dismissed in HR system, the AD account if exists, shall be disabled and moved to some special place in AD tree.
    3. Same rules shall apply if the OIM account is created or marked as "Dismissed" manually by OIM administrator.
    I use OIM reconciliation to get source data and it is no problem for me to create any reconciliation event I need.
    I was considering creating Group->Access Policy->Resource chains, but Access Policy allows only to manage AD attributes, not account enable status.
    Or should I add some unmapped pseudo-attribute to AD connector and a task which will enable/disable AD account based on the value of this attribute?
    What other options do I have?
    Regards,
    Vladimir

  • How to track a request id through an access policy in OIM

    lets say User-A requests a job role on behalf of User-B and this job role has a access policy attached to it, to provision the user to AD and SAP.
    Now we want an email sent to user-A (i.e the user-A who is responsible for job role assignment which made the access policy to trigger the provisioning of User-B to the SAP ) once User-B is provisioned to an Resource for the first time.

    You can find the personA usr_key from upp and upd table.
    In upp table it is Coulmn name UPP_UPDATEBY
    In upd table Coulmn name is UPD_CREATEBY
    and for the status check the coulmns (UPD_ALLOW_LIST,UPP_ALLOW_LIST)
    Thanks..
    Edited by: IDMuser19 on Sep 2, 2010 3:27 PM

  • CUP Password Self Service

    Hi,
    I have some problems with using the password self service.
    The user has answered the challenge response and is registered. After losing the password the user tries to access the password self service link. Therefore he has to login - why??? This doesn't makes at all, as the user lost his password! Did I miss a setting or did I misunderstood the functionality???
    Best regards,
    Christian

    Hi Christian,
    sure this authentication depends on the "Authentication" configuration, but I wouldn't change this data source as you probably had a reason for choosing a SAP system as data source.
    Following things I figured:
    - setting the Self-Service to "SAP HR" and configuring the "Disable Verification" to "Password Self-Service" will do exactly what you need: no authentication needed but verification by HR info types. This extra logon before the verification can be disabled like it was in 5.2
    Unfortunately you will need an HR system with data configured for all users using PSS
    - setting Self-Service to "Challenge Response", by setting the "Disable Verification" to "None" you can disable the questions but NOT the initial logon
    I can't really figure why this is working the opposite way for both types of password self-service. Let me know if you find a nice solution. Or did you open an OSS?
    Regards,
    Daniela

  • Do you prefer to interact with Verizon through our Self Service tools or our centers?

    Our research shows that customers appreciate the flexibility and access that our self service tools provicde and as such they often prefer to interact with us through our various self service tools
    How about you? 

    It depends on the task at hand. For repairs or troubles I often times will use the call centers or other means of communicating to perform a task. Otherwise, actions such as monifying account settings I tend to do online. More convenient that way.
    ========
    The first to bring me 1Gbps Fiber for $30/m wins!

  • OIM 11g AD Connector Access Policy Based Provisioning Issue

    Hi,
    I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    Running ISADAM
    Target Class = java.lang.String
    Running GETUSESSL
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attribute
    Running Set User Expiration Date
    Running ISADAM
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETPWDEXPIRESATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set Pwd Expires Attribute False
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running SETADDN
    [2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
    [2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
    [2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
    [2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
    [2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
    Database srever is running.
    Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
         at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
    Please, Help.
    Edited by: user13830503 on 19/7/2012 6:39

    2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    Make sure the lookup table exists and is spelled correctly in your process task.

  • Provision Entitlements using Access Policy in OIM & OIA

    Hi All,
    Access policies in OIM does not allow entitlements definition in it such as defining the AD Groups that needs to be attached to the account which would be provisioned on the target resource when the access policy gets triggered. These entitlements definition in OIM is taken care on the Process Form level, whereas in case of OIA the Provisioning polices allow entitlements definition according the resource type in the policy level. It would be of great help if you could help us in understanding how the import and export of access policy data between OIA and OIM would be feasible with these differences in place
    Appreciate any helpful pointer on this.
    Thanks,
    RPB
    Message was edited by: RPB25

    You can edit the Access Policy, select the Resource added-Provide more information, If it has a child table, you can add entitlement to it. you can also add entitlement while exporting OIA policies using accesspolicy api of OIM. But just chek after importing to OIM, the access policies order will be messed.
    sjit

  • Self Service Requests for OIM Access Policies

    In the absence of a Role Management product, is there a good way to enable OIM End User Self Service to process requests and approvals for OIM Access Policies or OIM Groups?
    Any suggestions are appreciated!
    KC

    Ultimately the group membership will trigger an access policy. The access policy assignment is the goal, the group assignment is the typical method to assign the access policy to the user.
    When creating a dummy resource, I assume that resource would have a lookup on the form to select the group name. Is this what you are suggesting?
    KC

Maybe you are looking for

  • Getting "licensing for this product has expired" message after reinstalling CS6

    I recently upgraded my operating system on the same computer from Windows 7 32-bit to Windows 7 64-bit. This of course meant I had to do a clean reinstall of all my software. When I reinstalled Photoshop CS6, I got an error "licensing for this produc

  • Why wont my ipod charge?

    i mean it will turn on but it keeps coming up with 20% left. i have reset it, i have bought a new charger, and yet i still dont know whats wrong with it

  • Need to implement Digital signature

    Hi, We are trying to implement digital signature for the client. As per the requirement ,Digitally signed document will be sent to the statutory bodies. Please guide me how to implement digital signature in SAP with smart card stored private key ,sin

  • IP/VC 3540 MCU: How to eliminate the local image on the local endpoints?

    FACT: When creating a multipoint call using an MCU, the local image has been sent to the local endpoint which may result a slow connection since the video packet were sent to the origin. QUESTIONS: 1. How can we prevent the local image to be sent to

  • HT4623 help with upgrading iphone 3 or 3g software

    i have the iphone 3g or 3 when i try to update in itunes the software from4.2 to get latest software it says i have the latest update but i know thats not right. i am trying to download facebook app and it wont allow as it says i need to upgrade the