Argentina missing?: User Administration- Create User- Contact Information

Similar Messages

• Grant privileges and permission to user, to create user and database in 10g

  Hi,
  I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
  Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
  Is there a way where I could achieve this by explicitly granting the required privileges and permissions

  You may need to know all the views to get the privilege information.
  SQL> conn /as sysdba
  SQL> select table_name from dict where table_name like '%PRIV%';
  And also, take a look into below Oracle Documentations.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
  Regards,
  Sabdar Syed.

• Creating a user with "create user" privilege using PL/SQL?

  I have managed to use the PL/SQL DBMS_LDAP package to create and modify OID users (DBMS_LDAP.add_s and DBMS_LDAP.modify_s).
  The question is: How can I use DBMS_LDAP to assign privileges to OID users? By "privileges" I mean options like the following (i.e. the options you can enable/disable for any OID user if you login to OIDDAS and click the "privileges" button for a particular user):
  Allow user creation
  Allow user editing
  Allow user deletion
  Allow group creation
  Allow group editing
  Allow group deletion
  Allow privilege assignment to users
  Allow privilege assignment to groups
  Andy

  Solution found.
  In case anyone comes back to this thread in the future looking to achieve a similar thing: Metalink 205315.1 contains details.

• OIM 11GR2 - mechanism for restoring default adf user forms - create user

  Hi All
  Our developers has pubkished multiple OIM sandbox and create user form is broken
  : the user creation form does not appear - only a html <div> tag .
  The developer reverted the form using the em/console - then he ran the catalog sync job but all he can acheive is a blank form not the original user create forms
  How do we restore the forms to thier original state.
  Thanks

  Not sure if this helps. But try these steps mentioned in the developer's guide. Once I did some UI customization in identity console and could not load my page after that. I followed these steps and was successfully able to restore it back. You can give a try and in step 6 try to select some known sandbox name which did not have any issues.
  1. Login to Oracle Enterprise Manager.
  2. In Application Deployments, select oracle.iam.ui.console.self-service.ear.
  3. On the top-right of the page, select Application Deployment, and then select MDS Configuration from the list.
  4. At the bottom of the screen, select Runtime MBean Browser under the Advanced Configuration section. The right side of the screen refreshes.
  5. Click the Operations tab.
  6. Scroll down and identify the listMetadataLabels MBean operation and invoke it. Select the MBean operation that does not take any parameters. Select the sandbox precreate that you want to restore, and copy it to the clipboard.
  For example, the value you copy can be similar to: Creation_IdM_test_09:25:00.
  7. Click Return to go back to the Operation tab.
  8. Find the promoteMetadataLabel MBean operation.
  9. Invoke the promoteMetadataLabel MBean operation, and enter the value that you copied in step 6.
  10. Restart Oracle Identity Manager.

• Authorize Users to Create ONLY Contact Person Details in a BP Account.

  Hello,
  I have an issue with respect to Authorization in CRM WebUI.
  Issue:-
  A User (end-user) depending on his role (Role A Assigned in SU01) should not be allowed to edit any account details except CONTACT Block Details, i.e. the respective user should be able to edit/create only the contact block details.
  The standard Authorization Groups CRM_BPROLE & B_BUPA_RLT are set with the folliowing values:-
  ROLE A
  1) BPTYPE = 000000, BUP003
      ACTVT = '  '
  2) BPTYPE = BUP001, BUP002, CRM000
      ACTVT   = 1,2,3
  *Analysis & implementation *
  I have created a Z BADI implementation of BADI in the method IF_UIU_BP_AUTHORITY~CHECK_EDIT.
  Commented the code from Ossnote 1259940 and wrote a simple code to give no/full authorization depending on parameter
  IV_APPLICATION_NAME.
  IF iv_application_name = cl_crm_ic_bp_constants=>gc_cp_create or
      iv_application_name = cl_crm_ic_bp_constants=>gc_cp_edit.
      cv_not_allowed = abap_false.
  ELSE.
      cv_not_allowed = abap_true.
  ENDIF.
  RESULT
  The test results are -
  either the user gets to edit the complete BP account (incl. CP) or
  he gets no authority to edit any BP details (incl. CP).
  What I want is->
  Though the user CANNOT edit the complete BP account details, he should be able to EDIT/CREATE Contact Details.
  Now i need help from you all to suggest me on how to achieve it.
  One option is - Take away the complete authority from the user and give only authority on CONACT PERSON block.
  But for this I need to know how do we create authorizations on block levels.
  Any Help/Tip would be appreciated.
  Thanks
  Dedeepya

  Dedeepya reddy,
  I just wanted to say thanks for coming back, and giving the solution you used.
  It is helpful to anyone who may want to perform a similiar thing.  If you didn't do that they would be just as lost!
  I appreciate that people provide solutions when they ask questions that way it can further the help for others.
  Again thank you.

• As a Hyperion Admin how to track changes if one user changes / creates user

  1) in Hyperion how Admin can find if one user
  Password resets logged.
  2)In hyperion how Admin an fine if one user
  Creation, change and deletion of User accounts logged.

  Shared Services allows the auditing of provisioning and life-cycle management activities to track changes to security objects and the artifacts that are exported or imported using Lifecycle Management Utility.
  For Shared Services auditing, refer Page 129 of http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security.pdf
  Planning Administrators can select aspects of the application for change tracking. For example, you can track changes to metadata, such as when users change a member property or add a currency. You can also track changes in data forms, business rules, workflow, users, access permissions, and so on.
  For Planning auditing, refer Page 56 of http://download.oracle.com/docs/cd/E12825_01/epm.111/hp_admin.pdf
  HTH-
  Jasmine.

• Bulk Create Users from CSV: Error: "Put": "There is no such object on the server."?

  Hi,
  I'm using the below PowerShell script, by @hicannl which I found on the MS site, for bulk creating users from a CSV file.
  I've had to edit it a bit, adding some additional user fields, and removing others, and changing the sAMAccount name from first initial + lastname, to firstname.lastname. However now when I run it, I get an error saying:
  "[ERROR]     Oops, something went wrong: The following exception occurred while retrieving member "Put": "There is no such object on the server."
  The account is created in the default OU, with the correct firstname.lastname format, but then it seems to error at setting the "Set an ExtensionAttribute" section. However I can't see why!
  Any help would be appreciated!
  # ERROR REPORTING ALL
  Set-StrictMode -Version latest
  # LOAD ASSEMBLIES AND MODULES
  Try
  Import-Module ActiveDirectory -ErrorAction Stop
  Catch
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
  Exit 1
  #STATIC VARIABLES
  $path = Split-Path -parent $MyInvocation.MyCommand.Definition
  $newpath = $path + "\import_create_ad_users_test.csv"
  $log = $path + "\create_ad_users.log"
  $date = Get-Date
  $addn = (Get-ADDomain).DistinguishedName
  $dnsroot = (Get-ADDomain).DNSRoot
  $i = 1
  $server = "localserver.ourdomain.net"
  #START FUNCTIONS
  Function Start-Commands
  Create-Users
  Function Create-Users
  "Processing started (on " + $date + "): " | Out-File $log -append
  "--------------------------------------------" | Out-File $log -append
  Import-CSV $newpath | ForEach-Object {
  If (($_.Implement.ToLower()) -eq "yes")
  If (($_.GivenName -eq "") -Or ($_.LastName -eq ""))
  Write-Host "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n"
  "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n" | Out-File $log -append
  Else
  # Set the target OU
  $location = $_.TargetOU + ",$($addn)"
  # Set the Enabled and PasswordNeverExpires properties
  If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
  If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
  If (($_.ChangePasswordAtLogon.ToLower()) -eq "true") { $changepassword = $True } Else { $changepassword = $False }
  # A check for the country, because those were full names and need
  # to be land codes in order for AD to accept them. I used Netherlands
  # as example
  If($_.Country -eq "Netherlands")
  $_.Country = "NL"
  ElseIf ($_.Country -eq "Austria")
  $_.Country = "AT"
  ElseIf ($_.Country -eq "Australia")
  $_.Country = "AU"
  ElseIf ($_.Country -eq "United States")
  $_.Country = "US"
  ElseIf ($_.Country -eq "Germany")
  $_.Country = "DE"
  ElseIf ($_.Country -eq "Italy")
  $_.Country = "IT"
  Else
  $_.Country = ""
  # Replace dots / points (.) in names, because AD will error when a
  # name ends with a dot (and it looks cleaner as well)
  $replace = $_.Lastname.Replace(".","")
  $lastname = $replace
  # Create sAMAccountName according to this 'naming convention':
  # <FirstName>"."<LastName> for example
  # joe.bloggs
  $sam = $_.GivenName.ToLower() + "." + $lastname.ToLower()
  Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" -Server $server }
  Catch { }
  If(!$exists)
  # Set all variables according to the table names in the Excel
  # sheet / import CSV. The names can differ in every project, but
  # if the names change, make sure to change it below as well.
  $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
  Try
  Write-Host "[INFO]`t Creating user : $($sam)"
  "[INFO]`t Creating user : $($sam)" | Out-File $log -append
  New-ADUser $sam -GivenName $_.GivenName `
  -Surname $_.LastName -DisplayName ($_.LastName + ", " + $_.GivenName) `
  -StreetAddress $_.StreetAddress -City $_.City `
  -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
  -Company $_.Company -Department $_.Department `
  -Title $_.Title -AccountPassword $setpass `
  -PasswordNeverExpires $expires -Enabled $enabled `
  -ChangePasswordAtLogon $changepassword -server $server
  Write-Host "[INFO]`t Created new user : $($sam)"
  "[INFO]`t Created new user : $($sam)" | Out-File $log -append
  $dn = (Get-ADUser $sam).DistinguishedName
  # Set an ExtensionAttribute
  If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
  $ext = [ADSI]"LDAP://$dn"
  $ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
  Try { $ext.SetInfo() }
  Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
  # Move the user to the OU ($location) you set above. If you don't
  # want to move the user(s) and just create them in the global Users
  # OU, comment the string below
  If ([adsi]::Exists("LDAP://$($location)"))
  Move-ADObject -Identity $dn -TargetPath $location
  Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
  "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
  Else
  Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
  "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
  # Rename the object to a good looking name (otherwise you see
  # the 'ugly' shortened sAMAccountNames as a name in AD. This
  # can't be set right away (as sAMAccountName) due to the 20
  # character restriction
  $newdn = (Get-ADUser $sam).DistinguishedName
  Rename-ADObject -Identity $newdn -NewName ($_.LastName + ", " + $_.GivenName)
  Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
  "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
  Catch
  Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
  Else
  Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
  "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
  Else
  Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
  "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
  $i++
  "--------------------------------------------" + "`r`n" | Out-File $log -append
  Write-Host "STARTED SCRIPT`r`n"
  Start-Commands
  Write-Host "STOPPED SCRIPT"

  Here is one I have used.  It can be easily updated to accommodate many needs.
  function New-RandomPassword{
  $pwdlength = 10
  $bytes = [byte[]][byte]1
  $pwd=[string]""
  $rng=New-Object System.Security.Cryptography.RNGCryptoServiceProvider
  while (!(($PWD -cmatch "[a-z]") -and ($PWD -cmatch "[A-Z]") -and ($PWD -match "[0-9]"))){
  $pwd=""
  for($i=1;$i -le $pwdlength;$i++){
  $rng.getbytes($bytes)
  $rnd = $bytes[0] -as [int]
  $int = ($rnd % 74) + 48
  $chr = $int -as [char]
  $pwd = $pwd + $chr
  $pwd
  function AddUser{
  Param(
  [Parameter(Mandatory=$true)]
  [object]$user
  $pwd=New-RandomPassword
  $random=Get-Random -minimum 100 -maximum 999
  $surname="$($user.Lastname)$random"
  $samaccountname="$($_.Firstname.Substring(0,1))$surname"
  $userprops=@{
  Name=$samaccountname
  SamAccountName=$samaccountname
  UserPrincipalName=“$[email protected]”)
  GivenName=$user.Firstname
  Surname=$surname
  SamAccountName=$samaccountname
  AccountPassword=ConvertTo-SecureString $pwd -AsPlainText -force
  Path='OU=Test,DC=nagara,DC=ca'
  New-AdUser @userprops -Enabled:$true -PassThru | |
  Add-Member -MemberType NoteProperty -Name Password -Value $pwd -PassThru
  Import-CSV -Path c:\users\administrator\desktop\users.csv |
  ForEach-Object{
  AddUser $_
  } |
  Select SamAccountName, Firstname, Lastname, Password |
  Export-Csv \accountinformation.csv -NoTypeInformation
  ¯\_(ツ)_/¯

• Workflow once user is created

  Hi All,
  Seems to be a very basic workflow but I cannot get the events to trigger!
  I need a workflow once a user is created. The standard BO "USER" has the event "Created" but it does not trigger once the user is created through transaction SU01!
  I checked for Change documents and there are no documents written when the user is created. There are no User Exits or BADIs to put in my custom code once the user is created.
  I am sure that there is something very basic that I might be missing. Maybe a customizing stuff to trigger the standard event.
  Any help will be greatly appreciated.
  Best regards,
  Sudhi

  Hi Sudhi,
  Not a great solution but you could check for any existing workflow instances for the BO to determine if this has been created and workflowed before, or you could check the time of the DB record update (and creation) in the user audit log and make the determination, or better yet check both.
  Neither idea is brilliant but both will work.
  Bear in mind the events on USER are:
  create (user locked created)
  cloned (user created or changed)
  deleted
  roles changed
  Based on this I would postulate that if you created a locked user you would get sy-ucomm = 'INS'.  If this is the case you may want to create each user locked (initially) and then unlock in your workflow.
  Regards
  Gareth

• Password Violation error while creating users from Admin interface

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

• How to create user in oracle 11 g

  Hi.
  i am new to oracle 11 g. i am learning for oragle 11g dummies pdf.i have some doubts about create user in that what is for identified by used in create user.
  eg: create user acme_own identified by acme_own2008 temporary tablespace temp, default tablespace user,
  in this what identified user is used and what it does.
  if anyone tell me it will be very helpfull.

  Hi;
  Please see below notes if you have still doubt please update thread:
  http://docs.oracle.com/cd/E11882_01/network.112/e16543/users.htm#BABGIFFE
  http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_8003.htm
  http://www.adp-gmbh.ch/ora/sql/create_user.html
  Regard
  Helios

• Trouble Creating Users Via Web Form

  I'm having trouble creating user in a 9i database via web front end.
  I use the following sql to create the user
  strSQL="CREATE USER"""+strUser+"""PROFILE ""DEFAULT"" IDENTIFIED BY ""HELLO"" DEFAULT TABLESPACE ""DATA"" TEMPORARY TABLESPACE ""TEMP"" ACCOUNT UNLOCK"
  I then execute another two sql statments to grant "connect" thus
  strSQL="GRANT ""CONNECT"" TO "+strUser+""""
  strSQL="ALTER USER """ strUser"""DEFAULT ROLE ALL"
  Whenever I try connecting using the new users details, but get an error message that the server had problems accessing the LDAP directory service(ORA-28030).
  I'm happy that the SQL is correect as I created the account that I wanted using Enterprise Console and coppied the SQL it produced. I'm assuming that there's something in the background that is not being triggered when creating the user via the web front end.
  Can anyone tell me where I'm going wrong?
  Thanks
  Jason

  My apologies, I didn't realise HTML DB was a product. I thought it was a forum for questions regarding HTML and databases.
  Doh!!!
  Jason

• User administration PL/SQL codes

  Can any body fordard me the PL/SQL conding used to all the aspects of User administration like user creation, privilages, roles etc.
  Secondly , can you please advice me if i need sample code for DBA purpose , where i should look.
  Thanks
  Arif

  Hi,
  Read Oracle doc on http://tahiti.oracle.com
  Or
  http://www.oracle-base.com/dba/DBACategories.php
  Or
  http://www.orafaq.com/scripts/index.htm
  Nicolas.

• Create user and session privilege

  Hi everyone. I connected to database as SYSTEM and created new user (Tom):
  CREATE USER Tom IDENTIFIED BY Tom
  Then using SQL Developer tried to connect to the database as Tom and got error, that Tom lacks CREATE SESSION privilege. How to give him it?

  You need to give a certain quota to that user, or that role. For example,
  ALTER USER <username> QUOTA UNLIMITED ON <tablespace_name>;
  You can also specifiy a set amount in place of the unlimited keyword.
  ALTER USER <username> QUOTA 500M ON <tablespace_name>;
  If you create a role, then assign the privileges to that role you can group your privileges together. When you create a new user just assign the role to the user. You can then just add privileges or remove them from the role and this will take affect for all the users that have that role.

• NWA 7.1 - User Administration with regards to Roles/Groups

  Hello,
  Environment = NWA 7.1 , Java Stack Only , No Central User Administration
  Situation      = One group of individuals responsible for developing and maintaining Java Roles & Groups
                        (Permissions). Another group of individuals responsible for maintaining Users and
                        allocating the above Roles & Groups to the Users.
  In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
  The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
  This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
  Many thanks in advance,
  Jay

  Hi Jay,
  UME.Manage_All Provides permissions required by an overall user administrator.
  These include:
  u2022 Administration of users belonging to any company and
  possibility of assigning users to companies
  (In a multitenant portal, even if a tenant user is assigned this
  action, he or she will still only have access to users, groups,
  and roles in his or her tenant.)
  u2022 Group management
  u2022 Role assignment
  u2022 User mapping
  u2022 Import and export of user data
  u2022 Manual replication of user data
  To set up delegated user administration, overall user administrators
  must belong to a role to which the UME.Manage_All action is
  assigned.
  In portal installations, any role that includes the UME.Manage_All
  action automatically has Role Assigner permissions on all portal roles in the portal installation.
  Try this.
  Regards,
  Gowrinadh

• Need to authenticate a user and create session thru a procedure.

  I am doing loadtest on portal and I need to authenticate a user and create user session to simulate user logging thru the web and I want to see a record is created in the wwctx_sso_session$ table.
  can we do this from stored procedure ?
  thanks.

  Hi,
  I guess the message is pretty clear !! you lack privilege.
  SQL> conn imx/imx
  Connected.
  SQL>
  SQL> create user testproc identified by testproc;
  create user testproc identified by testproc
  ERROR at line 1:
  ORA-01031: insufficient privileges
  SQL> create or replace procedure sp_createsuser(username varchar2)
    2  as
    3  begin
    4  execute immediate 'create user ' || username || ' identified by ' || username;
    5  end;
    6  /
  Procedure created.
  SQL> exec sp_createsuser('testproc');
  BEGIN sp_createsuser('testproc'); END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "IMX.SP_CREATESUSER", line 4
  ORA-06512: at line 1
  SQL> conn sys/******* as sysdba
  Connected.
  SQL> grant create user to imx;
  Grant succeeded.
  SQL> conn imx/imx
  Connected.
  SQL> exec sp_createsuser('testproc');
  PL/SQL procedure successfully completed.
  SQL> conn sys/syssys as sysdba
  Connected.
  SQL> select username from dba_users where username like 'TESTP%';
  USERNAME
  TESTPROC
  SQL>Regards