Assign roles automatically when user gets created

Similar Messages

• Automatic AD account creation when user gets created in OIM

  Dear All,
  Currently in my OIM version 9.1.0.2, AD account creation is request based. Manager has to raise a request to create an AD account for the user.
  Now we want to leave this process for AD account creation. Requirement is to create the AD account without any approval process.
  Or I can say create an AD account for the user as soon as user gets created in OIM.
  Please suggest.
  Manohar

  Hi GP,
  I am able to follow the steps mentioned for creating membership rule and access policy.
  Account get created whenever used is added to new group 'createadaccountautomatically'.
  However a small trouble here.
  Initially resource status goes to ready. I need to select Misallocation attribute in the request form manually. This might be happening because in present request based approval Manager provides the is_location.
  How should I overcome this limitation? I mean what change to make so that is_location gets changed automatically.
  Please suggest on this.
  Manohar

• Task Does not get triggered when User is created through API

  Hi,
  Each new user in our OIM environment is supposed to have a iPlanet account. I have configured the access policy for the same and it works.There is also a process task which needs to be triggered once the user is successfully created in the DS. Following is my issue:
  1.When the new user is created through the admin console, the user is provisioned successfully to DS as well because of the access policy and the task also gets triggered successfully.
  2. There is an approval workflow for another resource, at the end of which a user needs to be created through APIs in OIM. The user gets created successfully in OIM and also get provisionined to DS just like in the above use case. However, the task fails in this case. I see that the task is being triggered from the user's resource profile, but the status is rejected.
  Can someone please tell me why is this happening. I initially though there was some issue with my adapter for the task, but in case 1 it works just fine.
  Following is the exception I get as soon as the iPlanet connector finishes creating the user in DS:
  java.lang.ClassCastException: java.lang.String
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETFIELDSONUSERCREATE.implementation(adpSETFIELDSONUSERCREATE.java:51)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  Thanks,
  Supreetha

  Hi,
  Have you checked the process data that you are passing to this adapter and check the mapping of process data to the adapter variable. Try to log the value which you get from process data. I got this error when I was trying to use the literal value from process data as "true" for a boolean value. This is a bug. This value is not actually a boolean value. It threw me error too sometimes back. Either you pass the boolean value from adaptor factory as a literal value or change the type boolean both in your code and the adapter.
  OIM works strangely. ;) All the best,
  Manila

• Creation of auto approval process for assigning role for a user in oim11g

  currently i'm doing a scenario like a user must be automatically assigned to a role by using approval policy where the user is already there in oim and then we use csv file in that we take 2 columns like userlogin and role name so by running this scheduled task user must be automatically approved to that role.But i have to use the default auto approve policy in oim without creating any bpel process for that so can any one suggest me how to proceed with this scenario.
  Thanks in Advance for quick response.

  If I understand correctly, You have users and their respective roles in csv file. Users are present in OIM. You want to assign those roles in csv file to respective users?
  If this is the scenario, you need to write a custom code for schedule task which will read data from your csv file, create roles and assign them to respective users.
  to create custom schedule task in OIM 11g, you may refer to:
  http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/scheduler.htm
  regards,
  GP

• Table to find the assigned Roles with my User ID

  Hello Experts,
  1.Is there any specific table to find out the assigned roles to my User ID?
  If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
  2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
  when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
  Could you help me to sort out these two queries?
  Thanks and Regards
  Madhu

  Hi Madhu,
  1.Is there any specific table to find out the assigned roles to my User ID?
  If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
  Sol'n : You have so many Class Methods for finding your requirement else FM aslo.
  Go to SE84 there u will find search ClassMethods. There u type getuserRole or userRole* and press F8. Pick the one which you feel it may give you the result
  ie you have to execute the class...if it showing instance on the tool bar click on that then press execute the method which you feel relevant to you, and give input parameters.
  Sol'n for 1 point is: CL_CRM_UI_ROLE_ASSIGN->GET_BUSINESSROLES_FOR_USER.
  2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
  Sol'n: Go and check in T-code : BP. Dispay Ur BP and check for Employee Meantaied -- Identification Tab..Did u maintained ur Userid over there or not
  when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
  Sol'n: Need clarification on this point.
  Regards,
  Lokesh
  Edited by: Lokesh on Mar 8, 2010 7:37 AM

• I need any videos i shoot on my iphone, to go to the cloud automatically (when i get an icloud account). the demos show pics and docs going directly, but the demos are ambiguous about short videos i shoot on my phone....help?

  i need any videos i shoot on my iphone, to go to the cloud automatically (when i get an icloud account). the demos show pics and docs going directly, but the demos are ambiguous about short videos i shoot on my phone....not backed up nightly, but available soon.  help?

  Since photo stream doesn't support videos, you would need to use an app to do this.  Dropbox may be a good choice as I believe once enabled, all you have to do is open the app and it will automatically upload photos and videos taken since the last upload to your Dropbox account (see https://www.dropbox.com/help/289/en).  If you aren't familiar with Dropbox, it's a very popular cloud service for hosting files and other media.  Amazon just announced that its Cloud Drive service will soon support photos (http://9to5mac.com/2013/05/10/amazon-launches-cloud-drive-photos-app-for-iphone) /; perhaps it will also be extended to support videos at some point.

• Assigning Roles for a user programatically in E-Business Suite

  Hi All,
  How can I assign roles to a user programatically (may be using PL/SQL) in E-Business Suite.
  Thanks,
  Iceman513

  Please see these docs.
  How to Assign and Revoke Role/Responsibility to a User using a Standard API? [ID 373369.1]
  Api To Assign Responsibility To A Role In Bulk. [ID 458072.1]
  How Does One Using API add Users to a Role? [ID 794538.1]
  Thanks,
  Hussein

• Run shutdown oc4j instance automatically when user Turn off/Log off

  Hi All,
  Can you help me anyone to run the shutdown oc4j instance automatically when user Turn off/Log off the application or the computer?
  I want to use any Schema level trigger if possible to solve the issue.
  I am using oracle Developer Suite 10g and Database 10g as well.
  Arif

  Ah, sorry I misunderstood your question (probably not enough coffee in the morning); anyway there are folders for scripts which should be executed on startup / shutdown or logon / logoff:
  Startup
  %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts\StartupShutdown
  %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts\ShutdownLogon
  %SYSTEMROOT%\System32\GroupPolicy\User\Scripts\LogonLogoff
  %SYSTEMROOT%\System32\GroupPolicy\User\Scripts\LogoffWrite a script to startup / shutdown your OC4J (probably calls to startinst.bat and stopinst.bat) and place them in the apropriate folders.
  cheers

• Extract PO Requisitions when PO gets created

  Hi,
     We have a generic extractor to extract data from EBAN table (PO Requisitions).  However our generic extractor has delta set on ERDAT field which is changed date of PO requistion.  However when a PO gets created from the requisition from R/3 the PO requisition changed on date field i.e. ERDAT doesnt get a new timestamp.
  So we are not able to extract delta's from EBAN table when PO gets created off the requisition.
  Is there any way I can set delta on a different field of the EBAN table or is there some standard extractor which can do the same?
  Thanks

  we cannot create a generic extractor on EBAN table. There are few currency and unit fields, that refer to some other table.so  Its better to createa  view and proceed.
  For creating a view u can check with ABAPer on EBAN, it should be only Database view other views are not supported in Generic extraction
  After creating the view, go to generic extraction (RS02) and create Generic data source and save it.Replicate in BW side, then create DSO(ODS) then create Transformation between Datasource and DSO.
  Note: Generic extraction give after images. So its not recommended directly to the cube because there is no overwirte option in the cube.

• Assigning the role automatically when a user is created.

  Hi all,
  we are usign the EP 7.0 eph1 sp6 . we have a requirement that:
  When we are creating a new user and click save, then a user is created and to that user automatically a role should get assigned (without manual assignment of role to user). the role will have the framework page etc.
  and suppose we are assigning some role to the same user the above assigned automatic role should be deassigned automatically again.
  is there any possible way.
  Please help.
  regards,
  kavitha

  Hi
  When we are creating a new user and click save, then a user is created and to that user automatically a role should get assigned (without manual assignment of role to user). the role will have the framework page etc.
  for the above one we can follow the simple process ,
  as u need 2 assign the role automatically  while creating the user it self, u have to do the following.
  In user Adminstartion we have a button called Copy To New User.
  u just slect a user already created and just click on the button above, the  new user which is going to be created will get all the credntails and roles groups ,everything as the previous one.
  Just have a try .
  Sandeep

• Assign tasks automatically when vacation set for a user

  Hi,
  I've a requirement where user can set the vacation period and rules. When the vacation period starts, all the tasks already assigned to him should get REASSIGNED AUTOMATICALLY to the other user that we configured in the vacation rule. How can I achieve this? Please suggest me some ideas.
  Thanks

  Hi Bill,
  I am able to reassign/delegate the task to a SINGLE user programmatically using the below code.
  private void vacationTask(String taskAction) {
  String errorMessage = "Below users are not valid: ";
  boolean isFirstInvalidUser = true;
  FacesContext facesContext = FacesContext.getCurrentInstance();
  FacesMessage facesMessage = null;
  try {
  String contextStr = ADFWorklistBeanUtil.getWorklistContextId();
  IWorkflowServiceClient wfSvcClient = WorkflowService.getWorkflowServiceClient();
  ITaskQueryService querySvc = wfSvcClient.getTaskQueryService();
  ITaskService taskService = wfSvcClient.getTaskService();
  IWorkflowContext ctx = querySvc.getWorkflowContext(contextStr);
  String loggedInUser = ctx.getUser();
  List queryColumns = new ArrayList();
  queryColumns.add("TASKID");
  queryColumns.add("TASKNUMBER");
  queryColumns.add("TITLE");
  queryColumns.add("OUTCOME");
  List tasks = querySvc.queryTasks(ctx,queryColumns,null,ITaskQueryService.AssignmentFilter.MY,null,this.getTaskPredicate(),null,0,0);
  ITaskService taskSvc = wfSvcClient.getTaskService();
  for(int i = 0 ; i < tasks.size() ; i ++) {
  Task task = (Task)tasks.get(i);
  String title = task.getTitle();
  String taskId = task.getSystemAttributes().getTaskId();
  String userInputList = null;
  String[] usersList = null;
  if(this.getUserToAssign().getValue() != null) {
  userInputList = (String) this.getUserToAssign().getValue();
  usersList = userInputList.split(",");
  } else {
  facesMessage = new FacesMessage("No users list provided. Please provide atleast one userId to reassign the task(s). ");
  facesContext.addMessage(null, facesMessage);
  return;
  for(int j=0; j<usersList.length; j++) {
  String userToAssign = usersList[j];
  userToAssign = userToAssign.trim();
  if(userToAssign!=null) {
  UserBean userBean = new UserBean();
  boolean isUserValid = userBean.isValidUser(userToAssign);
  if(isUserValid) {
  List<TaskAssignee> assignees = new ArrayList<TaskAssignee>();
  TaskAssignee assignee = new TaskAssignee(userToAssign, IWorkflowConstants.IDENTITY_TYPE_USER);
  assignees.add(assignee);
  if(taskAction.equals(TASK_ACTION_REASSIGN)) {
  taskSvc.reassignTask(ctx, taskId, assignees) ;
  this.getConfirmMsg().setValue("The task(s) have been reassigned");
  else if(taskAction.equals(TASK_ACTION_DELEGATE)) {
  taskSvc.delegateTask(ctx, taskId, assignees);
  this.getConfirmMsg().setValue("The task(s) have been delegated");
  } else {                       
  if(isFirstInvalidUser)
  errorMessage = errorMessage + " " + userToAssign;
  else
  errorMessage = errorMessage + ", " + userToAssign;
  isFirstInvalidUser = false;
  if(!isFirstInvalidUser) {
  facesMessage = new FacesMessage(errorMessage);
  facesContext.addMessage(null, facesMessage);
  } else {
  this.getConfirmationPopup().show(new RichPopup.PopupHints());
  catch (Exception e) {
  //Handle any exceptions raised here...
  System.out.println("Caught workflow exception: "+e.getMessage());
  But, when I supply multiple uses separated by comma(,), the tasks are being assigned to the last user ONLY. Any idea why its happening.
  Thanks.

• One CUP request for assigning role to multiple users

  Hi,
  We assign roles to users in production only through CUP requests.. We use GRC 5.3
  Here we have a case where we need to assign one role to  60 users in production(each user may have different  roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
  Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
  Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
  Or the only solution is to create 60 CUP requests ?? this would be too manual
  Regards ,
  jaags

  Raghu,
  thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
  there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
  Is this possible in GRC 10 ? any idea ?
  Regards,
  Jaags

• Auto Script which creates SAP Account when AD gets created.

  Hello Experts - Requirement is "Create SAP User account automatically when AD account gets created", can I acheive this through ECATT scripts?
  If this is possible, idea is to create an ECATT script and schedule it to run every night to find all new users on AD and create their account on SAP and lock their accounts.
  Do you think this can be acheived thru ECATT's?
  If not ECATT, is there any way out to acheive my objective. We are planning to reduce overhead for SAP User admins, I was thinking on following steps:
  1) New User request for AD
  2) After approval create AD account
  3) Design a scrip, which will look for all new users on AD and will create & lock them on SAP (Nightly Job or something)
  Your thoughts?
  Your suggestions are much appreciated.
  Thanks.

  Hi Martin,
  I have a customer with 16 million users in SU01. They don't use IdM and don't need it either at the moment.
  I have another customer with 700 users and they are implementing IdM because it makes sense. They need it to reduce complexity.
  There are no IdM license costs, unless you provision non-SAP systems.
  You can skip GRC by using a well designed concept for report RSUSR008_009_NEW if it meets your requirements - particularly the number of systems. It does however have it's limits (per ABAP client) and is not user friendly at first. Also no nice pie-charts for managers, etc.
  Emergency User Access comes in many shapes and sizes... SAP declined a development suggestion from me to improve the "FireFighter" tool so I developed it on my own for my customers using BAPIs and they are happy. The main requiremenent not fullfilled is that the user context changes so that you loose access to HR data, queries, variants, workflow items, purchase orders, etc. The FireFighter users also become obvious targets of attacks and the application users (dialog) need authority to change the FireFighter's passwords to use the application  - which means that they can use RFC to do the same without using the FireFighter transactions / logs / etc.
  Regarding other IdMs, I have experience with some, but documented here on SDN is only the password syncronization problems which Novell suffers from. These "problems" are intentional - or better said --> their own fault for using "hacks"...
  If you search for "Novell" you will find them.
  Cheers,
  Julius

• Assigning roles to  10000 users

  Hi Guru's,
             I need your solution regarding role assignment to 10000 users.My client is having 10000 users.
  My perception for this is
                      [Role]
  Roleid = Path;
  user = user1;user2;user3;...............user10000;
  Writing above code in text document and importing then exporting in user administration.....
  Is there any approach to assign a role to 10000 users in one go.
  Please share the solution for this issue.
  Regard's,
  Prashanth

  You can use the Import functionality of User Administration.
  Use Groups as principal.
  Example
  [group]
  gid=Z_GRP_HR_ESS
  gdesc=HR Group for Employee Self-Service
  user=DHANZ1;DHANZ2;.......
  Import utility times out for huge user base....so split 10000 in 2 batches...eg first load with 7000 users and second with 3000 users.
  Second run do it in overwrite mode
  Once the loads are complete you can manually assign the corresponding Roles to the Group. It is best practise to assign
  Users -> Group -> Role.
  Also you get a detailed log after import with errors -> You can fix that in your import file and run the utlity again.
  Good luck ~ Dhanz

• Assigning roles to LDAP users through BIP API

  Hi.
  My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
  One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
  I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
  We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
  Is it possible to make that assignments through BIP API?
  If not, any other ideas? New ideas or different approaches are welcome.
  Thanks in advance.

  In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
  During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
  I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
  There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
  Let me know if that helps.