Automatically add user to an OIM role using rule

Similar Messages

• How do I add user to a Contact Role in 11i? ( GIS )

  Hi Hussein:
  I was trying to find out how to add a list of users to a contact role in GIS? Initially the contact used to be individual email_id's , but right now the user email_ids are added to a new role and in the subsidiary company setup the contact is having a pointer to the role.
  Regards,
  Bala

  Yes, Hussein.. If you login to EBS as a user with GIS Responsibility --> setup -- > Intercompany -- > Subsidiaries
  in the form u will notice 'Notification Options' and you will see a field ' Contact '. This filed normally used to be a email id. For easy manageability they have created a contact role and assigned users to this role. I do now how to get the list of contact roles and how to add the new users to the role, so they can get notifications.
  Regards,
  Bala

• Automatically add all scopes depending on role

  Hi,
  I have one environment with about 15 scopes (one scope for public content and then one per branchoffice)
  now I got the following question: is it possible somehow to automatically add all scopes when new content is added that is meant to be public?
  this is currently an action that can only be done by the AD group that has the full administrators role who create new stuff that will be accessible for the whole environment.
  once new content is added they have to manually modify the security scope, so we would like to automate this somehow.

  I’m cleaning up old post, did you figure this out yet, if so how?
  There is nothing built-in to do this, you might be able to do something like this via the SDK but that might be a lot of work. IMO I wouldn’t worry about it, the CM12 Admin will learn soon enough to setup thing correctly when the ticket get sent back to
  them to do more work.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Automatically add user to a specific database based on the users title

  Is there away to automatically distribute users to a database based on their title?  My organization has different quotas depending on your job title, so if you are an Outside sales rep you get a 2 GB mailbox, and if you are a Inside sales rep you
  get a 1GB mailbox.   

  You can do that with cmdlet extension scripting agent. You need to do some custom setup but there are some examples in below articles (specially part 3)
  Understanding the Scripting Agent
  Cmdlet Extension Agents (Part 1)
  Cmdlet Extension Agents (Part 2)
  Cmdlet Extension Agents (Part 3)

• How to generate username automatically while user creation in OIM.

  Hi all,
  Could you please send me steps for how to generate user name automatically by using adapter while creating the user in OIM.

  Follow this link:
  [http://download.oracle.com/docs/cd/B32479_01/doc.903/b32457/creadp.htm|http://download.oracle.com/docs/cd/B32479_01/doc.903/b32457/creadp.htm]
  It will help you to make each adapter which you want but for this you'll have to create entity adapter.

• Unassign user from a OIM Group using API/Java Code

  Hello OIMers,
  Can you please tell me how should I Un-assign a group membership through code?
  This is the case:
  When the user is deleted from Active Directory, I want to Unassign the User from a group, assume the name of the group is "FullTime Employees".
  Currently How I do this is Click on the User Profile in Admin Console then select Group Membership from drop down and then select unassign for that group.
  Please tell me how should I do the above task programmatically, This would solve my problem.
  Thanks everyone in advance.
  Regards,
  VSN

  Hi all,
  I am using the following api:
  uintgroupf = (tcGroupOperationsIntf)tcUtilityFactory.getUtility(db, "Thor.API.Operations.tcGroupOperationsIntf");
  uintgroupf.removeMemberUser(arg0, arg1);
  arg0 - is group key............Can you tell me how should I fetch this Group Key??
  Thanks.
  Regards,
  VSN

• Add ldap user to Delegate Admin role programmatically

  Dear all,
  I have problem with
  @Control
  private DelegationRoleManagerControl roleControl;
  roleControl.addUserToRole(EWPConstants.USER_DA_ROLE_NAME,username,ResourceContext.createResourceContext(getRequest(),false));
  I used that control to add user to delegate admin role. It is working fine on admin server.
  But after we deploy on managed server (stand-alone), we get this exception intermittently.
  15 Sep 2009 12:59:40 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR ewp.control.pageflow.login.LoginController - login():
  com.bea.p13n.entitlements.common.PolicyMgmtAccessException: Attempt to access Entitlement Policy Mgmt API by user in invalid role. Entitlement Policy operation attempted by disallowed user ["principals=[ewpwlpuser01]"].
  at com.bea.p13n.entitlements.management.internal.SecurityHelper.isWLPAdminRole(SecurityHelper.java:881)
  at com.bea.p13n.entitlements.management.internal.RolePolicyDelegate.roleExists(RolePolicyDelegate.java:387)
  at com.bea.p13n.entitlements.management.internal.RDBMSRolePolicyManager.getGlobalRoleExpression(RDBMSRolePolicyManager.java:1702)
  at com.bea.p13n.entitlements.management.internal.RDBMSRolePolicyManager.addGlobalRoleUser(RDBMSRolePolicyManager.java:1421)
  at com.bea.p13n.entitlements.management.internal.RDBMSRolePolicyManager.addGlobalRoleUser(RDBMSRolePolicyManager.java:1388)
  at com.bea.p13n.entitlements.management.RolePolicyManager.addGlobalRoleUser(RolePolicyManager.java:514)
  at com.bea.p13n.delegation.management.internal.DelegationRolePolicyDelegate.addPredicatesToGlobalDARole(DelegationRolePolicyDelegate.java:614)
  at com.bea.p13n.delegation.management.internal.DelegationRolePolicyDelegate.updateRole(DelegationRolePolicyDelegate.java:254)
  at com.bea.p13n.delegation.management.DelegationRoleManager.updateRole(DelegationRoleManager.java:431)
  at com.bea.p13n.delegation.management.DelegationRoleManager.updateRole(DelegationRoleManager.java:398)
  at com.bea.portal.tools.da.controls.DelegationRoleManagerControlImpl.addUsersToRole(DelegationRoleManagerControlImpl.java:76)
  at com.bea.portal.tools.da.controls.DelegationRoleManagerControlImpl.addUserToRole(DelegationRoleManagerControlImpl.java:223)
  at com.bea.portal.tools.da.controls.DelegationRoleManagerControlBean.addUserToRole(DelegationRoleManagerControlBean.java:295)
  at ewp.control.pageflow.login.LoginController.login(LoginController.java:126)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)

  hi
  it should work even if the managed server is not part of the cluster.
  Again do you get this error randomly or can you replicate it?
  Its possible that your Database / LDAP is out of sync. Can you access portal admin console and can you see if the default two visitor entitlements show and you dont get any error saying PortalSystemAdministrator is not valid?
  Also you can just delete the managed server directory (under the domain/servers) it should recreate the LDAP (assuming admin server is running)
  regards
  deepak

• Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

  Hi,
  I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
  After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
  Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
  I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines. 
  First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
  Here are my exact steps of what I did to reproduce our problem:
  Complete format of HDD in preperation for a clean install
  Clean install performed
  Set up the machine initially with a local account
  Test metro apps - all working fine
  Open control panel from the desktop, click on System, change the system to join the domain, click reboot
  Log into the system using my domain account
  Test metro apps - all working fine
  Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
  I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
  In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
  I click add and then add my domain account - also giving it administrator access
  Sign off or reboot to ensure the new security is applied
  Sign back in to the domain account
  Test metro - ALL BROKEN
  Sign out
  Sign in as local account
  Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
  So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
  Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
  could fathom was a full re install and not giving the domain user admin access to the local  machine.
  Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
  Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
  I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
  soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
  Thanks

  Hi Juke,
  Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
  I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
  your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
  in event viewer.
  Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
  information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
  Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
  Under "Applications And Services Logs" --> "Microsoft" -->  "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
  Windows.Launch contract failed with error: The app didn't start."
  If you require any further information just let me know and I will provide as much as I can.
  Thanks

• Add Users from people picker field to sharepoint group

  Hi,
  I have created infopath form and added people picker control and then created data connection to add users to sharepoint group.
  Used UserGroup webservice and "AddUserToGroup" operation. If I select single user in people picker and click submit button, web service data connection adding user to sharepoint group without any issue but it's not working for multiple users.If
  I select multiple users in people picker, web service adding only first user to sharepoint groups. In our company we do not prefer custom coding.
  Can anybody help me out to resolve this issue?
  Any help or suggestions would be appreciated.
  Thank you,
  AA.

  You ll be able to achieve this by placing people picker in repeating table control in the form, below url may help you. 
  http://infopath.wordpress.com/2013/04/02/people-picker-email-addresses-repeating-tables-infopath-2010/
  Sivabalan

• Automatically adds a vector mask

  It automatically adds a vector mask whenever I use one of the two bottom tools in this image. http://sixpop.com/images/file/56049748.jpg how do I stop it from adding vector masks?

  No.
  You're creating a "Shape Layer" with your Pen Tool.
  Look at the group of 3 buttons near the left side of your Options Bar.
  Hover over each of them until the little Tool Tip appears.
  Experiment to see how each one affects what happens when you use the Pen Tool or create a Custom Shape.

• OIM 11g R1 - Add user to group after AD Reconciliation

  Hi,
  i want to add all reconcilated users from AD to OIM to a special role in oim, after a AD reconciliation.
  By default, all users get the role ALL_USERS. I want to add a futher role, for example ALL_AD_USERS.
  How to do this?
  Edited by: 960944 on Jan 15, 2013 5:11 AM

  I assume that here you are talking about AD TRUSTED RECONCILIATION and you don't have any other TRUSTED Reconciliation and this is the only way to bring users into OIM, then you can create a role and attach a membership rule say "Organization doesn't contain ZZZZ". It will satisfy all the users
  CONS: Here you won't be able to distinguish between users which are creating through Admin Console or from AD Trusted or from some other Trusted Recon.
  Now if you want only those users who are coming from AD then Add a task on Reconciliation Insert/Update Received and add user into Role using APIs.

• Automatically add role of Contact Person when BP is created as employee

  We have done the configuration and setup to transfer OM data from ERP (ECC 6.0)  to CRM 7.0. Before we execute the ALE job, we have one item we would like to add to the process.
  We are a County Government implementing CRM Incident Management. Users will need to assign and forward Incidents to defined Contact Persons in various Org Units. It would require significant manual effort to edit BP records for each employee to maintain the Contact Person role.
  Is there a way to automatically add the Contact Person role to each Employee BP at the time that the BP is created during the transfer of OM data? In other words, when IDocs are posted using RBDAPP01 in CRM, can the BP be created with the General role, the Employee role AND the Contact Person role at that time?
  I have not found a BP configuration which implements this. I also did not find a switch in T77S0 which would cause this to occur.
  I have searched this forum and the the CRM General Questions forum for this issue. I have found a few threads which posed the question but none which provided an answer for CRM 7.0. Please let me know if I have overlooked a previously posted answer.
  Thank you for your help and advice.
  Alannis Bratton

  Hi Robert.
  Thank you for the suggestion. However, this isn't related to creating the Contact Person role when creating a contact relationship directly in CRM. What we need is the automatic creation of the Contact Person role at the same time that the Employee BP is created via the ALE transfer of OM data from ECC to CRM.
  Alannis Bratton

• AppServer: problems trying to add users to roles in security dialog

  I'm trying to learn J2EE using AppServer. My current example has a client accessing
  an entity bean. I want two classes of user - Reader, and Updater. Most methods
  of Home and Remote are accessible to both classes, a few are restricted to users
  in Updater role. I'm currently having problems adding users to roles in deploytool.
  I have defined users using the Admin client.
  I have implemented and test run client and entity bean without security restrictions, it works.
  I have defined roles associated with the application.
  I have allocated roles to every method in Home and Remote interface of bean.
  I have extracted the generated XML file and checked the <assembly-descriptor> section and
  it appears that all roles and role descriptions are defined as required.
  deploytool lets me use the "Security Role Mapping" dialog, I can select either of my roles and
  try "Add user to role" - subsequent dialog shows my users and allows me to "Map user to role" -
  but selected user does NOT appear in the user names panel.
  What am I doing wrong or what am I omitting? Hints please!

  Thanks for suggestions. (I'm using Windows so file-protections pretty
  non-existent).
  I looked in the Sun file you mentioned and found the users were defined.
  When I restarted AppServer and deploytool, the users were shown in the appropriate
  panel.
  There is probably some minor bug in deploytool that causes the User Panel not
  to be updated as it should be after a user has been added to a role.

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .

• Create .jspx page to add users using ADF security.

  Hello,
  I'm using JDeveloper 11.1.1.3. I've created a login page (form based) with different users and roles using ADF Security. I'm able to successfully login/logout through the users and get redirected to the home page. However, i'm asked to create a page by which i can create users and add roles to them. This page will only be accessible by the administrator. I searched this forum for anything that might help, but couldn't find anything. Can anyone help?
  Thanks,
  Mohamed.

  check this thread:
  Re: change password in jazn-data.xml programmatically