Broadcasting fails when dialog user has initial password

Similar Messages

• How do I sign my VB / VS 2010 based shared COM add-in for Excel so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?

  My COM add-in is developed using VS 2010 and VB. It's a shared COM add-in (not VSTO) and it works with Excel 2007 - 2013. My installer is signed with a code signing certificate but it would appear that my add-in's .dll should also be signed if the user has
  checked the "Require application add-ins to be signed by a trusted publisher" option.
  The "Sign the assembly" option is checked in my add-in's VB -> My Project -> Signing. I have a .snk file selected which I seem to recall generating 6 or 7 years ago when I ported the COM add-in from VB6 to .NET. 
  I have an up-to-date Comodo code signing certificate (a pfx file called MyCompanyCodeSigningCertificatePrivateKey.pfx) which I purchased to use with the installer and was wondering if and how I could use this.
  I tried selecting my pfx file in the My Project -> Signing -> "Choose a strong name key file" dialog. It made a copy of the pfx file in my project folder but when I tried to build the project, I got the following error:
  Error 1 Cannot import the following key file: MyCompanyCodeSigningCertificatePrivateKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the
  following key container name: VS_KEY_C0B6F251F0FB6016
  After a little research, I found out I might be able to use signtool to sign the dll in a post-build step.
  I added the following command to the post-build event, before the command I use to regasm the assembly.
  "path to signtool\signtool" sign /f "MyCompanyCodeSigningCertificatePrivateKey.pfx" /p "xxxx" /v "$(TargetPath)"
  When I built the project, the dll appeared to get signed (the output window showed a bunch of confirming text as well as "Successfully signed: c:\MyAddIn\bin\Release\MyAddIn.dll") but the next step in the post-build (regasm myaddin.dll /codebase)
  issued a warning RA0000 (see below) but reported "Types registered successfully".
  Here's the message I get from regasm, even though the output window says the dll was sucessfully signed:
  RegAsm : warning RA0000: Registering an unsigned assembly with /codebase can cause your assembly to interfere with other applications that may be installed on the same computer. The /codebase switch is intended to be used only with signed assemblies. Please give your assembly a strong name and re-register it.
  Types registered successfully
  I'm not using a shim if that makes a difference.
  How do I sign my add-in so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?
  Any tips would be appreciated.

  Hello,
  Why do you need to use the regasm utility from the post-build action?
  There is a difference between signing the assembly with a strong name and digital signature. The
  How to: Sign an Assembly with a Strong Name article in MSDN explains how to sign an assembly with a strong name (.snk). See
  How to digitally sign a strong named assembly for adding a digital signature.
  You may also find the
  What's the Difference, Part Five: certificate signing vs strong naming article helpful.

• DRM-61026: Unable to create user session for the following reason: Login failed. Invalid user name or password.

  All Im very new to Oracle DRM and Im trying to get the app setup on Windows server running SQL Server 2008.  When I try to login to the Web Client I keep getting this error.
  DRM-61026: Unable to create user session for the following reason: Login failed. Invalid user name or password.
  Can you please help

  This might be due to The 'Oracle Instance' path may not have been set to a path relative to the 'CSS Bridge Host' (i.e. the Foundation Services machine) on the Configuration > Host Machines > CSS > General tab of the DRM Configuration Utility.
  if this is the case then
  1. Open the DRM Configuration Console.
  2. Go to the Configuration > Host Machines > CSS > General tab of the DRM Configuration Utility.
  3. Ensure that the path in 'Oracle Instance' has been set relative to the 'CSS Bridge Host' (i.e. the Foundation Services machine defined in 'CSS Bridge Host').
  4. If corrections are made to 'Oracle Instance' then restart the DRM services to pick up the change.
  Thanks,
  ~KKT~

• Job scheduling failed because the user has no permission to access this rep

  Hi. I've OBIP 10.1.3.4.1.
  When I launch a print with the scheduler I see this error:
  oracle.apps.xdo.servlet.scheduler.ProcessingException: Job scheduling failed because the user has no permission to access this report. [REPORT_URL]=[folderreport/report/report.xdo], [USERNAME]=[administrator]
       at oracle.apps.xdo.servlet.ui.scheduler.SchedulerServlet.scheduleJob(SchedulerServlet.java:1140)
       at oracle.apps.xdo.servlet.ui.scheduler.SchedulerServlet.doPost(SchedulerServlet.java:295)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
       at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
       at oracle.apps.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:100)
       at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
       at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
       at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
       at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  In this env. I've a LDAP Security Model and all the report and all the users work.

  Please check whether you have assigned below responsibility to the user trying to schedule report.
  XMLP_SCHEDULER

• How to find the date when the users has been created in Hyperion Essbase

  Please let me know, if there is any option or way to find the date when the users has been created in Hyperion.
  Essbase - 9.3.1.0.0
  Sun Solaris SPARC (32-bit) - 5.8
  If not in Hyperion, could you please let me know if it gets stored in the repository. If yes, please let me know the table name in Oracle.

  I don't know of a way of getting this information from Shared Services via the standard web UI. However you can see when a native user was created in openLDAP. If your users are all native then you can use an ldap browser to view the CreateTimestamp.
  Port: 58089
  User DN:CN=911,ou=People,dc=css,dc=hyperion,dc=com
  Password: Your shared services admin user password
  You should see each new native user under the ou=People and each CN will have a create timestamp.
  I can't help if all you users are external or your using the old Essbase native security.
  Gee

• Identify when a user has change value in USEREXIT_CHECK_VBAP before saving

  I originally posted and closed this question, but I am still struggling with the code.
  The req is now to also update the value of VBAP-LPRIO, so I now have to use the Exit : USEREXIT_CHECK_VBAP.
  The issue is that my solution must take into account when a user manually overwrites a value and not replace it with a value determined in the user exit.
  My problem is that the user might do the following
  1 - Create a sales order and enter a new item line, press enter
  2 - The user exit is triggered, and I check that XVBAP-UPDKZ = I  (user add a new line)
  3 - The user-exit determines the new value and populates the field
  4- the user then click on the item line, and then manually changes the value of VBAP-LPRIO
  5- The user-exit is triggered again, and because  XVBAP-UPDKZ = I , my code is triggered and updates the field.
  What I want is to identify that a user has manually changed the value and not overwritte the value.
  1 - I have check YVBAP and it is blank, as the user has not saved the sales order.
  2- The values of VBAP and XVBAP are the same..
  3 - I cannot re-read the database (KNVV) table as the user could have populate the value with the same value.
  What I need is how to identify when a user has made a change to a field before they save the sales item, as YVBAP is never filled.
  Previous post----
  Hello,
  I am writing a bit of code that will overwrite the payment terms in a sales order item based on a number of factors. (ship-to, incoterms, document type, etc)
  I am using the following program MV45AFZB at Exit : USEREXIT_CHECK_VBAP. I am using this exit as the users need to see the payment terms after an item has been entered into the sales order and not have the value determined at sales order save.
  I am not using USEREXIT_MOVE_FIELD_TO_VBAP as it is only triggered once at the time of creation and not when I change the document. I need it in USEREXIT_CHECK_VBAP as users could change the incoterms in VA02, so the code must be redetermined.
  My code is working as expected, however, I have a problem when a user enters a sales order item line and then manually changes the payment terms, as my code then is over writes the users values.
  The flow is as follows
  As user creates a sales order
  They populate the sales order header
  They populate material number and qty
  User exit USEREXIT_CHECK_VBAP is triggered and correctly determines the payment terms
  The user then double clicks on the sales order item and decides to overwrite the payment terms.
  My user-exit is retriggered and check to see if XVBAP-UPDKZ = I (insert)
  As it is still an insert, my code triggers.
  I have tried to check YVBAP, but no entry exist as it stills is seen as in insert? What I really need to know that while it is still an insert, the user has change the field value and my code should not over write the users value.

  When do you need to update LPRIO ? When user makes the change at the Payment terms on line item?
  Regards,
  Naimesh Patel

• How to tell when a user's account password was reset?

  Using Oracle 10g.
  How does one tell when a user's account password was reset?
  Thanks,
  (BLL)

  Dear user445775,
  I didnt get timestamp. ie., getting date alone. How can i able to get it.
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  PL/SQL Release 10.2.0.4.0 - Production
  CORE 10.2.0.4.0 Production
  TNS for Solaris: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  SQL> select CTIME,PTIME from sys.user$ where name='SCOTT';
  CTIME PTIME
  18-JAN-08 12-JUN-10
  SQL> alter user scott identified by XXXXX;
  User altered.
  SQL> select CTIME,PTIME from sys.user$ where name='SCOTT';
  CTIME PTIME
  18-JAN-08 27-JUL-10
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production
  PL/SQL Release 11.1.0.6.0 - Production
  CORE 11.1.0.6.0 Production
  TNS for Solaris: Version 11.1.0.6.0 - Production
  NLSRTL Version 11.1.0.6.0 - Production
  SQL> select CTIME,PTIME from sys.user$ where name='SCOTT';
  CTIME PTIME
  21-APR-10 17-MAY-10
  SQL> alter user scott identified by XXXXX;
  User altered.
  SQL> select CTIME,PTIME from sys.user$ where name='SCOTT';
  CTIME PTIME
  21-APR-10 27-JUL-10

• SCOM Linux discovery failed with "The user name or password is incorrect" error

  Hi every one .
  In our test environment when I want to discover a new linux computer system , discovery process fails with this error message :
  Unexpected DiscoveryResult.ErrorData type.  Please file bug report.
  ErrorData: Microsoft.SystemCenter.CrossPlatform.ClientLibrary.Common.SDKAbstraction.TaskInvocationException
  Task invocation failed with error code 1326. Error message was: The user name or password is incorrect.
     at System.Activities.WorkflowApplication.Invoke(Activity activity, IDictionary`2 inputs, WorkflowInstanceExtensionManager extensions, TimeSpan timeout)
     at System.Activities.WorkflowInvoker.Invoke(Activity workflow, IDictionary`2 inputs, TimeSpan timeout, WorkflowInstanceExtensionManager extensions)
     at Microsoft.SystemCenter.CrossPlatform.ClientActions.DefaultDiscovery.InvokeWorkflow(IManagedObject managementActionPoint, DiscoveryTargetEndpoint criteria, IInstallableAgents installableAgents)
  But I m sure that this username and password is correct and I can logon to this computer with this credential.
  how do I find root cause of this issue ?

  I have been enabled logging before doscovery process .
  in temp directory :
  0: 02/10/15 20:03:22 : Enter SCXNameResolverProbe constructor
  0: 02/10/15 20:03:22 : Leave SCXNameResolverProbe constructor
  1: 02/10/15 20:03:22 : Enter SCXNameResolverProbe::DoInit
  1: 02/10/15 20:03:22 : XML_INIT_CALL
  1: 02/10/15 20:03:22 : Check WSAStartup
  1: 02/10/15 20:03:22 : Exit SCXNameResolverProbe::DoInit
  2: 02/10/15 20:03:22 : Enter SCXNameResolverProbe::DoProcess()
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess passed initial arguments checking
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess input: 192.168.7.62
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess - Input is an IP-address
  3: 02/10/15 20:03:22 : Enter SCXNameResolverProbe::GetName(): 192.168.7.62
  3: 02/10/15 20:03:22 : Resolve IPv4 address to host name
  3: 02/10/15 20:03:22 : Leave SCXNameResolverProbe::GetName(): SUSE11
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess returns name: SUSE11
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess returns ip: 192.168.7.62
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess returns errorcode: 0
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess returns errortext: 
  2: 02/10/15 20:03:22 : SCXNameResolverProbe::DoProcess returns xml: <NetworkName>SUSE11</NetworkName><IPAddress>192.168.7.62</IPAddress><StatusCode>0</StatusCode><StatusMessage></StatusMessage>
  2: 02/10/15 20:03:22 :  Enter initDataHolder
  2: 02/10/15 20:03:22 : Enter initDataType
  2: 02/10/15 20:03:22 : initDataType initializing output datatype
  2: 02/10/15 20:03:22 : Leave initDataType
  2: 02/10/15 20:03:22 : Leave initDataHolder
  2: 02/10/15 20:03:22 : Leave SCXNameResolverProbe::DoProcess
  4: 02/10/15 20:03:22 : Enter SCXNameResolverProbe destructor
  4: 02/10/15 20:03:22 : SCXNameResolverProbe destructor - FreeLibrary failed: 0
  4: 02/10/15 20:03:22 : Leave SCXNameResolverProbe destructor
  with debug viewer I have this message after discovery :
  [7448] A management object with display name SUSE11 could not be found.

• How to generate a notification when a user changes his password?

  Hi all,
  I have OIM 11.1.1.5.0 BP02 installed. When an administrator resets a user's password, the following email is sent to the user:
  Password has been reset for user <Firstname> <Lastname> . You will be required to change your password on next login.
  First Name: <Firstname>
  Last Name: <Lastname>
  Password: passW0rd
  +For any issues, please contact [admin email or phone]+
  My requirement is to generate a similar email when a user changes his/her own password. How would I go about doing this?
  Thanks in advance.

  You can use an event handler for this.
  Write your own code as a plugin for the event handler (refer to the developers guide for details on event handlers) then you can reference this from your custom event handler XML configuration with operation "CHANGE_PASSWORD"
  e.g.
  <action-handler class="<CLASS NAME>" entity-type="User" operation="CHANGE_PASSWORD" name="<EVENT HANDLER NAME>" stage="postprocess" sync="TRUE" order="2000" />
  The action "RESET_PASSWORD" is also available for administrator change.

• Job to send all user their initial password by e-mail (one for the pros)

  Hello,
  (IDM 7.2 with MSSQL)
  I try to create a job that sends all user their "IDM-PASSWORD" via email.
  In the first step, I generate a random password for all user. This password should now be sent to each user so they can log in to IDM-UI.
  This is my approach:
  1. Step
  Define the source
  A Job with a to generic pass:
  SOURCE:
  SELECT DISTINCT mskey FROM idmv_vallink_basic_active WHERE mcidstore=1 AND
  ((mskey IN (SELECT mcmskey FROM idmv_vallink_basic_active WHERE mcattrname='MX_ENTRYTYPE' AND mcsearchvalue = 'MX_PERSON')))
  Destination:
  MSKEYVALUE = %MSKEYVALUE%
  JOB CONSTANTS:
           MAIL_SMTP_HOST = Host
           MAIL_SMTP_PORT = Port
           MAILATTRIBUTE   = MX_MAIL_PRIMARY
           MAILFROM         = MAIL....com
           NOTIFICATION     = blabla
           POSTTEXT         = </FONT><br><br>
           PRETEXT         = <FONT SIZE=5> blabla
  Script for mailing:
  function blödesMailding(Par){
  var userList = Par.get("MSKEYVALUE");
  var user = new java.util.Vector();
  user = uSplitString (userList, "|");
  var i = 0;
  var result;
  var emailAddress = "";
  var idStore = uGetIDStore();
  var emailAttribute = "%$MAILATTRIBUTE%";
  for (i=0; i < user.size(); i++) {
       emailAddress = uIS_GetValue(user.get(i), idStore, emailAttribute);
       result = UserFunc.uSendSMTPMessage("%$MAILFROM%", emailAddress, "%$NOTIFICATION% ", "%$PRETEXT% " + "%$POSTTEXT%", "%$MAIL_SMTP_HOST%", "%$MAIL_SMTP_PORT%", 1);
       if (result.length > 0) {
            UserFunc.uErrMsg(2, result + ":Mail to:" + emailAddress);
  return "";
  And here is the error message^^:
  Warning Constant MAIL_SMTP_HOST was not defined in the repository (-1)
  Warning Constant MAIL_SMTP_PORT was not defined in the repository (-1)
  Warning Constant MAIL_ORIGINATOR was not defined in the repository (-1)
  Warning Constant MAIL_DEBUG was not defined in the repository (-1)
  Warning Constant MAIL_DEBUG_RECIPIENTS was not defined in the repository (-1)
  I set all of these constats in the GLOBAL CONTANTS form ID store! 
  and here he also complains:
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Warning Could not send SMTP message to !ERROR:Entry does not exist using SMTP host mail.mymhp.net
  java.net.ConnectException: Connection refused: connect
  Maybe I made a mistake, or my solution doesn't work at all.
  I would be very glad if someone had an idea, or a better solution for this problem.

  M Pollicove wrote:
  > From the Job Folder you can access global constants, but I don't think you can access repository constants.  Re-work the script so it uses globals (making sure to set up the globals) and you should be fine.
  Both repository constants and global constants work in jobs, just study your initial loads to see the use of repository constants.
  Gerhard, do you have your correct repository defined in your pass/job? If you copy/pasted the pass the original repository might be still in the pass (done this a few times
  You should be able to access your global constants in scripts with notation like (without any built-in functions):
  var idStore = "%$glb.SAP_MASTER_IDS_ID%";
  Edited by: Tero Virta on Jan 13, 2012 9:40 AM

• How to refresh ViewObject from database when another user has changed data?

  Hello, I use oracle database server 9.0.2 and JDeveloper 9.0.3 and I am developing a JClient application. I have JTable which is bound to a certain view object based on one entity and this is shared between many users. If a user inserts or updates a row in the viewobject (using for example the table) and commits changes, another user can not see the the inserted row while the underlying viewobject executeQuery() call.
  What I need is to refresh data for all users if one of them inserts or updates date. Is it possible?
  What I was able to think of was to use timer and executeQuery in certain period of time. Is there any better way? I mean kind of event which is fired when underlaying data has been changed?
  Thank you in advance!

  So you're saying there is no way for a client application to receive notice from the database that a table has been updated? It seems like this would be a valuable feature, and in fact I could very much use such a feature right now.

• [SOLVED]Get [FAIL] when loading user specified modules.

  That is it, when the system is booting i get a [FAIL] message when loading user specified modules after upgrading udev, and the kmod new module handling or something as say in the news. I dont have a modprobe.conf or a modprobe.conf.pacsave file either and creating a modprobe.conf file doesn't solve the problem. The strange thing is that the modules are loaded anyways. I mean the ones that are specified in rc.conf. I dont know if the system [FAIL] to load that modules or others...The system works fine for now too.
  Thanks.
  PD: sorry if you notice my poor english.
  Last edited by Hyugga (2012-01-22 23:09:02)

  I had the same problem and removing the governor performance from rc.conf solved the problem. I tried however to remove both governors and only leave powernow-k8 (this is the only one that works for me) leaving rc.conf like this:
  MODULES=(brcmsmac powernow-k8)
  When I boot the laptop and check which governors are available and being used I get the following:
  [netlak@soulrebel ~]$ cpufreq-info
  cpufrequtils 008: cpufreq-info (C) Dominik Brodowski 2004-2009
  Report errors and bugs to [email protected], please.
  analyzing CPU 0:
  driver: powernow-k8
  CPUs which run at the same hardware frequency: 0
  CPUs which need to have their frequency coordinated by software: 0
  maximum transition latency: 8.0 us.
  hardware limits: 800 MHz - 2.10 GHz
  available frequency steps: 2.10 GHz, 1.50 GHz, 800 MHz
  available cpufreq governors: performance
  current policy: frequency should be within 800 MHz and 2.10 GHz.
  The governor "performance" may decide which speed to use
  within this range.
  current CPU frequency is 2.10 GHz.
  This like as if the ondemand governor would not be available but when unplugging the laptop and check again I get this:
  [netlak@soulrebel ~]$ cpufreq-info
  cpufrequtils 008: cpufreq-info (C) Dominik Brodowski 2004-2009
  Report errors and bugs to [email protected], please.
  analyzing CPU 0:
  driver: powernow-k8
  CPUs which run at the same hardware frequency: 0
  CPUs which need to have their frequency coordinated by software: 0
  maximum transition latency: 8.0 us.
  hardware limits: 800 MHz - 2.10 GHz
  available frequency steps: 2.10 GHz, 1.50 GHz, 800 MHz
  available cpufreq governors: ondemand, performance
  current policy: frequency should be within 800 MHz and 2.10 GHz.
  The governor "ondemand" may decide which speed to use
  within this range.
  current CPU frequency is 800 MHz.
  This shows that the ondemand module can be autoloaded when needed, so I leave rc.conf only with powernow-k8.
  Thanks for your help.

• Looking for a way to log privilege adds even when the user has that priv

  We've run into a situation where we want IDM to log privilege adds/removes, even when that privilege already exists (for add) or doesn't exist (for remove) on a person.  Let me give some background.
  We are a small team working on an IDM project, each team member with 6-30 months of experience with the IDM product.  We're using 7.1.
  We have two systems, one of which is queryable and (certain) privileges updatable via REST API -- we'll call this system REST.  The second system of course is IDM.
  When an IDM privilege is added or removed, the business requirement is to always keep IDM and REST in sync, privilege-wise.  This is no problem and we have provisioning set up to make the API call, and it works great.  However, if there is a problem with the REST API (network issue, just plain down, etc.) this sync can't happen.  So, within the provisioning framework, if there is a failure, the failure is logged and the privilege is reverted, keeping REST and IDM synced.  A job runs regularly to check this log table and re-attempt the appropriate action, which of course will trigger provisioning again, hopefully successfully.
  The problem occurs in a situation like this, where each point comes in chronological order.
  1. User X gets privilege Y granted within an IDM UI.
  2. Provisioning triggers, but for some reason the REST API call fails (twice, because of retry).
  3. The failure task for the REST API call removes privilege Y from user X.  The error is logged.
  4. After a while, some job runs which removes privilege Y from all users whose names begin with X.  Even if the job explicitly removes privilege Y from user X, this is not logged in the system in any way, doesn't trigger provisioning, etc.
  5. After another while, the "retry job" runs and attempts action #1 again.  This time, the provisioning succeeds.  Now user X has privilege Y on both IDM and REST.  However, because of step 4, clearly user X should not have privilege Y.
  The same (well, reverse) issue occurs when removing the priv in step 1 and doing a grant in step 4.  During tests, one can just set up a To Identity Center step and remove/assign a privilege to an arbitrary person, then run the job containing this step repeatedly.  If the action has no net effect, there's no record (in, for example, sentries, oentries, or indeed in mxi_(old)values).  It would be great if there was a generic way to cause these actions to be logged, and we've actually thought of a couple other cases where this logging would be useful as well.  Is there some simple way?  Is it already logged in some esoteric table we haven't thought of?
  Any thoughts on this interesting scenario would be appreciated.  Thanks!

  Hi Chris,
  If I understand correctly, since you are using the log to ensure that the privileges are synced.
  Any chance you could enhance step 4 to remove information about the failed assignment from the log, so that it will not be retried?
  Note also, that this is improved in IdM7.2 and the framework. You will only get the privilege assigned after the add-member task has successfully assigned the privilege in the back-end system (which is what you are trying to achieve).
  Best regard
  John Erik Setsaas
  Development Architect IdM

• File Vault Useless when Other User Has Full Admin Rights?

  Question:
  I'm about to send my MacBook Pro in for service. I've backed it up to a bootable clone, but I'd still rather not erase all my stuff, in case they send it back as-is (they do sometimes do that if they don't have to reinstall OSX).
  So, I've given the guest user account full admin privileges on this machine and created it without a password so the AppleCare boys can do what they need to do.
  My question is, is my account secure if it is password protected and encrypted with File Vault?
  Or, if somebody was feeling malicious, couldn't they just reset the password for my account in the guest account preferences or create a new master password for the machine, since the guest account has full admin rights?
  Thanks for any quick answers!

  Hi bscepter;
  If you are that paranoid about your data, the best
  thing for you to do is to remove it off of the
  machine before you send it in.
  Allan
  I'm not "that paranoid" about my data. I was merely curious if File Vault would protect my data should somebody with another admin account want to access or delete it. I mentioned this in my initial post.
  But thanks, anyway.

• Forms 10.1.2.3 app. OK when connected as admin, FAIL when 'normal' user

  Hi All,
  I have patched our app. server to 10.1.2.3. When I run our application from a Vista SP1 client as Administrator using the Java Plug-in 1.6.0_05, all is OK including webutil/jacob functionality. For example when I want to view a PDF file, the file is opened correctly and displayed as expected. When I connect to the same client PC as a 'normal' user, I get the following error when trying exactly the same :
  ERROR>WUH-407 [Host.getProcessOutput()] OutputSink is null
  Has any of of you experienced the same and/or would you know how to resolve this ?
  Kind regards,
  Gerrit Breebaart

  Hi All,
  I have patched our app. server to 10.1.2.3. When I run our application from a Vista SP1 client as Administrator using the Java Plug-in 1.6.0_05, all is OK including webutil/jacob functionality. For example when I want to view a PDF file, the file is opened correctly and displayed as expected. When I connect to the same client PC as a 'normal' user, I get the following error when trying exactly the same :
  ERROR>WUH-407 [Host.getProcessOutput()] OutputSink is null
  Has any of of you experienced the same and/or would you know how to resolve this ?
  Kind regards,
  Gerrit Breebaart