Create Access Policy with OIM API: can't fill child form

Hi!
I'm having a problem with creating OIM Access Policy with API. I'm doing the following:
1. Create a new access policy via AccessPolicyIntf
2. Add a resource object which will be provisioned to all users who are within policy scope
3. Get Resource Object (Parent) Form Definition via FormDefinitionIntf
4. Add data to parent form (AccessPolicyIntf setFormData(FormDefinitionKey))
5. Now I want to add data to the child form, for that purpose I need to know child form definition key, but I can' get one, because there's no method like 'getChildFormDefinitionKey' in FormDefinitionIntf interface.
Please, help me to get child form definition key, knowing parent form definition key and version

See if this code helps:
public String addChildTableValue(long userKey, String group, String objectName, String fieldName tcDataProvider ioDatabase) {
log.debug("addChildTableValue() Parameter Variables passed are:" +
"userKey=[" + userKey + "]" +
"group=[" + group + "]" +
"fieldName=[" + fieldName + "]" +
"objectName=[" + objectName + "]");
try{
tcUserOperationsIntf userIntf = (tcUserOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcUserOperationsIntf");
tcFormInstanceOperationsIntf formIntf = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
boolean roleExists = false;
//Result set of all Object for user
tcResultSet obResultSet = userIntf.getObjects(userKey);
if (obResultSet.isEmpty()){
log.error("User has no provisioned objects");
return "NO_OBJECTS_EXIST";
}else{
for (int ii=0; ii<obResultSet.getRowCount(); ii++){
obResultSet.goToRow(ii);
if ((obResultSet.getStringValue("Objects.Name").equals(objectName)) &&
(!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Revoked")) &&
!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Provisioning")))){
log.debug("Resource object found: " + objectName);
//Process Instance Key of the object
long plProcessInstanceKey = obResultSet.getLongValue("Process Instance.Key");
log.debug("Process instance key: " + plProcessInstanceKey);
//Process Key for the parent for
long plParentFormDefinitionKey = obResultSet.getLongValue("Process.Process Definition.Process Form Key");
log.debug("Parent form definition key: " + plParentFormDefinitionKey);
//Form version of the parent form
int pnParentFormVersion = formIntf.getProcessFormVersion(plProcessInstanceKey);
log.debug("Parent form version: " + pnParentFormVersion);
//Result set of Child Form information
tcResultSet childFormResultSet = formIntf.getChildFormDefinition(plParentFormDefinitionKey, pnParentFormVersion);
//Child form definition key
long plChildFormDefinitionKey = childFormResultSet.getLongValue("Structure Utility.Child Tables.Child Key");
String plChildTableName = childFormResultSet.getStringValue("Structure Utility.Table Name");
log.debug("Child form definition key: " + plChildFormDefinitionKey);
log.debug("Child table name: " + plChildTableName);
tcResultSet childFormData = formIntf.getProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey);
if (!(childFormData.isEmpty())){
log.debug("Searching child table current values");
for (int iii=0; iii<childFormData.getRowCount();iii++){
childFormData.goToRow(iii);
String fieldValue = childFormData.getStringValue(fieldName);
log.debug("Child table entry: " + iii + " | value: " + fieldValue);
if (fieldValue.equals(group)){
roleExists = true;
log.debug("Value already exists in child table");
return "DUPLICATE_VALUE";
log.debug("Value not found in child table");
if (!roleExists){
Hashtable childFormHash = new Hashtable();
childFormHash.put(fieldName, group);
formIntf.addProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey, childFormHash);
log.debug("Value successfully added to table");
return "VALUE_ADDED";
log.debug("Provisioned resource " + objectName + " object not found");
return "OBJECT_NOT_FOUND";
catch(Exception ex){
ex.printStackTrace();
return "ERROR";

Similar Messages

  • Creating access policy using OIM 11g APIs

    Is there a way to create an access policy using API? I see that there is AccessPolicyService but it only supports evalutePoliciesForUser. I need a way to add and modify policies.
    I'm using OIM 11.1.1.5
    Edited by: DJ on May 21, 2012 11:53 AM

    FYI, I hope the following links might be helpful, if you did not come across them before:
    OIM API for Create Access Policy:
    http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
    Example Code for OIM API Creation of Access Policy
    http://learnidm.blogspot.co.uk/2011_08_01_archive.html
    Thanks,
    Krish.

  • How to Apply a Newly Created Access Policy on Existing Users in OIM????????

    How to Apply a Newly Created Access Policy on Existing Users in OIM?
    When the rule is getting failed the user is getting removed from the group but resource is not getting revoked. This is happening only for the old uses..for the users which i created now it working fine..i mean its resource is getting revoked.
    (Retrofit access policy" is checked on the Access Policyand Revoke if not longer applied is checked.)
    For the old users i see the POl_Key is null, for new users i see a value '10'. So i updated the pol_key for old users same as it got generated for new users '10'.
    i even updated the form version too but still revoke doesn't work.
    I cant go for the below approach..
    In order to apply a newly created Access Policy on existing users, one has to make sure that:
    1) "Retrofit access policy" is checked on the Access Policy.
    2) Then run the "Set User Provisioned Date" Schedule task to apply the Access Policy on the existing users in OIM.
    Note: After 9.1.0.1 BP03 the access policy execution has been moved to a new scheduled task "Evaluate User Policies" as mentioned inDocument 839368.1 :How to Use Access Policies to Provision with Groups.
    Is there any other approach i can try.. if you have any idea please reply me asap
    Thanks..

    Thanks for the reply kevin..
    We decided to try the Schedule task (Set User Provisioned Date).
    But i see one problem here after seeing this post in metalik --> Can Access Policies Manage The Life-cycle Of Users Created via Reconciliation? [ID 1136540.1]
    According to this post Access Policies framework does not manage users who are obtained either through trusted reconciliation or target reconciliation.
    Is there any custom way to achieve this??
    How does the access policy framework revoke resource work? (revoke if no longer applies)??
    Edited by: IDMuser19 on Jun 21, 2011 11:43 PM

  • How to create Authorization policy using OIM 11g API

    Hi,
    Could you please let me know how to create Authorization policy using OIM 11g API.
    Thanks

    Constructing A Policy Programmatically
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27154/cons_policy_prog.htm#CHDHACBF
    api ref for PolicyStore
    http://docs.oracle.com/cd/E21764_01/apirefs.1111/e22649/oracle/security/jps/service/policystore/PolicyStore.html#createApplicationPolicy_java_lang_String_
    something like below code to start with
    try {
    JpsContextFactory ctxFact;
    ctxFact = JpsContextFactory.getContextFactory();
    JpsContext ctx;
    ctx = ctxFact.getContext();
    PolicyStore ps = ctx.getServiceInstance(PolicyStore.class);
    if (ps == null) {
    // if no policy store instance configured in jps-config.xml
    System.out.println("no policy store instance configured");
    return;
    ApplicationPolicy ap = ps.createApplicationPolicy("Trading", "Trading
    Application","Trading Application.");
    } catch (JpsException e) {
    }

  • Error in creating approval policy in OIM 11g

    hi...
    i am trying to create approval policy in OIM 11g. But after giving the details for first step, it gives the following error-
    "Approval policy validation failed with oracle.iam.request.exception. ApprovalPolicyServiceException:An error occured while searching request model <policy name>"
    Please let me know the coz of this error and the way to resolve it.

    If you are using JDeveloper , can you able to get class after giving "." .If yes no than it is the problem with the jar file you are using .Check whether you can able to import oracle.iam.authzpolicydefn.api.Feature.
    Thanks ,
    Animesh anand

  • Is it possible to delete an Access Policy on OIM 11gR2?

    Hello,
    Is it possible to delete an Access Policy on OIM 11gR2?
    I have created an Access Policy and associated it with a Role.
    But now, due to changes, this Role should not trigger an Access Policy anymore.
    I haven't found a way to disassociate the Access Policy from the Role neither a way to delete the unnecessary Access Policy.
    Thanks,
    Adriano.

    Hi,
    As far as I know, deleting an access policy is not possible. One solution would be you can create a dummy role which you will never use and remove your existing role from the access policy and assign this dummy role to the policy and save it. That should stop the auto triggering.
    Thanks,
    $id

  • I have a acrobat reader, can I import text delimited data format to a PDF Form so that it can auto fill into forms that was created? If not, what about FDF and XML data

    I have a acrobat reader, can I import text delimited data format to a PDF Form so that it can auto fill into forms that was created? If not, what about FDF and XML data

    Yes, you can do all of that via Tools - Forms - More Form Options - Import Data, if you have Acrobat.
    If you only have the free Reader then you can still do it, but it requires a script.

  • Provision Entitlements using Access Policy in OIM & OIA

    Hi All,
    Access policies in OIM does not allow entitlements definition in it such as defining the AD Groups that needs to be attached to the account which would be provisioned on the target resource when the access policy gets triggered. These entitlements definition in OIM is taken care on the Process Form level, whereas in case of OIA the Provisioning polices allow entitlements definition according the resource type in the policy level. It would be of great help if you could help us in understanding how the import and export of access policy data between OIA and OIM would be feasible with these differences in place
    Appreciate any helpful pointer on this.
    Thanks,
    RPB
    Message was edited by: RPB25

    You can edit the Access Policy, select the Resource added-Provide more information, If it has a child table, you can add entitlement to it. you can also add entitlement while exporting OIA policies using accesspolicy api of OIM. But just chek after importing to OIM, the access policies order will be messed.
    sjit

  • Not able to get the AD organizations list while creating access policy

    Hi All,
    Had created IT Resource for AD server, and was able to successfully connect to it. And Now when I try to create a access policy, where I am not able to view any organization from AD.
    Can someone please let me know how to resolve this.
    Thanks in advance.....
    Regards
    Arun

    Please check the error log which I am getting when I ran the schedule job
    ======= Start Stack Trace =======================>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ADLookupReconTask : performReconciliation>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <Description : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecu
    rityContext error, data 52e, vece ]>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.exception.ConnectionException: [LDAP: error code 49 - 80090308: LdapErr: D
    SID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
    at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
    at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
    at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
    at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
    at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    >
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <================= End Stack Trace =======================>
    Based on which I had checked the credentials I provided, and they are correct. I am able to connect to AD with same credentials when I create new IT Resource.
    Not sure what went wrong
    Regards
    Arun

  • Create Sales order with DI API.

    Someone can help me to create an  Sales Orde with DI API. Thanks.

    Hi CarlosD,
    I am not sure which programming language you are using, but here's an example of creating a sales order in VB.net.  I assume you have made a connection to the company object.
    Dim oOrder As SAPbobsCOM.Documents
            oOrder = oCompany.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oOrders)
            oOrder.CardCode = "C1000"
            oorder....
            oOrder.Lines.ItemCode = "A1000"
            oOrder.Lines.Quantity = 5
            oOrder.Lines.Add()
            oOrder.Lines.ItemCode = "A1001"
            oOrder.Lines.Quantity = 2
            oOrder.Lines.Add()
            oOrder.Lines.ItemCode = "A1003"
            oOrder.Lines.Quantity = 1
            If oOrder.Add() <> 0 Then
                MessageBox.Show("Error: " & oCompany.GetLastErrorDescription)
            End If
    Hope it helps,
    Adele

  • FormData Information updation with OIM APIs

    Hey Guys,
    I try to use the OIM APIs to update a custom field that is present on a formdata.
    e.e: in the web base ui, you search for a user, go to resource profile, and then I have my OID provisioned resource, when I click on view, I have the a formdata that popups with fields taht I want to update.
    I've done the following until now:
    - search the user with the findUsersFiltered API to retreive the User.key
    - search the object associated to the user by using getObjects with the User.Key retreived
    This search return a list of objects AND I can identify my provisioned Object:
    The informations that seems usefull are:
    * Users-Object Instance For User.Key-value
    * Object Instance.Key-value
    * Objects.Key-value
    * Process Definition.Process Form Key-value
    I'm block there, I'm not sure the different options for:
    - reading the form data field for this resource
    - updating some form data for this resource
    Any help would be great !

    I've done it,
    For information it was with using Process Definition.Process Form Key-value

  • How to track a request id through an access policy in OIM

    lets say User-A requests a job role on behalf of User-B and this job role has a access policy attached to it, to provision the user to AD and SAP.
    Now we want an email sent to user-A (i.e the user-A who is responsible for job role assignment which made the access policy to trigger the provisioning of User-B to the SAP ) once User-B is provisioned to an Resource for the first time.

    You can find the personA usr_key from upp and upd table.
    In upp table it is Coulmn name UPP_UPDATEBY
    In upd table Coulmn name is UPD_CREATEBY
    and for the status check the coulmns (UPD_ALLOW_LIST,UPP_ALLOW_LIST)
    Thanks..
    Edited by: IDMuser19 on Sep 2, 2010 3:27 PM

  • Configuring Access Control with OIM 11gR2

    Hi,
    I have to configure Access Control resource with OIM 11gR2. Kindly share relevant pointers.
    Best Regards,
    Varun

    I think this link will be Helpful
    22.5.1 Configuring Oracle Application Access Controls Governor
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/segduties.htm#OMDEV3394

  • I created a website with iWeb and can't remember who is the web hosting service. How can I find it.

    I created a website with iWeb and now I have forgotten what web host I signed up with.  How can I find out? The website is still working.

    Hi,
    Do you have a link to that Website?

  • With new updates from Acrobat Read my computer freezes and I can not fill in forms anymore, how do I fix these problems?

    After updating Acrobat Reader my computer now freezes when I try to fill in forms using Acrobat Reader, this never happen before! Now the only way to unfreeze my computer is to turn it off and restart it, which is not how a computer is suppose to be turned off as nothing responses to get it unfrozen(ESC., Contol-Alt-Delete)! The I shows up as if I am able to fill in forms, but after trying to fill in the form numerous times various ways, it always ends up freezing my computer up! I HATE THE NEW UPDATES! Why can't I speak with a live human, through Adobe? I would not want to buy anything from any company which would not allow me support by talking to a live human over the phone, as typing messages can be misunderstood! Their is no point to have Acrobat Reader any more if it does not allow me to fill in forms! I could use the reader that came with the computer! It is sad that for myself filling forms using Acrobat Reader was nice since there are times I am unable to write anything due to tremors, unfortunately I am not alone in this type of medical problem and we the disabled the majority of us are on Social Security! Everyone know that Social Security does not give their recipients enough money to live off of! It is sad when a person is ill they lose more than their livelihood, so called friends abandon you too! So how can I fix the freezing problems and is there any Adobe that I can fill in forms which will not cost me money and or another company that may offer this free of charge?

    Do you have that problem when running in the Firefox SafeMode? <br />
    [http://support.mozilla.com/en-US/kb/Safe+Mode] <br />
    ''Don't select anything right now, just use "Continue in SafeMode."''
    If not, see this: <br />
    [http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes]

Maybe you are looking for