Custom plugin based on user role membership

Hi all,
I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
I'll try to explain the scenario more in details:
1. I create a user identity through a request
2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
- Email notifications after role grant
- Re: OIM 11g Role Membership Event Handlers.
I tried to implement what explained in the threads, but I would be sure about what I've done.
Here what I've done:
1. created plugin.xml file
2. created EventHandler.xml metadata file
3. developed a java calss for testing pourpose
4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
6. copied the zip file to $OIM_HOME/server/plugins
7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
8. built the wlfullclient.jar (only the first time)
9. registered the custom plugin
10. created the custom plugin dataset file
11. imported it in OIM database using "weblogicImportMetadata" utility
12. purged cache using "PurgeCache" utility
NOTE: all the steps above was executed using the system user running OIM process
test java class
package com.zeropiu.sky.custom.eventhandlers;
import java.io.Serializable;
import java.util.HashMap;
import com.thortech.util.logging.Logger;
import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
import oracle.iam.platform.kernel.spi.PostProcessHandler;
import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
import oracle.iam.platform.kernel.vo.BulkEventResult;
import oracle.iam.platform.kernel.vo.BulkOrchestration;
import oracle.iam.platform.kernel.vo.EventResult;
import oracle.iam.platform.kernel.vo.Orchestration;
import oracle.iam.platform.context.ContextManager;
import java.util.Set;
public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
     private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
private static final String className = "TestUserAnonimi";
     @Override
     public void initialize(HashMap<String, String> arg0) {
          // TODO Auto-generated method stub
          String methodName = "initialize";
          System.out.println("###### " + className + " - " + methodName);
     @Override
     public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
          // TODO Auto-generated method stub
          String methodName = "isApplicable";
System.out.println("###### " + className + " - " + methodName + " - STARTED");
System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
Set<String> allContextManagerParams = allContextManagerPairs.keySet();
String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
for (int i = 0; i < parameters.length; i++) {
          System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
System.out.println("###### " + className + " - " + methodName + " - ENDED");
return true;
     @Override
     public boolean cancel(long arg0, long arg1,     AbstractGenericOrchestration arg2) {
          // TODO Auto-generated method stub
          String methodName = "cancel";
          System.out.println("###### " + className + " - " + methodName);
          return false;
     @Override
     public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
          // TODO Auto-generated method stub
          String methodName = "compensate";
          System.out.println("###### " + className + " - " + methodName);
     @Override
     public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
          // TODO Auto-generated method stub
          String methodName = "Eventresult execute";
          System.out.println("###### " + className + " - " + methodName);
          return null;
     @Override
     public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
          // TODO Auto-generated method stub
          String methodName = "BulkEventResult execute";
          System.out.println("###### " + className + " - " + methodName);
          return null;
plugin.xml file
<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
<plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
</plugin>
</plugins>
</oimplugins>
EventHandler.xml metadata file
<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
</eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
###### TestUserAnonimi - initialize
###### TestUserAnonimi - isApplicable - STARTED
###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - ENDED
##### TestUserAnonimi - BulkEventResult execute
Thanks,
Daniele
Edited by: 886636 on Jan 24, 2012 2:53 AM
Edited by: 886636 on Jan 24, 2012 2:53 AM

Probably I don't explain myself clearly....sorry for that!
Anyway you are right, the role of the user can change after the user is initially provisioned.
I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
Is it possible with pre-populate adapter?
Sorry again for my not very clear explanations.
Daniele
Edited by: 886636 on Jan 24, 2012 4:10 AM

Similar Messages

Custom Install of Acrobat, how to enable / disable Office plugin based on User group membership

Hi,
Just configuring Adobe Acrobat X (10.1.5) on Citrix Xenapp 6.5 (Win 2k8 R2)
I've set up a cusom install and have already removed the context menus and a few other bits and bobs.
I wondered if it was possible to essentially add the Office plugins in but only for certain users.
I've removed the plugins successfully by turning off the 5 / 6 features (IE, office , outlook etc)
Now I just wondered what files / registry entries I could create on login (using Group policy preferences etc) which will add the plugins back in.
Thanks
Chris

okay no replies yet but I've just removed the office / IE features for now, adding the context menu items in for specific users is working good enough at the moment. if anyone does know how to do this just reply to this at any point i'll pick the mail up.
thanks

OIA : Import Users, Accounts, User Role Memberships and Entitlements

Hi,
I have intgrated OIM 11.1.1.5 with OIA 11.1.1.5. I am trying to execute scheduled job in OIA " Import Users, Accounts, User Role Memberships and Entitlements"
which in turn invokes scheduled job some of them are :
OIM Staging Tables Collection Status Failed with following exception
Accounts imported from OIM staging table : Status In progress for more than 2 hours
Please provide pointer to resolve this :
11:06:15,915 DEBUG [RbacxDataImporterImpl] --> imported 28 metadata items StopWatch 'import Attribute Value Metadata': running time (millis) = 0
11:06:15,917 INFO [IamDbEntitlementImportHelperImpl] Imported 28 entitlements
11:06:15,917 DEBUG [DBIAMSolution] publishing import completed event...
11:06:15,917 DEBUG [AuthenticationEventsListener] Listening application event
11:06:15,917 DEBUG [DefaultIAMListener] Queuing IAM Event.com.vaau.rbacx.iam.IAMEvent[source=com.vaau.rbacx.iam.db.DBIAMSolution@133e9a5e]
11:06:15,917 DEBUG [IamDbEntitlementImportHelperImpl] Completing import run id ---> 31
11:06:15,917 DEBUG [DefaultJobMonitor] MonitorMap{status=3, totalCount=28, currentCount=28, iamType=ENTITLEMENTS IMPORT}
11:06:15,917 DEBUG [DefaultJobMonitor] MergedMap{status=3, totalCount=28, currentCount=28, iamType=ENTITLEMENTS IMPORT}
11:06:15,917 DEBUG [DBIAMSolution] Importing Users
11:06:15,918 DEBUG [DefaultJobMonitor] MonitorMap{status=6, totalCount=0, currentCount=0, iamType=DATA IMPORT}
11:06:15,918 DEBUG [DefaultJobMonitor] MergedMap{status=6, totalCount=0, currentCount=0, iamType=DATA IMPORT}
11:06:15,918 DEBUG [IamDbUserImporterImpl] DBUsers Import Start ...
11:06:15,918 DEBUG [DBIAMSolution] publishing import starting event...
11:06:15,918 DEBUG [AuthenticationEventsListener] Listening application event
11:06:15,918 DEBUG [DefaultIAMListener] storing new ImportRun
11:06:15,918 DEBUG [SequenceGeneratorServiceImpl] Getting MemorySequence for sequence name com.vaau.rbacx.iam.domain.ImportRun
11:06:15,918 DEBUG [SequenceGeneratorServiceImpl] Returning count for sequence name com.vaau.rbacx.iam.domain.ImportRun, count = 32
11:06:15,920 DEBUG [SequenceGeneratorServiceImpl] Getting MemorySequence for sequence name ImportRunStepId
11:06:15,920 DEBUG [SequenceGeneratorServiceImpl] Returning count for sequence name ImportRunStepId, count = 32
11:06:15,924 DEBUG [IamDbUserImporterImpl] Starting import run id ---> 32
11:06:15,987 ERROR [IamDbUserManagerImpl] Problem retrieving IAM userIds from db
*org.springframework.jdbc.UncategorizedSQLException: SqlMapClient operation; uncategorized SQLException for SQL []; SQL state [null]; error code [0];*
--- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
--- The error occurred while executing query.
--- Check the select id from oia_staging_users .
--- Check the SQL Statement (preparation failed).
--- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:
--- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
--- The error occurred while executing query.
--- Check the select id from oia_staging_users .
--- Check the SQL Statement (preparation failed).
--- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
     at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:83)
     at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
     at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:212)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
     at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
     at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
     at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
     at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
     at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
     at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy132.dataLoad(Unknown Source)
     at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
     at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
Caused by: com.ibatis.common.jdbc.exception.NestedSQLException:
--- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
--- The error occurred while executing query.
--- Check the select id from oia_staging_users .
--- Check the SQL Statement (preparation failed).
--- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
     at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryWithCallback(MappedStatement.java:201)
     at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(MappedStatement.java:139)
     at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:578)
     at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:552)
     at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:118)
     at org.springframework.orm.ibatis.SqlMapClientTemplate$3.doInSqlMapClient(SqlMapClientTemplate.java:298)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:209)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
     at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
     at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
     at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
     at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
     at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
     at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy132.dataLoad(Unknown Source)
     at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
     at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     ... 1 more
Caused by: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
     at oracle.ucp.util.UCPErrorHandler.newSQLException(UCPErrorHandler.java:541)
     at oracle.ucp.jdbc.PoolDataSourceImpl.throwSQLException(PoolDataSourceImpl.java:588)
     at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:277)
     at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:647)
     at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:614)
     at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:608)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at com.vaau.commons.springframework.aop.interceptor.DataSourceInterceptor.invoke(DataSourceInterceptor.java:65)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy131.getConnection(Unknown Source)
     at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:113)
     at org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy$TransactionAwareInvocationHandler.invoke(TransactionAwareDataSourceProxy.java:210)
     at $Proxy118.prepareStatement(Unknown Source)
     at com.ibatis.sqlmap.engine.execution.DefaultSqlExecutor.prepareStatement(DefaultSqlExecutor.java:519)
     at com.ibatis.sqlmap.engine.execution.DefaultSqlExecutor.executeQuery(DefaultSqlExecutor.java:173)
     at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.sqlExecuteQuery(MappedStatement.java:221)
     at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryWithCallback(MappedStatement.java:189)
     at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(MappedStatement.java:139)
     at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:578)
     at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:552)
     at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:118)
     at org.springframework.orm.ibatis.SqlMapClientTemplate$3.doInSqlMapClient(SqlMapClientTemplate.java:298)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:209)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
     at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
     at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
     at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
     at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
     at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
     at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
     at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy132.dataLoad(Unknown Source)
     at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
     at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
     ... 1 more
Caused by: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
     at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:421)
     at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:389)
     at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:134)
     at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1613)
     at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1421)
     at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:488)
     at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:988)
     at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:541)
     at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:655)
     at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:271)
     ... 51 more
Caused by: java.sql.SQLRecoverableException: IO Error: Invalid number format for port number
     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
     at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:538)
     at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
     at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:130)
     ... 58 more

Hi Pallavi,
i have the same problem, can you provide me more specific details?
-exactly oimjdbc.properties location please?
-which is what I have to modify?
Thanks in advance!

Customize portal "Help" link based on user roles

Is there a chance to customize the Help link URL in Masthead iView based on user roles? The use case we have is that the "Help" should be different for users of the purchasing company from those of the supplying company.
Thanks.

Hello Jay.
This is a multi step process.
Step 1 : Create 2 desktops with everything as same but different mastheads.
- Copy your existing desktop and paste it in your working folder in PCD (Not select Delta link)
- Now download masthead par file.
- Modify your masthead par file where you will disable help link. Rename you masthead file (newMasthead.par) and export it from NWDS. Now import it in portal.
- open your framework page in desktop2. Just add your new masthead in it. Enable the new one and disable the existing one.
Step 2 : Create 2 groups of users. (First one belong to users who wish to see help link . i.e existing desktop) (Second of thoese users who do not have to see help link i.e. newDesktop)
- Assign users to appropriate groups.
- Assign same roles to both groups.
Step 3 : Modify main rule section in PCD.
- If group = HelpLinkUsers Then Desktop1
If group = NoHelpLinkUsers Then Desktop2.
You may find above process bit tedious and lengthy.
But if you wish to further customize your portal then this will be needed one day.
If you find problems in implementing any step then please search in google or SDN.
Please revert back on any specific question on above approach you may face while implementing.
Thanks

Content delivery in portal based on user roles ?

Portal Server new bee...
Please can anyone point me to guides/url where i can look to enable content delivery in a portal based on user roles and how to establish SSO.
I have installed Portal Server6.0 and iplanet Directory Server Management Edition installed.
I did go through PS Development guide and got some sample containers up and running in the portal.
Thanks.

For the role-based delivery, Comment 1 sends you in the right direction. Here are a couple things to keep in mind as you read through the customization guide.
The basic gist of what you need is to define your organization profiles with all the services defined at the org level. Then you can define simple profiles at the role level. These will probably focus around the selected and available attributes on the table containers.
Then you might want to pay particular attention to the merge, lock, and propogate attributes. These will allow you to define how the role affects the availability of channels (does the role add, remove, or force the channel?). The easiest thing to do is probably to start with a core group of channels, and then have each role define additional channels that are of interest and should be added to the selected/available lists.
Having roles remove channels will make matters a little more confusing and harder to maintain.

Display interactive report rows based on user role.

Hello,
Can anyone please help me out with this issue. i have an interactive report and now i want to make this report as conditional based on user role. Like i want to dispaly all the report rows for an Admin user role and for a developer I want the report to display only his/her rows. Can anyone please help me how can I resolve this issue.
Do I need to have two separate reports for each role or can we make achieve this with only one report.
thanks,
Orton

Here is a possible answer.. Build your Interactive report off of a collection. And when you build the collection you can build an if statement to either build your select with or without the filtering of user_id..
See this blog entry for how to build a interactive report from a collection: http://www.oracleapplicationexpress.com/tutorials/71-oracle-apex-interactive-report-based-on-plsql-function
Thank you,
Tony Miller
Webster, TX

Show or hide ADF custom tab based on user's role

Hi everyone,
I have created a custom tab on the self-service interface (OIM 11.1.1.5) which contains two sub-tabs. I would like to show or hide one of the sub-tabs based on the role of the currently logged in user. Does anyone know of way to achieve this?
Thank you very much!
Paul

Figured it out. Here's how to do it:
Scenario:
You are working in OIM 11.1.1.x. You create a custom tab on the self-service page. This tab should only be visible to users with a certain role, say XYZ.
Step 1: Create a Boolean variable in the managed bean that will be true if the user has the role, false otherwise.
Step 2: Create a class called CurrentUser or something along those lines that will grab the logged in user's roles and test to see if he/she has the required role. It should set a variable within the class to true or false. Or you can skip creating a class and put this code in your managed bean constructor so that it runs as soon as the user goes looking for the tab. The whole point of this, regardless of how you do it, is to end up with a Boolean variable that is set to true or false depending on the role requirements.
Step 3: In your .jsff file (the one with the tab you want to show/hide in it), find the tab and look for an attribute named "rendered." This will likely be located in your <af:showDetailItem> tag under your <af:panelTabbed> tag. This controls whether or not the tab is displayed. So set the rendered value to the value of the boolean you created earlier, like this:
rendered=#{somebeanname.yourbooleanvariablename}"
Hence, when your variable is false, this tab will not be shown. If it's true, they will see the tab. That's all there is to it. :-)

Displaying custom content based on user's roles

Hi experts,
I have been asked to look for a solution to display custom content based on the current user's roles.
Basically It would be a simple page (or several pages I don't know yet) that displays links to others systems in the enterpise landscape. Links have to appear but they may be "desactivaded" for some users.
So i'm thinking of a custom portal app in java that display this page embedded in an iview, a test to check the current user permissions and some css / javascript magic to do the trick.
What do you think ? Would there be another solution that I'm missing which doesn't require development ?
I'm open to any suggestion / technology
Regards.

Sounds good,
You can also consider using Service Map iView or Workset Map iView if those links should point to other portal navigation locations:
See more here:
Navigation with a Service Map - Portal - SAP Library
Navigation with a Workset Map - Portal - SAP Library
Best Regards,
Tal

Restricting values of a dropdown based on user roles

Hi,
Is it possible to restrict the values of a custom metadata dropdown based on the user roles (assuming only 1 role is assigned to each user)? Say, based on the role assigned to a user, he/she should see only 3-4 values out of 10 values in a dropdown on the checkin page. Please suggest.
Thanks.

You can get pretty close out of the box using some configuration manager applet voodoo
1)First off create a Table that will contain the options for your list. Create the columns e.g. label and id and then also create a column called dSecurityGroup
2)Add a view based on the table you just created, choose the Security tab and select "Use standard document security"
3)Add some values to your view - make sure that you populate the dSecurityGroup column with real values of security groups
4)Once it is all published, have a look at the checkin and search screens. You should find that UCM will evaluate the options in the same way it would documents - based on the dSecurityGroup value you applied to the row - e.g. you will see an option on the search screen if you have at least R permissions, you will see an option on a checkin screen if you have at least RW permission
Try it out :-)

Date-based group or role membership

Hello,
For a particular application, using Sun ONE DS 5.2, I'd like to be able to define start and end dates for a users membership of a group or a role. I realise I can do this by using an external program to examine start and end date attributes for a user and then adjusting an attribute that either makes them a member of a dynamic group or a role.
But is there any way to do it entirely within the Directory Server itself by clever group/role/CoS definitions and comparison of date attributes ?
Any thoughts / hints / suggestions would be greatly appreciated.

Probably I don't explain myself clearly....sorry for that!
Anyway you are right, the role of the user can change after the user is initially provisioned.
I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
Is it possible with pre-populate adapter?
Sorry again for my not very clear explanations.
Daniele
Edited by: 886636 on Jan 24, 2012 4:10 AM

IBrowser to setup default based on user role or group

Hi all
Need assistance or guidance with ibrowser
Q1 :I have Html droplist with the following options
<Select>
<option value=" HR">HR</option>
<option value="FI">FI</option>
<option value ="QM">QM</option>
</select>
Now i need to select the value based on user group lets say if user belongs in HR the the default option is HR with user log in
can some one assist if possible
Q2 :How do you set up ibrowser to have the above options without using query template

HI
Q1: Check the role of user in IllumLoginRoles and set the value in html dropdown as
document.getElementById("ID").value = "HR"
write this code in onload event of page.
Q2: You can add items in iBrowser on creation event via javascript code.
but for this option also you have to use ant dummy query in background.
Regards
Anshul

Usage of Different Prompt based on Users Role in OBIEE

Hi
I have a requirement(OBIEE Reports) as below.
The Dashboard page will have a Prompt(Drop Down) Say for Geography where it will list all the countries available.When a global user(Role) logs in to the application he should see all the list of available countries along with "All Choice" option in the prompt.But when a Country user(Role) logs in he should see only the country available for him in the prompt without "All Choice" Option.Also if the Country user(Role) belongs to more then one country he should see all countries he belongs to along with the "All Choice" option in the prompt.
Any help on this is Appreciated.
With Regards
Subhadipta Samantray
Edited by: user635206 on Jun 11, 2009 10:22 AM
Edited by: user635206 on Jun 11, 2009 10:23 AM

Hi
Like David points, you may use Security Groups to display 1 or more Countries to the User depending upon 'Global' or 'Country'. You will have to use content filters to reflect the scope of the user in session.
Then 'All Choices' is a prompt front-end feature. You cannot restrict to 'Country' but 'Country' anyway cant see more rows that he is eligible. So, you may consider 'All Choices' for all users.
Try and tell us if this worked for you

How to disable options on Navbar in OBIEE based on user roles?

Hello All
Navbar is basically the header space in OBIEE application that contents stuffs like 'Dashboard', 'Signed in As....', 'Favorite', ''Home" and so on.. I know a lot of these stuffs can be hidden or removed from viewing.. But is there a way to do it to all user group 1 but keep it on for user group 2?
Please shed some light
Thank you

Hi
Have you tried this.
Steps:
1.Edit Dashboard->Add Text from Dashboard Object,write the following code inside that and Tick "Contains HTML Markup"
<script type="text/javascript">
var tds = document.getElementsByTagName('table');
for (var td = 0; td < tds.length; td++) {
if (tds[td].className != 'HeaderTopBar' && tds[td].className != 'HeaderSecondBar' ) {
continue;
if (tds[td].className == 'HeaderTopBar') {
//alert (tds[td].className);
var x = tds[td].parentNode;
//alert (x.className);
x.removeChild(tds[td]);}
if (tds[td].className == 'HeaderSecondBar') {
//alert (tds[td].className);
var x = tds[td].parentNode;
//alert (x.className);
x.removeChild(tds[td]);}
</script>
2.Give Section level Permission->Group 1 Denied and Group 2 Granted.
Plz mark if it helpful

How to hide custom fields in Shopping cart depening on user role

Hi,
We have some custom fields in shopping cart for basic view. Every thing works fine. Now client is asking to hide all the custom fields based on user role.
I found some function module to fund roles. now my main problem is unable to find the cusotm filed screen field name.
When I tryed to find the screen field name using BBPSC02/03, its giving 'GT_DISPLAY_100-FIELD'. If I try to use this field, its not working.
Could you pls tell me how to find custom screen filed name to hide in shopping cart.
Thanks,
Ram

Hi Ram,
As Laurent suggested,to hide the custom fields based on the user role,you need to implement the logic in BADi "BBP_CUF_BADI_2".
You have the importing parameter IV_USER in this BADI.
Pass this parameter to tables AGR_USERS and AGR_USERT to get the user role
OR
Use FM: BAPI_USER_GET_DETAIL
with USERNAME= user id and can retrieve Table: ACTIVITYGROUPS Field:AGR_NAME
if you want the otherway around
you can also use FM: RSRA_USERS_OF_AGR_GET
with I_AGR_NAME= role and you can retieve Table: ACTIVITY_GROUPS_USERS Field: UNAME(usr Id)
Then check the value for the User role as obtained using the above steps and accordingly set the property for the custom fields to hide them.
BR,
Deepti.

Display menu based on sharepoint user roles

Hi,
Could anybody please help me how to display custom navigation menu in sharepoint master page based on user roles
Eg: supose the loggedin user belongs to approver group then it should display entire menu,
if logged in user belongs to designer group it should hide some "ui item" (ex: Report)
Thanks in advance
Rasna

Hello,
If you are using sharepoint server/enterprise then you can also consider audience targetting for the links. You just need to enable publishing feature then set target audience from site action-->site settings-->navigation.
See this to enable publishing feature:
http://office.microsoft.com/en-in/sharepoint-server-help/enable-publishing-features-in-sharepoint-2010-HA010378243.aspx
Hope it could help
Hemendra: "Yesterday is just a memory,Tomorrow we may never see"
Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever
you see a reply being an answer to the question of the thread, click "Mark As Answer
Please feel free to unmark answer if does not resolves your problem.

Custom plugin based on user role membership

Similar Messages

Maybe you are looking for