Custom role creation using secatt

Similar Messages

• Role Creation using CAT Scripts

  Hi,
  Step by step procedure needed.
  I need role creation using scripts(SECATT),org values that needs to maintain
  is full authorization.
  pls help me.
  ram

  Hi Ram,
  There is a SECATT tutorial here: http://www.*********************/tutorials/secatt_user_create.html
  If you learn that & the principles associated with SECATT then you can apply that to creating and populating roles.
  In my opinion SCAT is much easier to use, though less flexible,

• Problem in customer master creation using BAPI_CUSTOMER_CREATEFROMDATA1

  Hi Guru's...
  i am unable to go forward...
  can you please help me out in this customer master creation....
  what are the fileds i am using while creating in XD01 (account group,name,country)then i am able create and the customer number is autogenerated.
  using same field values i am trying to test the BAPI initially but i am unable to execute the BAPI BAPI_CUSTOMER_CREATEFORMDATA1.
  in this one draw back is when compare to the XD01 peocess is account group.
  account group is mandataory in XD01 process and in BAPI test there i sno field for giving this account group field value.....may be this is one reason....(if it is mandatory where i have to provide in BAPI test..)
  and i tried in BAPI test using customer reference ID also....
  please guide me....
  please let me know if my question is not clear...
  Thanks in advance
  Srinivas...

  thanks rajani ur valuble reply..
  but i am looking for creating at a time 'n' number of customer's using BAPI (the coustomers data will be in flat file in presentation server....)
  please advise me ..
  let me know if my question is not clear...
  thanks in advance
  srinivas....

• Customizing Role creation form??

  Hi,
  We have requirement to customize the Role creation form. We have to store extra information in the role object. I know that we can store extra information by using properties attrinute of the Role. But the question is how to expose this to administrators through UI?
  I don't find any form mapping for role creation in the "Forms and Process Mappings" section. Anybody knows how to achieve this requirement? What is the default form used for role creation?
  Thanks in advance.

  There's a userForm configuration object called "Role Form" that is used when you create a new Role.
  You can add a new field to this form like so;
  <Field name='properties.Department'>
  <Display class='Text'>
  <Property name='title' value='Department'/>
  <Property name='disabled'>
  <Boolean>true</Boolean>
  </Property>
  </Display>
  </Field>
  Then the Department attribute will be saved against the Role attribute.
  Is this what you're looking for?
  Cheers,
  Paul

• Customer master creation using IDOC

  Hi friends,
             I am trying to create customer master into SAP using Idoc. Here pblm is some partner functions already defaulted i want to create some new entries in partner functions when i try to do it online its working fine when i try with idoc the defaulted partner functions are appears double times can any one has any idea whts happening.
  E1KNVVM   
      E1KNVPM (Master customer master partner roles)
          MSGFN : Function
          PARVW : Partner function
          KUNN2 : Customer number of business partner
          DEFPA : Default partner
          KNREF : Customer description of partner 
          PARZA : Partner counter
  the pblm is with these segment.
  Thanks,
  Naren.

  Hi naren,
  The segment E1KNVPM is standard one.Nothing can be done over it . U shold create new segments in we31 and add as
  extension to the basic type and try..
  Regards,
  Nagaraj

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .

• Custom field creation using ajax in SP 2010

  Hi,
  If anybody create custom field using ajax toolkit, kindly share me the link or steps.
  Thanks,
  Senthil

  yes. I have created custom field using Ajax toolkit which one available by default in VS 2010 under Ajax controls menu. do we need any other details on this, let me know.
  I just drag and drop the Ajax update panel in aspx page that used in custom field solution. then i just run the code and see the result on the new form in  the custom list. so i dont think, we need to do more work on this.
  Thanks,
  Senthil

• 11g R2: Role creation using API

  I am trying to create a role using OIM API RoleManager
              RoleManager roleService = oimClient.getService(RoleManager.class);    
              Role roleObj = new oracle.iam.identity.rolemgmt.vo.Role("");
              roleObj.setAttribute("Role Name","SampleTestRole");
              roleObj.setAttribute("Role Display Name","Sample Test Role");
              roleObj.setAttribute("Role Description","Sample Test Role");
              System.out.print(roleService.create(roleObj));
              System.out.print("Role has been created.... ");
  I am getting the following exception:
  oracle.iam.identity.exception.RoleCreateException: Orchestration process with id 14915, failed with error message null.
    at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
    at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy2.createx(Unknown Source)
    at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
    at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)

  Tried as suggested in the link posted but still getting the same exception.
          Role managerRole=new Role("powerUser");
          managerRole.setName("powerUser");
          managerRole.setDisplayName("powerUser");
  oracle.iam.identity.exception.RoleCreateException: Orchestration process with id 14930, failed with error message null.
    at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
    at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy4.createx(Unknown Source)
    at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
    at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
    at $Proxy5.create(Unknown Source)

• Role Creation using SCAT-Urgent.....

  Hi All,
  I got a spread sheet with roles and transactions to be included in each role.Can anyone let me know how to Map this transactions to roles using SCATT?Please explain in a procedure which would be helpfull to me.Points will be rewarded to the answers.
  Regards
  Krishna

  Hi Krishna,
  If yor are just asking about running a script, than follow the steps below:
  -Open the file, with excel and edit the data as per the requirement, and save the text file
  -To execute the test case using the external variant from file, from the initial CATT screen, enter the test case name and choose Execute.
  In the field Variants, select External from file and choose Choose. Select the file created above, and choose Open. Under Processing mode, select Errors, and choose Execute.
  Note: When you use this method, the file must be imported each time the test case is executed (file remains only on PC).
  If you are very new to CATT script, than use browse the link below:
  http://www.*********************/tutorials/scat.htm
  Hope it helps.
  Please award points if it is useful.
  Thanks & Regards,
  Santosh

• Customer -master upload using bapi

  hai ..
    can any body send me some example for customer master  creation using bapi ..
    in this account -group is mandatary..
  but i did.nt find  acc-group in bapi structures ..
  plz do helpful ..
  Tanx in advance ..

  Hi,
  Check the below links.
  [http://abaplovers.blogspot.com/2008/03/customer-master-bapis-function-modules.html|http://abaplovers.blogspot.com/2008/03/customer-master-bapis-function-modules.html]
  [http://abap.wikiprog.com/wiki/BAPI_CUSTOMER_CREATEFROMDATA1|http://abap.wikiprog.com/wiki/BAPI_CUSTOMER_CREATEFROMDATA1]
  Reward if found helpful.
  Regards,
  Boobalan Suburaj

• Custom List Form creation using Powershell - SharePoint 2013

  Hi,
  I have a custom List called 'IssuesList' with 4 fields - "IssueTitle","IssueID","IssueDesc","Status"
  While displaying display form I should show 3 fields expect Issue ID i.e. IssueID should be hidden.
  and on edit form only Status field should be editable. So using SharePoint designer I created respective Edit form and display forms and changed XSLT to control the display mode on the fields.
  I have everything scripted in powershell till now - creation of custom list, publishing pages, webparts etc. however I am looking for how to provision or associate these 2 list forms with IssuesList after I create the list in new site.
  I have restrictions on using wsp and site/list template due to business needs. So I need to know if there is any way I can upload these 2 files after I create custom list in powershell and associate them as defaultdisplay and defauteditforms?
  Please advise.

  Hi,
  Per my understanding, you might need to apply these custom forms to a list after list creation using PowerShell.
  With PowerShell with SharePoint Object Model, we can hide fields on list forms.
  The similar thread below with code snippet will provide more information about this:
  https://social.technet.microsoft.com/Forums/en-US/ee6fc2eb-197f-4144-94fa-8a4e438675d9/hide-a-field-from-edit-form-list?forum=sharepointgeneralprevious
  If there may be other requirements except for hiding fields, as you have limitation on using custom solution package(which should be preferable in such scenario),
  a workaround I can provide is that, after list creation, you can add Content Editor Web Part contains the CSS style or JavaScript to the form pages of a specific list, it will help you hide/disable the specific elements, this can be achieved programmatically.
  The code below can add a Content Editor Web Part to the DisplayForm of a list(though in C#):
  public static void AddCEWP()
  SPLimitedWebPartManager manager = null;
  SPFile file = null;
  using (SPSite site = new SPSite("http://sp"))
  using (SPWeb web = site.RootWeb)
  try
  web.AllowUnsafeUpdates = true;
  file = web.GetFile(web.Url + "/Lists/List018/DispForm.aspx");
  manager = file.GetLimitedWebPartManager(PersonalizationScope.Shared);
  ContentEditorWebPart webPart = new ContentEditorWebPart();
  XmlDocument xmlDoc = new XmlDocument();
  XmlElement xmlElement = xmlDoc.CreateElement("HtmlContent");
  //xmlElement.InnerText = "<strong>Hello World!</strong>";
  //write the custom CSS style or JavaScript here
  string content = "<style>your custom style here...</style>";
  xmlElement.InnerText = content;
  webPart.Content = xmlElement;
  manager.AddWebPart(webPart, "Top", 0);
  manager.SaveChanges(webPart);
  web.Update();
  catch (Exception ex)
  //Utility.SPTraceLogError(ex);
  finally
  if (manager != null)
  manager.Dispose();
  web.AllowUnsafeUpdates = false;
  About how to hide fields on Standard List Forms using jQuery:
  http://social.technet.microsoft.com/wiki/contents/articles/21730.sharepoint-2010-conditionally-hide-fields-on-standard-list-forms-using-jquery.aspx
  http://stackoverflow.com/questions/10010405/how-to-hide-a-field-in-sharepoint-display-form-based-on-the-field-name-jquery
  Thanks
  Patrick Liang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Patrick Liang
  TechNet Community Support

• How to use the custom role which is created by user

  Hi,
  Can any one suggest how to use custom role created by developer in webcenter portal.
  Thanks in Advance
  Regards,
  Ankur Bhatia

  Hi Daniel,
  Thanks for ur Reply,
  But i am not able to understand where to write the above code.
  Also Suppose if a role "GeneralAdmin" is activated for a user then how it behaves like a "GeneralAdmin".
  Means where is the code was written so that it behave like GeneralAdmin after activation.
  Thanks & Regards,
  Ankur Bhatia
  Edited by: 986921 on Mar 5, 2013 3:49 AM
  Edited by: 986921 on Mar 5, 2013 3:49 AM

• Use of default XACML with custom role mapper and authorization provider

  Hi,
  Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
  My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
  Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?

  I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
  Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
  The chosen approach depends on where you're getting the role information from.

• OIM 11g add custom role on user creation

  Hi,
  I when i create a user in OIM11g by default it gets added to "ALL USERS" role.
  I have created a new role and want to add user to this custom role while creating users. How can i do this in OIM11g
  Regards,
  Ab
  Edited by: 824473 on Jan 18, 2011 2:33 AM

  set Auto submit true. you can't set the value for ValueChangedListener property in current release of R2. This is bug and you can raise SR for same. But, this won't cause saving data into USR table. ValueChandedListener property for Modify User page only.
  As you said, data is not being saved in the USR table then verify your steps again:
  create sandbox->users->create user/edit user/view user details page->click customize->leftTopcorner->View->Source->select area->edit->Click Add Content (on left top)->Data Component catalog->scroll down and select User VO->Refresh dialogue box->select the field and click 'Add'->on dropdown select 'ADF Input test w/label/for view user page it should be output test w/label->close that window->Check if it added to create user form->save and close customization
  for user detail page select "Managed User->UserVo1 " as datacomponent
  Re: UDF creation on User form in 11gR2
  for valuechangedlistener the fixes all ready available. you have to do some workaround as other poster has given in above link:
  1.Create a sandbox and activate it. Open the page that contains the UDF, and click Customize.
  2.Select View, Source.
  3.Note the value of the valueChangeListener property of a predefined field. To do so:
  a.Click the predefined field, and then click Edit to open the Component Properties dialog box.
  b.Copy the value of the valueChangeListener property.
  4.Export the sandbox as a ZIP file.
  5.Extract the ZIP file and edit the jsff.xml file for the specific screen.
  6.Add the following attributes to the ADF tag, for example af:inputText, for the UDF:
  ◦valueChangeListener=VALUE_COPIED_IN_STEP3
  ◦autoSubmit="true"
  7.Create the ZIP file for the sandbox.
  8.Import the sandbox.
  9.Publish the sandbox.
  Edited by: Nishith Nayan on Sep 21, 2012 1:04 PM

• Disable the buttons for creation using PFCG roles

  Hi SAP Experts,
     How to disable the buttons for creation using PFCG roles?
  Regards,
  Jaya

  Hi,
  u have to write the code in <b>at selection-screen output</b> event
  AT SELECTION-SCREEN OUTPUT.
    LOOP AT SCREEN.
      IF  <b>P_PRINT</b> = 'X'.  " this is radiobutton
        IF screen-name = 'P_RANGE'.
          SCREEN-INPUT = 0.
        ENDIF.
        modify screen.
      ELSE.
        IF screen-name = 'S_LFDAT-LOW'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_LFDAT-HIGH'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_WERKS-LOW'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_WERKS-HIGH'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'P_LIFNR'.
          SCREEN-INPUT = 0.
        ENDIF.
        IF screen-name = 'S_BUKRS'.
          SCREEN-INPUT = 0.
        ENDIF.
        modify screen.
      ENDIF.
    ENDLOOP.
  Hope it helps.
  Regards,
  Sonika