Disable activities in IDM

Hello,
I must disable activities in idm, someone knows like making?
thanks

You can generally select what a user can and can't do by selecting and de-selecting what Capabilities they have - either directly or through an administrator role. Is that what you're trying to do? If that doesn't get you want you want, let us know as there are some other things to do to provide customized permissions.

Similar Messages

User disabled in LDAP triggers disable identity in IDM?

IDM 7.0 on Sun JES Stack
Authoritative Source is LDAP, Sun Directory Server 5.2
This pertains to Termination e.g. Employee/Contractor gets terminated.
1) When an employee is terminated, her user LDAP record is deleted from LDAP (authoritative source)
2) When a contractor is terminated, her user obuseraccountcontrol = DISABLED in LDAP (authoritative source)
Based on the above two criteria, how do I trigger the Disable User workflow in IDM so that the user's IDM Identity gets disabled?
I've been exploring the LDAP Activation Method/Parameter?
com.waveset.adapter.util.ActivationByAttributePullDisablePushEnable
But am unsure on how to approach this. Has anyone successfully implemented this? Documentation is pretty unclear. Thanks in advance.

Given the below scenarios:
1) When an employee is terminated, her user LDAP record is deleted from LDAP (authoritative source)
2) When a contractor is terminated, her user obuseraccountcontrol = DISABLED in LDAP (authoritative source)
We've resolved #2 using MetaView and Rule. On the LDAP resource adapter itself, we used:
LDAP Activation Method: nsaccountlock
LDAP Activation Parameter: accountLockAttr
(where this is your IDM system attrib specified in resource schema)
In MetaView, for attrib "accountLockAttr", Source: Rule: Is obuseraccountcontrol disabled, Target: IDM, All Resources
In MetaView > Identity Events, we set the Disable event,
Based on that, we believe we can resolve #1 to trigger the Disable User Workflow. The problem is, how do you Re-Enable a user if the user's LDAP record is deleted from the authoritative source (LDAP)?

Disable user thru IDM ...

I added the following code to the bottom of active sync form to disable a user from all resources without luck.
The side effect of the following code is to remove all resource names from waveset.resources list. What did I miss? Thanks in advance for any clue. <FieldLoop for='name' in='waveset.accounts[*].name'> <Field name='accounts[$(name)].disable'> <Expansion> true </Expansion> </Field> <Field name='update.accounts[$(name)].disable'> <Expansion> true </Expansion> </Field> </FieldLoop>

why are you updating the update object?
if you do accounts[Resname].disable = true it will disable the account as well. then use waveset.disable for lighthouse. I did this exact thing last week and it worked fine. IF you have problems, feel free to email me
-Dana Reed
AegisUSA
Denver, Colorado
[email protected]
"Now hiring best in breed IDM professionals..inquire via email"

Find disabled user in idm side or AD resource?

Any disabled user is moved to disabled accounts OU in AD in our enviroment.
What is the best way to check for any disabled user in a workflow? is this on IDM side or in the disabled user's OU in AD?
If so, what would be the correct attribute to use.
Please suggest?
Thanks for your help.
Edited by: @waveset on Mar 3, 2008 1:10 PM
Edited by: @waveset on Mar 3, 2008 1:14 PM

i am trying to get this value at runtime in a form or rule
i am getting the user object as follows:
<defvar name='thisUserObj'/>
<setvar name='thisUserObj'>
     <invoke name='getObject'>
          <new class='com.waveset.server.InternalSession'/>
          <invoke name='findType' class='com.waveset.object.Type'>
               <s>User</s>
          </invoke>
          <ref>accountId</ref>
</invoke>
</setvar>
i SHOULD be able to reference the disabled attribute in any of the following ways, but they all return null:
<notnull>
     <select>
<invoke name='getAttribute'>
     <ref>thisUserObj</ref>
     <s>disabled</s>
</invoke>
<ref>thisUserObj.accounts[Lighthouse].disabled</ref>
<ref>thisUserObj.waveset.disabled</ref>
</select>
</notnull>
What am i doing wrong? Any help is appreciated.
Thanks

To call Parellel N activities in sun idm 8.1

Hi
Is it possible to call N parallel activities in idm.
We want to launch parallel threads which will go to each approval.
We are trying with AND Split and AND join. But we are not able to write dyanmic call to N Parallel activities.
We don't want to mention dynamic activity name
EX:
<Activity id='0' name='Processing' andSplit='true'>
<Action id='0'>
<expression>
<block trace='true'>
     <set name='threads'>
                    <list>
                    <s>1</s>
                    <s>2</s>
                    <s>3</s>
                    </list>
                    </set>
</block>
</expression>
</Action>
          
          <Transition to='Level$(eachlevel)'>
          <block trace='true'>
               <dolist name='eachlevel'>
               <ref>threads</ref>
               </dolist>
               </block>
          </Transition>
<WorkflowEditor x='345' y='383'/>
</Activity>
....

You might want to post this in the Sun IDM forum. Sun Java System Identity Manager
-Kevin

Unable to find disabled users

I used the below to search for all disabled users in the system. I have a disabled user in IDM but the queryResult is null in the log file. Do you have any ideas?
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='queryObjectNames'/>
<Argument name='type' value='User'/>
<Argument name='attributes'>
<map>
<s>dis</s>
<s>true</s>
</map>
</Argument>
</Action>
dis is in the <QueryableAttrNames> list already. It's one of the predefined attributes in this list. I did not add it in.
Thanks

I found the answer. I found it in the WFs, Forms and Views documentation for 7.1. This will find all users who are either disabled or partially disabled.
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='queryObjectNames'/>
<Argument name='type' value='User'/>
<Argument name='single' value='false'/>
<Argument name='attributes'>
<map>
<s>lhdis</s>
<s>true</s>
</map>
</Argument>
</Action>
What I don't understand is lhdis is not defined in the <QueryableAttrNames> list. Below is the <QueryableAttrNames> list out of the box. Only dis but not lhdis. Even though I got the result that I want but I want to know how we can use lhdis when it's not in the <QueryableAttrNames> list???? Anyone knows?
<QueryableAttrNames>
<List>
<String>correlationKey</String>
<String>role</String>
<String>email</String>
<String>name</String>
<String>firstname</String>
<String>lastname</String>
<String>idmManager</String>
<String>prov</String>
<String>dis</String>
<String>locked</String>
<String>user_resources</String>
</List>
</QueryableAttrNames>

Urgent:ActiveSync user provisioning/modify/disablr workflow

Hi
My requirement is
I am using remedy as a authorative datasource.Through ActiveSync i would like to create/update/disable user in idm as well as in target resource. I am not using any form. I am using workflow for that.
For updating user i have a diffrent logic.
Before doing provisioning we need to check user exist or not. If user exist then i need to move transition to update activity.
My question is
1. How can i check user exist or not?
2. If user exist the it should go to update activity. If not exist then it shoul go to provisioning activity.
My target resource is AD and LDAP.
Can anybody paste some sample code so i can do this.
thanks in advance.

Hi
My requirement is
I am using remedy as a authorative datasource.Through ActiveSync i would like to create/update/disable user in idm as well as in target resource. I am not using any form. I am using workflow for that.
For updating user i have a diffrent logic.
Before doing provisioning we need to check user exist or not. If user exist then i need to move transition to update activity.
My question is
1. How can i check user exist or not?
2. If user exist the it should go to update activity. If not exist then it shoul go to provisioning activity.
My target resource is AD and LDAP.
Can anybody paste some sample code so i can do this.
thanks in advance.

My IDM CC 7.2.3 is disabled in Firefox 5, and i can't find any appropriate IDM CC add-ons for Firefox 5. Now, What to do ?

I'm using Internet Download Manager 6.05, and for this IDM CC 7.2.3 add-ons is automatically integrated with Firefox 4. But when i upgrade my Firefox 4 into Firefox 5, IDM CC 7.2.3 add-ons is disabled. In Mozilla Firefox Help center, I've tried to figure out the solution. I do everything what they say in the help center, But I cannot solve the problem. Please tell me, what should I do now ?

I've find out the solution. I hope it will be helpful for all.
[http://www.megaupload.com/?d=ISUFXS5U IDM CC 7.3.1]

How to disable some activities

I want to disable some activities. Is that possible in BPEL?
for eg:
I have actitivity1, actitivity2, actitivity3 in a row.
For testing, I want to disable actitivity2.

hi,
just add a switch activity and make its Expression evaluated to false(ex. 1!=1)
then drag and drop the part of the process that you want to comment.
regards
arababah

Disable the user in the resource thru IDM

Hi I am doing active sync.while doing activesync I am creating the user in another resources also.while activesync I want to disable the user in IDM and also in the resources based on one user attribute. I am using "waveset.disabled=true" to disable the user.
with this the user is getting disabled in lighthouse but not in resources like LDAP.How can I disable the user in resource also , which attribute need to be set to disable the user in resources also?. Any help will be great.

I added the following code to the bottom of active sync form to disable a user from all resources without luck. </br>
The side effect of the following code is to remove all resource names from waveset.resources list. What did I miss?
Thanks in advance for any clue.
<FieldLoop for='name' in='waveset.accounts[*].name'>
<Field name='accounts[$(name)].disable'>
<Expansion>
<s>true</s>
</Expansion>
</Field>
<Field name='update.accounts[$(name)].disable'>
<Expansion>
<s>true</s>
</Expansion>
</Field>
</FieldLoop>

I have disabled the idm on firefox now i want to enable it how is it possible

i have disabled the idm in my firefox while updating nw i want to enable it wht is the procedure for that pls let me knw
== This happened ==
Not sure how often
== i updated my firefox

That extension caused crashes in Firefox 4.0 versions and was disabled by accident in all Firefox versions.
That has been corrected.
Copy and Paste this code in the Code field in the ''"Tools > Error Console"'' and click the ''Evaluate'' button to download a corrected blocklist.xml.
<code>Components.classes['@mozilla.org/extensions/blocklist;1'].getService(Components.interfaces.nsITimerCallback).notify(null);</code>

How to disable IdM Account

ALL
One of my requirement is to disable the IDM account of the users if they have not logged in for more than 60 days.
I will also like to know where does IDM store the Last Logon Date for a user?
Any ideas/suggestions are welcome.
Thanks

Another alternative is to register a deferred task, 60 days in advance, when the user logs in using the password login workflow. On each login you can just add a the deferred task which will disable the user's account when it runs (60 days from the time it was added). If there is already a deferred task added to the user there already then the old task is overwritten when a new one is added or it is removed when the task executes. So if the user logs in within the 60 day time frame then the old deferred task is removed and a new one is added. If they fail to login then the task executes.
The only problem you have is the initial addition of the deferred tasks to all users but that can be accomplished with a custom workflow that you'd execute once.
I do something similar to notify people of password expiry. When a user changes his password a deferred task is added that will generate an email notification some time in the future. (Existing deferred tasks are overwritten.) If the password is rotated often enough the notice is never sent out because deferred task never executes. If the password is not changed within the time frame the notice is sent out and eventually the account is locked.

Sun IdM 7.1 - 'Is Disabled' shows 'No' for disabled user in configurator UI

Hi All,
I have user1 in SIM who has been disabled on RACF through SIM.
But, when I open this user obejct in SIM, logged in as configurator, the 'Is Disabled' column for the RACF resource shows 'No', when it should be showing 'Yes'.
I've checked user1 on RACF and user1 has been disabled there.
Below is the code which I've used to disable the user on RACF:
             <set>
                <concat>
                  <s>view.update.accounts[</s>
                  <ref>appname</ref>
                  <s>].selected</s>
                </concat>
               <s>true</s>
            </set>
          <set>
            <concat>
              <s>view.waveset.accounts[</s>
              <ref>appname</ref>
              <s>].disabled</s>
            </concat>
            <s>true</s>
          </set>
          <set>
            <concat>
              <s>view.accounts[</s>
              <ref>appname</ref>
              <s>].disabled</s>
            </concat>
            <s>true</s>
          </set>
            <set>
            <concat>
              <s>view.accounts[</s>
              <ref>appname</ref>
              <s>].disable</s>
            </concat>
            <s>true</s>
          </set>(In the above code, the 'appname' variable will contain the value as 'RACF' at run-time).
I've tried various other things, but still the 'Is Disabled' column shows 'No' only.
Also, apart from the above code, I'm also using resource action which actually runs the RACF command to disable the user on RACF.
FYI - I'm using Sun Identity Manager 7.1
Any help on this would be greatly appreciated.
Thanks in advance!

Check if you have customized
'Default RACF ListUser AttrParse', if so it should have the attribute
*<multiLine>*
*<t> ATTRIBUTES=</t>*
*<str name='ATTRIBUTES' multi='true' delim=' ' noval='NONE'/>*
*<skipToEol/>*
Reason:
Since this is the attribute reference in the method isDisabled() in your com.waveset.adapter.RACFResourceAdapter.
Thanks

Timing Function in IDM ; how to set "timer"

I have a question which has not been discussed here before (or, if it has, I haven't noticed).
It concerns the use of a TIMER function in IDM.
I am pretty sure IDM has one; just not sure how to implement this.
Let's say you want to evaluate the time difference between when a person logs into the system, and today's (current) date? If a certain amount of time has elapsed, send that person an Email Notification?
Or : someone has not performed a certain required action; after a certain time, send them a "*notice*" (could also be an email notification).
Or, even more complex : send 2 or 3 such notifications, at regular intervals; and, if the person does not respond, then IDM will automatically perform an action of its own (maybe, disable that person's account, etc)
Basically, my point is : does IDM possess a certain "*internal clock/timer*" which can be activated, to monitor certain activities; and, based on how much time has elapsed, perform a certain action ??
If yes, then how can I configure and/or implement such a function?

Going with the deferred task example you'd have to do something like this:
(Again, it doesn't have to be a deferred task.)
<Action id="0" name="Add Deferred Task" application="com.waveset.session.WorkflowServices">
    <Argument name="op" value="addDeferredTask"/>
    <Argument name="type" value="User"/>
    <Argument name="name" value="$(accountId)"/>
    <Argument name="subject" value="Configurator"/>
    <Argument name="task" value="Your Workflow Name"/>
    <Argument name="date"> 
        <ref>date</ref> 
    </Argument>
    <Argument name="date_task_added">
        
        <invoke name="getTime"> 
            <invoke name="getInstance" class="java.util.Calendar"/>
        </invoke>
    </Argument>
    ... other deferred task arguments here
</Action>IDM will wait until the date the task is to be executed, see the "date" argument. When IDM actually executes the deferred task (it may be a long time after it was originally scheduled to execute if there's been a delay or an outage or whatever) you'll have a variable in your workflow called "date_task_added" that should be a java date object. (Or a string, I can't remember. If it is you'll just have to convert it, no biggy.) That will give you the date the deferred task was registered. Within the workflow you can build another date object using the exact same code to calculate "now".
From there getting the time difference between both objects is a simple matter of getting the milliseconds for each and doing the math to get the difference. That's just one way, there's dozens of ways of calculating time differences with the java date and calendar objects.
Note: untested code. You may have to tweak it to work properly.

Firefox ESR 10.0.12 disables flash plugin - updates to the last version do not work?

Suddenly - without any actions by me - FF ESR 10.0.12 refuses to accept Adobe Flash? (System Win 7 64 Ultimate)
It started with a very annoying bar, which cost me 2 hours to deactivate, which told me to update an very old and unused Adobe Reader plugin. Then it insisted, that the Foxit PDF reader plugin was not up to date. Since I do not use it, I deactivated it too. Since I seldom use Flash, I just found out today, that youtube does not work anymore - FF insists, that my flash plugin is too old and it deactivated it.
This has cost me hours up to now and it is _exactly_ the reason why I use the ESR channel.
What I did:
Deinstalled Adobe Flash completely (using Windows). Used the normal Firefox update, which it recommends (your flash player was deactivated, please install...). No success, it simply goes into a loop, always telling me my flash player is too old.
I also installed it directly from Adobe (the Firefox version!!), in all cases it reports version 11.5.502.104. The last version from Adobe - but it seems to be too old???
I am spitting angry now - this kind of trouble is the reason I only use ESR versions from Mozilla. I do not want your chaos troupe to play around with _my_ installation. But obviously you found ways to do so.
If this is not solved (and no, I will _not_ reinstall Firefox, I will _not_ delete my profile) in a few days, Firefox is dead for me. I am already looking to Chrome and Opera. Many friends have these browsers - I am a bit conservative, and I want my browser stable and the look an feel should be stable also. I do _not_ want a new version every two weeks, which every time costs my effort and time to configure it how I want it.
The question here is: How did you manage to disable the last version of Flash, and why? Why must I now register here and invest valuable time to get my browser to work again?? If I had done something, installed or removed something, ok. But I did not. (And yes, up to now I did update Flash and other plugins, when I was prompted to do so)
Clearly _your_ management does _not_ work: If I use the solutions which FF itself recommends, it sends me in an endless loop: Install newest Flash, sorry, Flash is outdated, install newest Flash...
Is this the 'new security'? Bah. If you did this for the 'normal user' (which you obviously do not respect anymore), you failed. And you failed completely for me: If software insists to do things 'automatically', it should at least do them reliably, _or_ it should ask. But working in the background, changing important things, reporting nothing, and then failing is exactly the reason why I disable all 'automatic' activities and want to be _asked_ before some idiotic piece of c.... deconfigures itself - and stops working...
Hints to the Troubleshooting Info below:
At this time Flash player is installed, shows in the systems software list as 'Adobe Flash Player 11 Plugin', Version 11.5.502.146. The rest are my normal plugins. Serveral changes to about:config were done by me in an effort to make FF usable again, without nagging 'info' bars...

Additional information - according to the wiki you pointed me to, it was correct to uninstall flash using Windows control panel. I am very sure that I already had the latest version installed from the beginning, because Flash player pointed me to an update on Windows start (as usual) several days ago.
The error clearly lies with FF, since despite an up to date Flash player it decided it wants it new - something to do with the blacklist? How can it tell, that its outdated, if it does not find it and not show it in the list of plugins?
There is something fishy here...

Disable activities in IDM

Similar Messages

Maybe you are looking for