E-Recruiting and Manager Role?
Hello we are installing E-Rec 3.0: I have a quick question regarding Manager role.
Once a Manager(I guess Requesting Person) creates a requisition, Recruiter - approved and posted, Candidate applied. At what point will the manager see the data for the candidate assigned to the Requisition.
I am able to see data only when I assign questionnaire to the Manager as a responsible person, but Manager can see EEO info which is a problem for us.
Any ideas?
Thanks,
Alex
This is a job specific questionnaire, and manager sees it in the shortlist. Activity is in planned status and assigned to the questionnaire. Manager has a Decision Maker Role within the requisition.
Thank you for all your help.
Sincerely,
Alex Berenson
[email protected]
Similar Messages
-
SAP E- Recruitment and Manager BSP
Hi,
When i try loging to Manager BSP encountring an error message "you dont have required authorization to use this start page". btw we are on E- Recruitment Enhancement pack 1.
I have maintained the required settings. ie. reference user and a dialog user. Have also maintained Business partner for this role.
Rest of my other roles like internal candidate / ext candidate, recruiter , restricited recruiter, administrator are working fine.
Manager BSP is an issue. Would appreciate if you could share in your inputs on same.
Thanks for your time.
Kind regards
SaipriyanWhich authorization roles did you assign to your user?
Try out the SAP_RCF* roles.
In productive use, build your customer based roles.
If you customized customer specific start pages, you need customer roles. There is an authorization check on the start page id.
Trace the authorization checks via Transaction ST01 -
Error in User Management and Assigning Role
Hi,
I have configured LDAP authentication on LiveCycle Server. I get the userlist with LDAP in my admin console under User Management - User & Groups. But as soon I click on any of the LDAP username I am getting error to contact administrator. Same also happens when I check the checbox infront of the username and tries to assing role.
My Livecycle server is on WAS6.1, I also have server setup on my local where the same LDAP i have configured and I am able to access users and assign role. Is there any problem with WAS6.1 ?
I checked the logs and i got following exception in server logs.
[10/24/08 10:57:58:467 EDT] 00000039 IDPLoggedExce W com.adobe.idp.common.errors.Logger$LogConsumer run UserM:GENERIC_WARNING: [Thread Hashcode: 1028668752] | [com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:8193 errorCodeHEX:0x2001 message:getPrincipal public chainedException:java.lang.NullPointerExceptionchainedExceptionMessage:null chainedException trace:java.lang.NullPointerException
at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.getCacheKey s(DirectoryServicesManagerBean.java:1583)
at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.findPrincip al(DirectoryServicesManagerBean.java:1608)
at com.adobe.idp.um.businesslogic.directoryservices.EJSLocalStatelessDirectoryServicesManage rBean_0dbf3d20.findPrincipal(Unknown Source)
at com.adobe.idp.um.api.impl.DirectoryManagerImpl.findPrincipal(DirectoryManagerImpl.java:13 8)
at com.adobe.idp.um.ui.user.CreateNewUserAction.doExecute(CreateNewUserAction.java:139)
at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1075)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1016)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:1 73)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:113)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:546)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.jav a:90)
at com.ibm.ws.webHello Do anyone get anything about above exception, or is there any other information needed, please let me know ?
I still cannot found the solution for above problem, and it stops me to configuring users on Adobe LiveCycle ES, we have purchased Livecycle ES version 8.0 -
OAM manage roles and Authorization in WebLogic integration
Hi
Had anyone done weblogic integration where OAM manages roles and Authorization?
I could read in Oracle WebLogic integration document that,
"The Security Provider only supports authentication for portals."
I wanted to figure out if anyone has done this before or Is it possible to delegate role management and Authorization responsibility to OAM?
Thanks
Kiran ThakkarThanks for the quick response.
Thanks
Kiran Thakkar -
Travel Management: Role and authorization
Dear forumers!
What standard travel management role can I copy and modify according to my requirements in order to let the user only watch t-codes TRIP, PR05, etc. without a right to edit data? Or there should be some other actions with a role to make it for watch only without editing?
Standard roles are:
SAP_FI_TV_TRAVELER - we don't need this one
SAP_FI_TV_TRAVEL_ASSISTANT
SAP_FI_TV_ADMINISTRATOR - I already use this role
SAP_FI_TV_MANAGER_GENERIC
SAP_FI_TV_ADVANCE_PAYER - we don't need this one
SAP_FI_TV_TRAVEL_MANAGER - I already use this role
Best regards,
EldarHi,
Always the best process to do is to copy the standard role and customize it for own authorization concept (Business requirement). I think there is an another thread with the same issue in SAP HCM as well.
Regards,
Dora. -
Reg: Hiring Manager role in E-Recuitment EHP4
Hi all,
i am working with Ehp4 . My business package for Recruiter is Recruiter1.4.1 . I am trying to create a requisition from the recruiter login . I have a field HIRING MANAGER . Wat is the role tat we should assign for the Hiring Manager.
Thanks
PriyaHi,
I have the same problem on ERECRUIT604 EHP4 SP4. I cannot retrieve managers using Find Hiring Manager search on the Create Requisition page.
I have though found out that there are 2 cases.
On the one-instance solution with HR and ER on the same server an employee is retrieved as a Manager if there are following relationsships to his CP object:
B 207 Is identic BP
B 208 Is identic US
B 209 Has employ P
B 650 Has candid NA
Especially the relationship CP B208 US is critical. The problem is though that this relationship is not created automatically be the system as on the one-instance solution the user is retrieved from IT105 subtype 0001 via P object, so you have to create this relationsship manually. Or am I wrong?
On the two-instance solution with HR on one machine and ER on another the above solution does not work at all. Here the relationship CP B208 US is created via ALE, but it does not help for retrival of Hiring Managers.
I have also added the 'manager' role to the employee, the employee is the manager in the Organizational Structure, and still I cannot retrieve him.
Maybe it's a bug in the system. Anyway I cannot find any hints telling what are the assumptions for using this functionality.
Waiting for an answer
Best regards,
Beata -
E-Recruiting EhP4 -- Management Involvement
In E-Recruiting EhP4, a manager can identify and make substitutes in the application. What can these substitutes do. Using their log-in (into MSS), can these substitutes be able to see the managers ranking (for example) and maintain them
Hello,
The substitute maintained by the manager is the one who assume his responsibility in E-rec when he is absence.
The E-recruiting manager role can do two things:
--> Create Requisitions
--> Maintain Substitutes
Please have a look at the following documentation for further details:
http://help.sap.com/erp2005_ehp_04/helpdata/EN/48/99a0c399273987e10000000a421937/frameset.htm
Regards,
Bentow. -
Hi All,
We are trying to access the Create Deployment method stated below
http://msdn.microsoft.com/en-us/library/windowsazure/ee460813
We have uploaded the Package in the blob and browsing the configuration file. We have checked trying to upload manually the package and config file in Azure portal and its working
fine.
Below is the code we have written for creating deployment where "AzureEcoystemCloudService" is our cloud service name where we want to deploy our package. I have also highlighted the XML creation
part.
byte[] bytes =
new byte[fupldConfig.PostedFile.ContentLength + 1];
fupldConfig.PostedFile.InputStream.Read(bytes, 0, bytes.Length);
string a = Encoding.UTF8.GetString(bytes, 0, bytes.Length);
string base64ConfigurationFile = a.ToBase64();
X509Certificate2 certificate =
CertificateUtility.GetStoreCertificate(ConfigurationManager.AppSettings["thumbprint"].ToString());
HostedService.CreateNewDeployment(certificate,
ConfigurationManager.AppSettings["SubscriptionId"].ToString(),
"2012-03-01", "AzureEcoystemCloudService", Infosys.AzureEcosystem.Entities.Enums.DeploymentSlot.staging,
"AzureEcoystemDeployment",
"http://shubhendustorage.blob.core.windows.net/shubhendustorage/Infosys.AzureEcoystem.Web.cspkg",
"AzureEcoystemDeployment", base64ConfigurationFile,
true, false);
<summary>
/// </summary>
/// <param name="certificate"></param>
/// <param name="subscriptionId"></param>
/// <param name="version"></param>
/// <param name="serviceName"></param>
/// <param name="deploymentSlot"></param>
/// <param name="name"></param>
/// <param name="packageUrl"></param>
/// <param name="label"></param>
/// <param name="base64Configuration"></param>
/// <param name="startDeployment"></param>
/// <param name="treatWarningsAsError"></param>
public static
void CreateNewDeployment(X509Certificate2 certificate,
string subscriptionId,
string version, string serviceName, Infosys.AzureEcosystem.Entities.Enums.DeploymentSlot deploymentSlot,
string name, string packageUrl,
string label, string base64Configuration,
bool startDeployment, bool treatWarningsAsError)
Uri uri = new
Uri(String.Format(Constants.CreateDeploymentUrlTemplate, subscriptionId, serviceName, deploymentSlot.ToString()));
XNamespace wa = Constants.xmlNamespace;
XDocument requestBody =
new XDocument();
String base64ConfigurationFile = base64Configuration;
String base64Label = label.ToBase64();
XElement xName = new
XElement(wa + "Name", name);
XElement xPackageUrl =
new XElement(wa +
"PackageUrl", packageUrl);
XElement xLabel = new
XElement(wa + "Label", base64Label);
XElement xConfiguration =
new XElement(wa +
"Configuration", base64ConfigurationFile);
XElement xStartDeployment =
new XElement(wa +
"StartDeployment", startDeployment.ToString().ToLower());
XElement xTreatWarningsAsError =
new XElement(wa +
"TreatWarningsAsError", treatWarningsAsError.ToString().ToLower());
XElement createDeployment =
new XElement(wa +
"CreateDeployment");
createDeployment.Add(xName);
createDeployment.Add(xPackageUrl);
createDeployment.Add(xLabel);
createDeployment.Add(xConfiguration);
createDeployment.Add(xStartDeployment);
createDeployment.Add(xTreatWarningsAsError);
requestBody.Add(createDeployment);
requestBody.Declaration =
new XDeclaration("1.0",
"UTF-8", "no");
XDocument responseBody;
RestApiUtility.InvokeRequest(
uri, Infosys.AzureEcosystem.Entities.Enums.RequestMethod.POST.ToString(),
HttpStatusCode.Accepted, requestBody, certificate, version,
out responseBody);
<summary>
/// A helper function to invoke a Service Management REST API operation.
/// Throws an ApplicationException on unexpected status code results.
/// </summary>
/// <param name="uri">The URI of the operation to invoke using a web request.</param>
/// <param name="method">The method of the web request, GET, PUT, POST, or DELETE.</param>
/// <param name="expectedCode">The expected status code.</param>
/// <param name="requestBody">The XML body to send with the web request. Use null to send no request body.</param>
/// <param name="responseBody">The XML body returned by the request, if any.</param>
/// <returns>The requestId returned by the operation.</returns>
public static
string InvokeRequest(
Uri uri,
string method,
HttpStatusCode expectedCode,
XDocument requestBody,
X509Certificate2 certificate,
string version,
out XDocument responseBody)
responseBody =
null;
string requestId = String.Empty;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-Version", version);
request.ClientCertificates.Add(certificate);
request.ContentType =
"application/xml";
if (requestBody != null)
using (Stream requestStream = request.GetRequestStream())
using (StreamWriter streamWriter =
new StreamWriter(
requestStream, System.Text.UTF8Encoding.UTF8))
requestBody.Save(streamWriter,
SaveOptions.DisableFormatting);
HttpWebResponse response;
HttpStatusCode statusCode =
HttpStatusCode.Unused;
try
response = (HttpWebResponse)request.GetResponse();
catch (WebException ex)
// GetResponse throws a WebException for 4XX and 5XX status codes
response = (HttpWebResponse)ex.Response;
try
statusCode = response.StatusCode;
if (response.ContentLength > 0)
using (XmlReader reader =
XmlReader.Create(response.GetResponseStream()))
responseBody =
XDocument.Load(reader);
if (response.Headers !=
null)
requestId = response.Headers["x-ms-request-id"];
finally
response.Close();
if (!statusCode.Equals(expectedCode))
throw new
ApplicationException(string.Format(
"Call to {0} returned an error:{1}Status Code: {2} ({3}):{1}{4}",
uri.ToString(),
Environment.NewLine,
(int)statusCode,
statusCode,
responseBody.ToString(SaveOptions.OmitDuplicateNamespaces)));
return requestId;
But every time we are getting the below error from the line
response = (HttpWebResponse)request.GetResponse();
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Code>BadRequest</Code>
<Message>The specified configuration settings for Settings are invalid. Verify that the service configuration file is a valid XML file, and that role instance counts are specified as positive integers.</Message>
</Error>
Any help is appreciated.
Thanks,
ShubhenduPlease find the request XML I have found it in debug mode
<CreateDeployment xmlns="http://schemas.microsoft.com/windowsazure">
<Name>742d0a5e-2a5d-4bd0-b4ac-dc9fa0d69610</Name>
<PackageUrl>http://shubhendustorage.blob.core.windows.net/shubhendustorage/WindowsAzure1.cspkg</PackageUrl>
<Label>QXp1cmVFY295c3RlbURlcGxveW1lbnQ=</Label>
<Configuration>77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjwhLS0NCiAgKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKg0KDQogIFRoaXMgZmlsZSB3YXMgZ2VuZXJhdGVkIGJ5IGEgdG9vbCBmcm9tIHRoZSBwcm9qZWN0IGZpbGU6IFNlcnZpY2VDb25maWd1cmF0aW9uLkNsb3VkLmNzY2ZnDQoNCiAgQ2hhbmdlcyB0byB0aGlzIGZpbGUgbWF5IGNhdXNlIGluY29ycmVjdCBiZWhhdmlvciBhbmQgd2lsbCBiZSBsb3N0IGlmIHRoZSBmaWxlIGlzIHJlZ2VuZXJhdGVkLg0KDQogICoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCi0tPg0KPFNlcnZpY2VDb25maWd1cmF0aW9uIHNlcnZpY2VOYW1lPSJXaW5kb3dzQXp1cmUxIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9TZXJ2aWNlSG9zdGluZy8yMDA4LzEwL1NlcnZpY2VDb25maWd1cmF0aW9uIiBvc0ZhbWlseT0iMSIgb3NWZXJzaW9uPSIqIiBzY2hlbWFWZXJzaW9uPSIyMDEyLTA1LjEuNyI+DQogIDxSb2xlIG5hbWU9IldlYlJvbGUxIj4NCiAgICA8SW5zdGFuY2VzIGNvdW50PSIyIiAvPg0KICAgIDxDb25maWd1cmF0aW9uU2V0dGluZ3M+DQogICAgICA8U2V0dGluZyBuYW1lPSJNaWNyb3NvZnQuV2luZG93c0F6dXJlLlBsdWdpbnMuRGlhZ25vc3RpY3MuQ29ubmVjdGlvblN0cmluZyIgdmFsdWU9IkRlZmF1bHRFbmRwb2ludHNQcm90b2NvbD1odHRwcztBY2NvdW50TmFtZT1zaHViaGVuZHVzdG9yYWdlO0FjY291bnRLZXk9WHIzZ3o2aUxFSkdMRHJBd1dTV3VIaUt3UklXbkFrYWo0MkFEcU5saGRKTTJwUnhnSzl4TWZEcTQ1ZHI3aDJXWUYvYUxObENnZ0FiZnhONWVBZ2lTWGc9PSIgLz4NCiAgICA8L0NvbmZpZ3VyYXRpb25TZXR0aW5ncz4NCiAgPC9Sb2xlPg0KPC9TZXJ2aWNlQ29uZmlndXJhdGlvbj4=</Configuration>
<StartDeployment>true</StartDeployment>
<TreatWarningsAsError>false</TreatWarningsAsError>
</CreateDeployment>
Shubhendu G -
Error While creating Collection Management role
Hi
We did a client copy and Iam getting the error "Database error UDM_PR_HEAD UDM_COLL_BUPA 5" whenever I tried to create collection management roles.
Database error UDM_PR_HEAD UDM_COLL_BUPA 5
Message no. UDM_WORK_LIST010
Diagnosis
Database instruction UDM_PR_HEAD was not successful.
Procedure
If you can reproduce the error message, contact SAP Support.
Anyone knows anything about this error?
ThanksHi Ram,
sorry for the inconvenience, can you provide the collections management(ecc6.0) configuration document.
i am trying to learn that but i could not find any related document .
Thanks,
Ravi -
I learned that roles in DS are scoped to where they are created. Meaning if I create a managed role called role1 in ou=Roles,dc=sun,dc=com only entries (ie users and groups) under the ou=Roles branch will have visibility to role1. But since all my users are created underneath a different ou (ie ou=People), how do I get role1 to be visible to the users under ou=People? From a day's worth of reading, this doesn't seem possible. The only way around is to create the role under the ou=People branch. In this approach, all the member searches are behaving correctly. My concern is we will have thousands of roles, what's the scalability of having that many roles mingled with all 750,000 user entries under ou=People...
Any help is appreciated!The problem with that is the nsRole virtual attribute never gets >calculated. While, the nsRoleDN will allow me to find all the roles for a >given user with a search filter like this:
uid=user1 nsRoleDN
I need the nsRole virtual attribute to find role members (all members >with a particular role)
for example, using this search filter
nsRole=cn=role1,ou=roles,dc=sun,dc=com
to retrieve all members of role1. and this does not work unless role1 >was in the same scope as the user or aboveWhat about using
nsRoleDN=cn=role1,ou=roles,dc=sun,dc=com
It should return all members of role1. In the same time usage of on-the-fly computed nsRole attribute in searches isn't supported - please see Note 2 in the same link:
http://docs.sun.com/source/816-5606-10/roles.htm#1117631 -
"Discovery Manager" role cannot place a mailbox on hold
My Company is testing Exchange 2013 and Exchange Online. We would like to have all discovery functions managed by our legal team. We have assigned test users the “Discovery Manager” role. That role should allow them rights to search all mailboxes
and put search results on hold. Additionally, the discovery manager role should allow them to select a user mailbox in EAC, open the "Mailbox Features" page and enable litigation hold on the mailbox (no searching required).
We have found the second feature, enabling litigation hold without searching, is unavailable to discovery managers when using EAC. The "Mailbox Features" page is not exposed to discovery mangers using EAC. The discovery manager can place a mailbox
on hold using PowerShell but that would not be a reasonable option for our legal team.
Please confirm if my understanding is correct, discovery manager should be able to place a mailbox on hold as well as in-place hold using EAC.
Thanks in advance,
RonDoes "Get-RoleGroup "discovery Management" | FL *role*" show that the Legal Hold role is assigned to the Discovery Mgmt role Group? If so, then you may need to assign the "Recipient Management" or "Help Desk" role to those users as well or if you wish
to security trim their access, create a customized RBAC role for them.
Alternatively, see if they can simply set litigation hold via Powershell with set-mailbox
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--SunitaHi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel -
Custom Distribution Group management role (manager excpeiton)
My organization is medium size with multiple support groups (15+) that each support a subset of users (350+). I want to create a management role that is scoped so each support group can manage the distribution groups in their respective OU space.
By manage I mean edit the group membership. I realize I can achieve this with AD permissions but I’d like to achieve this in a way that leverages RBAC so the support groups can use OWA. I also want to leverage RBAC\OWA because not all my support groups are
technical, some are office admins. Anyways, below is what I’ve tried in my lab scoped to one of my support groups.
Using the cmdlets below I’ve created a custom management scope, role and group. However, this does not work. While it lets my sales support group view and edit some random attributes on the group, it fails when they try to edit the group membership. In other
words, they can logon to OWA, click options\see all options\manage your organization\distribution groups\open the group\edit description etc. but when they select “Add…” under membership then select the user and hit ok\save they get the error “you don’t have
sufficient permissions. this operation can only be performed by a manger of the group”.
New-ManagementScope -Name “Sales Support DG MScope” -RecipientRestrictionFilter {RecipientType -eq "MailUniversalSecurityGroup"} -RecipientRoot “lab.com/sales”
New-ManagementRole -name “Sales Support DG MRole” -Parent "Distribution Groups"
New-RoleGroup -name “Sales “Sales Support DG MGroup” -Roles "Sales Support DG MRole" -CustomRecipientWriteScope "Sales Support DG MScope"
When I do as the error asks (i.e. add my support user as a manager of the group via the EMC), then my support user is able to edit the group's membership in OWA. The problem with this solution is that it would require me to add my support users to my role
group “Sales Support DG MGroup” AND as a manager of the DG and every DG that is created down the line. Not ideal. Any ideas, some RBAC magic I’m missing?
Below confirms by scope.
Get-Group -OrganizationalUnit “lab.com/sales” | ?{$_.RecipientType -eq "MailUniversalSecurityGroup"}
Name DisplayName SamAccountName GroupType
distro1 distro1 distro1 Universal, SecurityEnabled
distro2 distro2 distro2 Universal, SecurityEnabled
distro3 distro3 distro3 Universal, SecurityEnabled
On a side note, I realize by sourcing my management role off of distribution groups gives me more cmdlets\access than my support group needs (see below). I’m first just trying to get it to work :).
Get-ManagementRole “Sales Support DG MRole” | Get-ManagementRoleEntry | select name
Name
Add-DistributionGroupMember
Disable-DistributionGroup
Enable-DistributionGroup
Get-ADServerSettings
Get-AcceptedDomain
Get-DistributionGroup
Get-DistributionGroupMember
Get-DomainController
Get-DynamicDistributionGroup
Get-Group
Get-MailUser
Get-Mailbox
Get-OrganizationalUnit
Get-Recipient
Get-ResourceConfig
Get-User
New-DistributionGroup
New-DynamicDistributionGroup
Remove-DistributionGroup
Remove-DistributionGroupMember
Remove-DynamicDistributionGroup
Set-ADServerSettings
Set-DistributionGroup
Set-DynamicDistributionGroup
Set-Group
Set-OrganizationConfig
Update-DistributionGroupMember
Write-AdminAuditLogHello,
I understand that you have create custom management scope for each group and assigned a custom role to it.
But whenever user try to edit (add/remove membership ) ,it shows errors "you dont have sufficient permissions". I face similar problem when we move from 2007 to 2010, 2010 by default disabled editing options for Dl membership.
You can enable it by Graphic mode or powershell. Would suggest that you have created custom role, you follow powershell mode. I had written a blog on that.
Check below link. http://exchange2010cmd.blogspot.de/
You have created new management role “Sales Support DG MRole”, but you need to assign this role to users/administrators in your case through role assignment policy.
You can either use existing default policy or create new policy and assign this management role to it.
Use below cmd: New-ManagementRoleAssignment -Role “Sales Support DG MRole” –Policy “Default Role Assignment Policy”
NOTE: If you are creating new policy , place that name instead of default policy name".
I recommend you continue with defalut policy. After this check with any admin, he should have rights to edit membership.
Now, regarding your second concern, that your custon role has to many role entries.
You can remove unwanted role entries.
Use this cmd: Get-ManagemenRoleEntry “Sales Support DG MRole\*” | where{ $_.name –like “Set-distributionGroup” } | remove-managementroleentry
Before linking management role to email policy, remove unwanted role entry from role.
I tried to explain it in easy way, but still it is not understood, write back to me. I am new to technet forum, I started few days back replying to questions. If you get your answer,dont forget to propose it as answer. -
Integrate IdM roles with Sun Access Manager roles
Hi all,
I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
What are the important differences between static and dynamic roles in AM?
Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
Thanks.I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
About directory server roles:
http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
Forum thread reference:
http://forums.sun.com/thread.jspa?threadID=5208694
Here are roughly the steps I followed to get this working.
Access Manager roles setup:
1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
Identity Manager roles setup:
1. Create a new role in Identity Manager: tab Roles, click New....
2. Assign the LDAP resource to synchronize the role with.
3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
* In the column Value override, select Text.
* In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
* In the text box, enter the role DN text (ex: cn=test_role,dc=com).
5. Save the role. You can now add the role to a user. -
When to use "my role" and "partner role" in BPEL?
I'm a bit confused when to set/use partner role and my role.
Can anyone shed a little light,
regards, HenrikSaurabh,
> I humbly disagree with your explanation of inputs
No need to be humble, you can boldy disagree. :)
You're right that I did technically use the wrong term in that sentence of my explanation. I updated the post and corrected it. However the gist of what I was saying is still true.
There are two invocation types. People use different terms but here I'll call them request-response and one-way. A request-response invocation type is used for what we typically think of as a "synchronous" process. That is, the service consumer is blocked until the service responds. It's like methodA() in Java calling methodB(). methodA() is blocked until methodB() completes. (In fact, this is exactly what it's like since all invocations on our BPEL engine ultimately go through our Java API.)
In the case of one-way, the service consumer is not blocked. This is often referred to as fire-and-forget. It simply sends its request, then it is free to continue or do whatever it wants. Moreover, nothing is returned to the client (you fired-and-forgot, remember). Typical "asynchronous" BPEL processes uses this invocation type.
So we have those two invocation types. Yet the problem before us how to have an asynchronous process return a result. You can't use request-response because the service consumer is blocked until the process finishes. You can't just use a one-way because nothing is returned to the caller. What to do?
The way the BPEL standard solved the problem is to use two one-way invocation types. The first one is to invoke the process. The second one is a one-way from the BPEL process to the service consumer to return the result. There are some glaring implications of this:
1. When the BPEL process returns it's result, things have now switched: The BPEL process becomes the service consumer, and the (original) service consumer becomes the service.
2. The service consumer has to be able to listen for one-way invocation type requests.
3. The BPEL process has to know how and where to call the service consumer back. This information is passed in the original request. As well as containing the data payload, it contains a callback address and unique identifier. This, in essence, is what the WS-Addressing standard is about.
Now the definition of a one-way invocation type in a WSDL is:
<portType name="aaa">
<operation name="bbb">
<input message="tns:ccc"/>
</operation>
</portType>Compare that to a request-response invocation type:
<portType name="aaa">
<operation name="bbb">
<input message="tns:ccc"/>
<output message="tns:ddd"/>
</operation>
</portType>Let's look again out our example WSDL:
<portType name="SelectService">
<operation name="processRequestQuote">
<input message="tns:RequestQuote_processRequestQuote"/>
</operation>
</portType>
<portType name="SelectServiceCallback">
<operation name="processRequestQuoteResponse">
<input message="tns:RequestQuote_processRequestQuoteResponse"/>
</operation>
</portType>Here comes the good bit... Both portTypes have an <input> operation. But that's because they are both one-way invocation types, and there is no choice but use the <input> element -- that's the standard. You can't imply put <output> because there's no such thing in the standard. However we know that one of those is to actually return the result. That is, it's the output, even though it's labelled <input>.
Hopefully that's given you enough information now. Re-read my first post, above, and it should make more sense.
Incidentally, this is why you rarely see try asynchronous web services, because the caller has to also be a listener. And if you want to call a service, who wants to also have to write code to listen, to handle responses coming out of order, etc. This is one of the advantages of using an orchestration engine like Oracle BPEL Process Manager. The framework takes care of the hard work, and you can simply call an aysnchronous service and not have to worry about how to get the response back -- the engine does it for you.
Regards,
Robin.
Maybe you are looking for
-
Value put in the maintenace view for field of DOC type gets divided by 100
Hi all, We have a product table ZPROD_T which contains one quantity column (QUANT) of the data type DOC. We have also created a view and a maintenance view for this table. The problem is that when we add new values to the table using the maintenance
-
Photoshop crashing after moving layers
I have photoshop cs4 and OS X 10.8.5. Everytime I move a layer to reorganize, photoshop crashes, anyone knows why?
-
Customized Reports - Graphics / Calendar Style
Hi, I'm a project scheduler, experienced with P5 & P6. I'm currently using Primavera P6.1. I haven't done much report writing, and I am currently tasked with creating two customized reports. <strong>GRAPHICS ON REPORTS?</strong> One of the reports is
-
i'm new to idoc. i have knowledge of ABAP and want to know how to create IDOC. i could not follow the materials from sapbrain....
-
How do I recover missing music after subscribing to iMatch?
I had 152 songs on my iPhone 5. I recently subscribed to iMatch so I could have access to the music on other Apple devices; iPad, iMac, etc . . . When I turned on iMatch, only 25 songs were available. What happed to my other music and how do I recove