Get a list of IDM roles in a workflow

Hi,
I have a workflow and I need to
get a list of roles that are defined in IDM.
How do you do this ?
I know that in a form you can call:
<invoke name='getRoles' class='com.waveset.ui.FormUtil'>
<ref>:display.session</ref>
</invoke>
but I need to do the same from a workflow that gets run
from ActiveSync, where there is no :display.session variable.
Thanks,
John I

Ah, I just found the answer myself:
<invoke name='getRoles' class='com.waveset.ui.FormUtil'>
<invoke name='getLighthouseContext'>
<ref>WF_CONTEXT</ref>
</invoke>
</invoke>

Similar Messages

  • How to get the list of IDM users in a workflow.

    Hi,
    I wanted to get the list of IDM users in a workflow into a list.Now I tried to use getObjects Method,I do not have the display session here,I passed the workflow context or WF_Context.But it is giving exception like context null .
    I used the same method in a form and it worked.How can I get the list of users in a workflow.It is for customizing reports.
    Thanks and Regards,
    Pandu
    Any Idea on how to customize reports including attributes from resources and auditing attributes etc.Any help would be really great.
    Thank you.

    Hi John,
    I get this exception WorkItemForm: no id.
    This comes when I click on the other column.I generate the data needed in a report and display it as a sorting table when I get the data.
    I want to give the user ability to sort data by different columns.But when I click any column I get the exception
    WorkItemForm: no id
    How can I save a workitem on a manual form before invoking it from a manual action.
    Here is the code snippet
    <Field name='tblUsers'>
            <Display class='SortingTable'>
              <Property name='selectEnable' value='false'/>
              <Property name='align' value='left'/>
              <Property name='linkEnable' value='false'/>
              <Property name='sortEnable' value='true'/>
              <Property name='width' value='400'/>
              <Property name='columns'>
                <List>
                  <String>Account id</String>
                  <String>First Name</String>                      
                </List>
              </Property>
            </Display>      
            <FieldLoop for='row' in='_searchList[*]'>
              <Field name='enduserId'>
                <Display class='Label'>
                  <Property name='value'>
                    <block trace='true'>
                      <invoke name='getAccountId'>
                        <ref>row</ref>
                      </invoke>
                    </block>
                  </Property>
                </Display>
              </Field>
              <Field name='lblfirstname'>
                <Display class='Label'>
                  <Property name='value'>
                    <invoke name='getAttribute'>
                      <ref>row</ref>
                      <s>firstname</s>
                    </invoke>
                  </Property>
                </Display>
              </Field>
         <FieldLoop>      I think I may need to save some workItem,That is why this may be giving the error.How can I correct this.
    Thanks,
    pandu

  • How do i get a list of all Roles defubed under a particular OrganizationalUnit? How can i use LDAPConnection.search method for this?

     

    Sorry for the typographical mistake.
    Please read the question as:"How do i get a list of all Roles defined under a particular OrganizationalUnit? How can i use LDAPConnection.search method for this?"

  • List of all participants in all workflows

    I need to get a list of all participants in all workflows in my entire site collection.
    How can I do this through a powershell script?
    All I've found so far is this SQL command.
    SELECT dirname, leafname FROM allDocs WHERE LeafName LIKE '%.xoml'
    but this doesn't give me the name of the participants in each workflow.
    Please help!  thanks!!

    Yeah, I thought you might.
    It's not going to happen. The complexity is huge. Look at emails alone, you'd have to loop through all workflows, find out if there are any email activities in it and then identify if there are any users in that. You'd then have to check for any item that's
    had that workflow run on it, work out what that user property might have been at the time, then identify the user on that basis.
    Oh and you'll have to check every single version of the workflows that's been used in the past.
    If you're doing a much simpler task and only worrying about a few workflows then it might be possible but I wouldn't touch that with a bargepole.

  • How to get the list of roles assigned to a user in all the child systems

    how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

    Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
    Krysta

  • How do I get a list of users for a specific role in EP 6.0

    Hi,
    I'm trying to find a table or an API that I can use to get a list of users for a role that I have created in the portal. There are about 940 users tied to this role that I would like to dump to an excel or text file. My goal is to get these users into a security group and tie the role to the group instead of each user. Thanks!

    Hi Chris,
    first, welcome on SDN!
    UMFactory.getInstance().getRoleFactory(roleID).getUserMembers() returns the users which are members of the role, see http://media.sdn.sap.com/html/submitted_docs/60_sp2_javadocs/ume/com/sap/security/api/IRole.html
    addGroupMember(...) adds a group.
    removeUserMember(...) removes a user from a role.
    Corresponding method exist for the groups.
    Hope it helps
    Detlev
    PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!
    PPS: Wrong forum, should have been EP DEV for example. It's not a question in conjunction with KM.

  • ;-| Is it possible to get a list of Roles for the EJB Caller?

    Hi,
    from an EJB I can use isCallerInRole(role), however I would like to get a
    list of Roles that the user is in to do DB lookups for each role...
    I have an implementation under 'JBoss' which does a JNDI lookup for the
    SubjectSecurityManager using java:/jaas/other and then uses that to get at
    the roles...
    Is there a 'standard' way of doing this?
    Is there a 'SubjectSecurityManager' like beast on WebLogic?
    Any help would be greatly appreciated!
    Kind regards
    Lewis

    Hi Lewis,
    I believe there is not a method for this currently but I believe it has been suggested
    to our security team. Watch for this feature in a future release.
    It maybe possible to write a method for this if you are using a custom realm.
    Kind Regards,
    Richard Wallace
    Senior Develoepr Relations Engineer
    BEA Support.
    "Lewis Henderson" <[email protected]> wrote:
    Hi,
    from an EJB I can use isCallerInRole(role), however I would like to get
    a
    list of Roles that the user is in to do DB lookups for each role...
    I have an implementation under 'JBoss' which does a JNDI lookup for the
    SubjectSecurityManager using java:/jaas/other and then uses that to get
    at
    the roles...
    Is there a 'standard' way of doing this?
    Is there a 'SubjectSecurityManager' like beast on WebLogic?
    Any help would be greatly appreciated!
    Kind regards
    Lewis

  • How to get the list of all the security Roles defined ?

    I am trying to programatically get a list of all the roles defined
    in the weblogic. How can I access this information using the exiting
    MBean interfaces.
    thanks
    Prasad

    Wrong forum. Just a hint.

  • Integrate IdM roles with Sun Access Manager roles

    Hi all,
    I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
    I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
    What are the important differences between static and dynamic roles in AM?
    Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
    Thanks.

    I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
    About directory server roles:
    http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
    Forum thread reference:
    http://forums.sun.com/thread.jspa?threadID=5208694
    Here are roughly the steps I followed to get this working.
    Access Manager roles setup:
    1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
    Identity Manager roles setup:
    1. Create a new role in Identity Manager: tab Roles, click New....
    2. Assign the LDAP resource to synchronize the role with.
    3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
    4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
    * In the column Value override, select Text.
    * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
    * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
    5. Save the role. You can now add the role to a user.

  • NW IDM Role approval based on Role

    Hi there....
    I'm looking at the document: "How to...Create Approval Tasks in SAP NetWeaver Identity Management 7.1"
    I seem to have a slightly different use case than the ones listed.
    In my use case I need the approver to be any one Member of a given IDM role.  Do I need to go through the whole PVO setup or can I just use the approval tab and designate the IDM Role? Or do I just modify one of the existing use cases?
    Thanks,
    Matt

    Kai, I had a chance to look at this over the weekend  good stuff.
    The only problem I have left now is..."philosophical"
    What happens if I need the approval just to pause the process.  Here's my use case:
    User created in AD by IDM
    User assigned roles in AD by IDM
    User needs email address which is still handled manually per the business
    User gets welcome email.
    Now I can't send an email until the email address is provisioned.  In 7.0 and other IDM projects I have PM'ed, we've put an approval in so that the Email Admin can approve(confirm really) that the Email address has been created.
    I don't necessarily want a role created for this as it would serve no further purpose.  I'm working on an alternative workflow to handle the approval/confirm process, but I'd rather not reinvent the wheel if I can avoid it.
    Thanks!
    Matt

  • Custom Report: the list of IT ROLES of one or more users

    Hi all,
    I want to do a custom report that gives me the list of IT ROLES of one or more users. Anyone could give me some guidelines?
    Thanks

    according to the docs... if I interpret them right
    getRoles returns roles assigned to the context given, this is wise since it is usualy used to check if the current user invoking the call has the rights in a form, workflow or similiar...
    Adding the "accountId" string as a second argument would invoke this form of the getRoles
    getRoles
    public static java.util.List getRoles(LighthouseContext s, java.lang.String current) throws WavesetException
    This variant allows a specific name to be included in the returned list. Used to ensure that the current value of a role may continue to be assigned even though the current admin may not have access to that role.
    I believe you should get the users view and get your info from there...
    if you try using the debug page and getObject User and the accountId, you will see the user in its full glory...
    there you can see what you might want to do I hope

  • Get child users of composite role

    Hello
    There is FM (ESS_USERS_OF_ROLE_GET ) which bring all user of roles but what i want it's more complicated
    IF there is composite role i want to get all the user that in the roles under the composite role .
    Let say i have composite role with two roles inside (in the role tree ) .
    Composite role
    user1"this is the users of the composite role
    user2
    user3
    Role number  1
    user4
    user7
    user9
    Role number 2
    user 8
    user 5
    user7
    user6
    What i want is to get all the users of the composite role  and the child  role (which is parent ) .
    which is .
    users 1 - 9.
    I read some previous post on this issue in the forum but what I need is to use just this FM without access  to the DB
    table such as T_AGR_AGRS and COLL_ACTGROUPS_GET_ACTGROUPS ,
    What i need to do is recursive call on  the FM ESS_USERS_OF_ROLE_GET  .
    Regards
    Joy
    Edited by: Joy Stpr on Aug 23, 2009 8:50 AM

    Hello Joy,
    How is it possible to use just function module ESS_USERS_OF_ROLE_GET to get data without DB access?
    I mean this function module takes input as Simple/Composite ROLE so you have to have some list maintained
    which will be input for this function module.
    I think you can load composite and simple role in table and loop at it to make calls to function module ESS_USERS_OF_ROLE_GET to get users for compsite/simple roles.
    Some input has to be there, That's what I feel.
    Check if this helps!
    Thanks,
    Augustin.

  • Profile Type Privilege Assignments through IDM roles are stuck in Pending State

    Hi Everyone,
    We are getting a strange problem in our project in IDM 7.2 SP8. We use IDM role based concept where backend system specific technical roles, profiles (called as privileges in IDM) combined into IDM roles and these IDM roles are assigned to users.
    Events are configured on the privileges level (i,e backend system specific technical roles, profiles) in IDM so that once a IDM role is assigned to a user the corresponding privileges are assigned to user in IDM and these assignments triggers provisioning to associated backend systems.
    Now for role type privileges the provisioning is working fine. But for profile type privileges the provisioning status is always showing as pending and nothing happening and even no logs are showing in job log.
    I tried with execution of the mc_analyze_assignments stored procedure that came with SP08 to find the logs at least but still no information appearing. Looks like the triggering itself is not happening.
    I also compared the member events definition for the profile type privileges with the role type privileges (for which the provisioning is working fine) and looks like the settings are exactly same.
    Can any one suggest any other things that we are suppose to check? Any help is highly appreciable.

    Hello Venkata,
    did I understand correctly: You have business roles, that have SAP-profiles & SAP-roles (both privileges in IDM) assigned. Now you assign such a business role to a user, but only the SAP-roles are provisioned to the backend system and the SAP-profiles are not?
    Since you can see them in the UI for the user as pending, it looks like at least the provisioning is triggered, just not completed.
    You could check with the following SQL-statement, if they are waiting for the sucessful completion of another task and work your way from there:
    select * from mxp_provision where msg like 'Wait for%'
    The MSG-column gives you the audit-id of the "blocking" task and you can find more information about that one via
    select * from mxp_audit where auditid=<auditid>
    to see, what is going on there.
    Also do you have access to the Monitoring-tab via http://<portalurl:port>/idm/admin? In the provisioning-audit you might find some clues for those operations, too.
    Regards,
    Steffi.

  • SUN IDM Role removal does not remove the set atributes

    Hi,
    I am using SUN IDM Roles to set a multi valued attrubute on a resource using merge with value property.
    But when I remove any of the assigned role the corresponding ATTRIBUTE value is not getting removed.
    Is there anything specific which needs to be done.
    eg: Role1 sets attribute PRIV on resource A to "ADMIN"
    Role2 sets attribute PRIV on resource A to "MANAGER"
    If I assign both Role1 and Role2 the PRIV will have "ADMIN" and "MANAGER"
    But if I remove Role1 still "ADMIN" is present under PRIV.
    Is there any workaround for this. Please advice.
    - Thanks, ARK

    Try using "Authoritative Merge with Value" instead of just "Merge with Value".

  • Want to get the list users with select access to v$ synonyms and v$ views

    I've to write a sql (DB 11.1) to get the list of users who has select access to v$ synonym and v$ views. I've written the following sqls to do this but they both return the same result and I don't know how to verify it. It will be a great help if you could validate the sqls and let me know if something is wrong. Thanks for the help.
    -- v$ views
    select 'vview',
    substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
    from (select null p, view_name c
    from dba_views
    where view_name like ('V$%')
    union all
    select -- users/roles and roles granted
    granted_role p,
    grantee c
    from dba_role_privs
    where granted_role != 'DBA'
    union all
    select -- users/roles with select on DBA views
    table_name p, grantee c
    from dba_tab_privs
    where privilege = 'SELECT'
    and table_name like ('V$%'))
    where (c = 'PUBLIC' OR c in (select username from dba_users))
    AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
    start with p is null connect by p = prior c
    -- v$ synonyms
    select 'vsynonyms',
    substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
    from (select null p, SYNONYM_NAME c
    from ALL_SYNONYMS
    where table_name like ('V$%')
    union all
    select -- users/roles and roles granted
    granted_role p,
    grantee c
    from dba_role_privs
    where granted_role != 'DBA'
    union all
    select -- users/roles with select on DBA views
    table_name p, grantee c
    from dba_tab_privs
    where privilege = 'SELECT'
    and table_name like ('V$%'))
    where (c = 'PUBLIC' OR c in (select username from dba_users))
    AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
    start with p is null connect by p = prior c

    I've modified the sql to include GV$ and all select [any] privs.
    select 'vview',
    substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
    from (select null p, view_name c
    from dba_views
    where view_name like ('V$%') OR view_name like ('GV$%')
    union all
    select -- users/roles and roles granted
    granted_role p,
    grantee c
    from dba_role_privs
    where granted_role != 'DBA'
    union all
    select -- users/roles with select on DBA views
    table_name p, grantee c
    from dba_tab_privs
    where privilege like 'SELECT%'
    and table_name like ('V$%') OR table_name like ('GV$%') )
    where (c = 'PUBLIC' OR c in (select username from dba_users))
    AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
    start with p is null connect by p = prior c
    union
    select 'vsynonyms',
    substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
    from (select null p, SYNONYM_NAME c
    from ALL_SYNONYMS
    where table_name like ('V$%') OR table_name like ('GV$%')
    union all
    select -- users/roles and roles granted
    granted_role p,
    grantee c
    from dba_role_privs
    where granted_role != 'DBA'
    union all
    select -- users/roles with select on DBA views
    table_name p, grantee c
    from dba_tab_privs
    where privilege like 'SELECT%'
    and table_name like ('V$%') OR table_name like ('GV$%') )
    where (c = 'PUBLIC' OR c in (select username from dba_users))
    AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
    start with p is null connect by p = prior c

Maybe you are looking for

  • SharePoint 2013

    HI, Here is what I am trying to do. I am basically getting the current logged in user . I started the  page(ASPX) without master page,  used SP Services and some jQuery and everything seems great and working.  However, the moment, I added master page

  • Why can't I access the 192.168.1.1?

    I have tried everyway I can think of, but it still won't connect. I enter the generic pw "admin" and it just comes back with the same screen where it wants un and pw. I have reset it a hundred times.

  • Mandatory Authorization object for the BO user

    Dear All I am facing some problem for the BO user. can you let me know what are mandatory Authorization object for BO user to run the dashboard without error. Fast reply appreciate. Thanks Haji

  • HT201272 When I try to play a previously purchased/downloaded song, I get an error message...

    When I try to play a previously purchased/downloaded song, I get an error message that states "The song .... could not be used because the original file could not be found. Would you like to locate it?" If I try to locate in my files, I can't find it

  • How do I prevent users from logging into my machine in single user mode?

    I established an standard accounts for my family.  My son figured out that if he logs into the machine in Single User mode that he logs in as the root user.  He then proceeded to create another user with administrative privileges and change his accou