Getting roles assigned to a user in OIM

Similar Messages

• How to get the list of roles assigned to a user in all the child systems

  how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

  Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
  Krysta

• How to get list of Roles assigned to each User

  Hi,
  I have to create a list containing Roles assigned to each user in xMII 11.5.
  Need your help !
  Thanks in Advance !
  Regards,
  Alok

  Alok,
  Did you search (sometimes it is also good to make sure to search the forum for All threads not just the default time window)?
  https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=5969490
  https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=4890045
  More info from the help docs:  http://help.sap.com/saphelp_xmii115/helpdata/en/Connectors/IlluminatorSystemConnector.htm
  Regards,
  Jeremy

• Function module to Delimit the roles assigned to the user

  Hi All,
  I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN"  to delimit the role assigned to the user.
  Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS"  passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
  Is there any other function module we can use to delmit the roles assigned to the user?  Please help.
  Regards,
  Krishnan

  hai,
  please try this.
  /VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
  /VIRSA/ROLE_ASSIGN_CUA_NH
  /VIRSA/RE_BAPI_ROLE_TO_USERS
  ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
  try this bapis this may work
  BAPI_USER_LOCK
  - BAPI_USER_PROFILES_ASSIGN
  - BAPI_USER_LOCPROFILES_ASSIGN
  - BAPI_USER_LOCACTGROUPS_ASSIGN
  - BAPI_USER_CHANGE
  - BAPI_USER_UNLOCK

• Multiple roles assigned to an user

  Hi folks,
  My question sounds to be something weird, but wanted to be cautious. I see a lot of users in my environment with multiple roles assigned to them. When i checked the roles of an user who has three roles assigned to him, i noticed that all the roles have some tables in common with the same grants in all the three roles, and all these three roles are assigned to the same user. Will there be any problem?
  An example to explain my senerio...
  User scott has three roles A,B and C assigned to him. All the three roles have execute on xy.abc procedure and select,insert,update,delete on xy.xyz table. Will there be any problem to the user who is assigned all these three roles. Will there be any confusion from oracle to chooose from which role?
  Thanks

  This sounds to be something new. So When a oracle
  tries to hold all the privileges does it do a
  distinct on the table grants, so that i will have
  just one entry of the privilege of an object, though
  it exists in all the roles assigned to that user.No, the table objauth$ looks like this,
    1* select * from objauth$ where rownum < 100
  SYS@etest> /
        OBJ#   GRANTOR#   GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
         133          0          5          0          1
         133          0          5          3          2
         133          0          5          5          3
         133          0          5          6          4
         133          0          5          9          5
         133          0          5         10          6
         133          0          5         11          7
         135          0          5          0          8
         135          0          5          3          9
         135          0          5          5         10
         135          0          5          6         11
        OBJ#    GRANTOR#  GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
  ---------- ---------- ---------- ---------- ---------- ------------------ ---------- ----------where
  OBJ# is object ID, could be any object not only table,
  GRANTOR# is user# , ROLE is also considered a special USER internally in Oracle.
  SYS@etest> select user#, name from user$
    2  /
       USER# NAME
           0 SYS
           1 PUBLIC
           2 CONNECT
           3 RESOURCE
           4 DBA
           5 SYSTEM
           6 SELECT_CATALOG_ROLE
           7 EXECUTE_CATALOG_ROLE
           8 DELETE_CATALOG_ROLE
           9 EXP_FULL_DATABASE
          10 IMP_FULL_DATABASE
  ..............So different roles will have different records in objauth$. Even it's same privilege of same object granted to same user.
  a GRANTEE# can have same privilege to the same object from different GRANTOR#

• SPML: search the roles assigned to a user and add others to him

  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?
  Thanks in advance,
  Gentjan

  coocooche wrote:
  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?I already find how to do it. I have to asked another question about SPML: is there any way to add new roles without searching the old ones?
  In other words i implemented a method that:
  1) search the roles assigned to a user and copy it to a List
  2) add to the List of the old roles, the new ones.
  Is it possible just to add the new roles without doing a search of the old ones? In this way the performance is better.
  Thanks in advance,
  Gentjan

• Assigning System Administrator role to a new user in OIM 11gR2

  I am trying to assign full access as xelsysadm to a newly created user but not able to. Unable to identify option to add System Administrator role. System Administrator admin role is available to TOP organization and we can not create a new user in TOP. any suggestion will be helpful.

  goto-> organization-> search and select Top organization-> open detail page-> click on Admin Role-> select Adminrole(System Administrator) -> click on Assign button-> select user and add it-> finally click on okay.

• Getting Roles assigned to Workset

  How can you retrieve all the workset attached to a role?

  Hi,
  You can retrieve the roles assigned to user using the code below:
          String userLogonID = "DUMMY_USER";
          String userUniqueID;
          try {
              userUniqueID = UMFactory.getUserFactory().getUserByLogonID(userLogonID).getUniqueID();
          } catch (UMException e) {
              userUniqueID = null;
              e.printStackTrace();
          if (userUniqueID != null) {
              IRoleFactory roleFactory = UMFactory.getRoleFactory();
              String[] roles = roleFactory.getRolesOfUser(userUniqueID, true);
              IRole role;
              if (roles != null) {
                  for (int i=0; i<=roles.length; i++) {
                      try {
                          role = roleFactory.getRole(roles<i>);
                          //use IPcdContext to retrieve embedded context from the role
                      } catch (UMException e) {
                          e.printStackTrace();
  Unfortunately I’m not ready to provide an exact code for worksets retrieving right now, please review the following link to find out how to work with PcdContext:
  PCD Object Properties
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/javadocs/nw04/sp12/pcd/com/sapportals/portal/pcd/gl/ipcdcontext.html
  Thanks,
  Yauheni.

• Finding roles assigned to a user ?

  Hi Folks,
  Is there a view that will list all role(s) assigned to a user in Oracle 11g?
  Thanks in advance
  rogers42

  DBA_ROLE_PRIVS will do it:
  SQL> desc dba_role_privs
  Name                                      Null?    Type
  GRANTEE                                            VARCHAR2(30)
  GRANTED_ROLE                              NOT NULL VARCHAR2(30)
  ADMIN_OPTION                                       VARCHAR2(3)
  DEFAULT_ROLE                                       VARCHAR2(3)
  SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
  Enter value for user: MBOBAK
  old   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
  new   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='MBOBAK'
  GRANTED_ROLE                   ADM DEF
  DBA                            NO  YESAlso, you can use the same query and give the ROLE as input to the GRANTEE predicate to see what roles that role confers:
  SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
  Enter value for user: DBA
  old   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
  new   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='DBA'
  GRANTED_ROLE                   ADM DEF
  DATAPUMP_IMP_FULL_DATABASE     NO  YES
  SCHEDULER_ADMIN                YES YES
  OLAP_DBA                       NO  YES
  EXECUTE_CATALOG_ROLE           YES YES
  DELETE_CATALOG_ROLE            YES YES
  OLAP_XS_ADMIN                  NO  YES
  SELECT_CATALOG_ROLE            YES YES
  EXP_FULL_DATABASE              NO  YES
  WM_ADMIN_ROLE                  NO  YES
  GATHER_SYSTEM_STATISTICS       NO  YES
  JAVA_DEPLOY                    NO  YES
  GRANTED_ROLE                   ADM DEF
  DATAPUMP_EXP_FULL_DATABASE     NO  YES
  JAVA_ADMIN                     NO  YES
  XDB_SET_INVOKER                NO  YES
  IMP_FULL_DATABASE              NO  YES
  XDBADMIN                       NO  YES
  16 rows selected.Hope that helps,
  -Mark

• How to assign AdminRole to user through OIM API

  Hi all,
  Can any one tell me which method I have to use to assign a AdminRole to user using OIM API..
  Thanks in Advance

  Hi karthik thanks for the link...
  it is throwing the following error
  Exception in thread "main" oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.platform.authopss.api.AdminRoleServiceDelegate
  can i know which jar file to add for this error
  thanks in advance

• Assign a role automatically based on resources assigned to the user?OIM 11g

  Hi,!
  i have a request and this is:
  in my scenario i have roles associated with access policies that assign resources .
  i have resources assigned by a target reconciliation ... what i need is assign a role based on resources that the user has..
  if the user has 4 resources added by a target reconciliation and these 4 resources make a role then the role has to be assigned automatically...
  any idea?? this is possible?? thnx..

  any idea?? ... this is possible??

• ESW: What are the roles assigned with CRM user in ESW?

  I would like to see the CRM from a Sales role and a marketing role

  Hi,
  you can use the installation Guid for that:
  http://help.sap.com/saphelp_nw04/helpdata/en/25/33533dc1c0b60fe10000000a114084/frameset.htm
  Only thing that is not exactly mentioned there. If you create a special user to use NWA on the J2EE - this user should have J2EE_ADMIN authorisation.
  Rest is described exactly in the Guide Mentioned above.
  Hope this helps to solve the issue.
  Regards,
  Oliver

• Roles assigned against a user id

  Hi All,
  I have a user id, I want to check if a role is attached to it or not, I already have the role.
  How can i go about it ?
  thanks,
  gols

  Goto Su01-->username--> Display or change mode -->check the tab that contains roles and assignments.
  SU01 Create/ Change User SU01 Create/ Change User
  PFCG Maintain Roles
  SU10 Mass Changes
  SU01D Display User
  SUIM Reports
  ST01 Trace
  SU53 Authorization analysis
  Thanks,
  AMS

• Report to see user type and roles assigned to users in EP?

  Hi,
  a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
  b) If  the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.

  By default Portal UME comes along with the installation of portal.
  Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories.  But you can also create users in the portal UME.  The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
  You can check them in user administration->identity management and search for the users.
  THere you can see some users will be from UME and some from LDAP.
  User Admin tool is nothing but User Administration only.
  Raghu

• EP role assignment to user id's deleted

  Hi,
  We have Windows Active directory server and the id's created there will be created in EP as well. (or both share the same db).
  Our Portal team will assign the roles to the newly created userid's using IMPORT function.
  1. Nearly we have 15k users. and today we have used the import functionality to assign roles to the 60 newly created users.
  2. The role assignment for 14k users which share the same domain(LDAP1) deleted.
  3. The role assignment for other users who use other domain(LDAP2) exists.
  What would be the root cause of the problem?
  Is it possible to take System log from EP system -> system admin ? or we need to ask the basis admin to retrieve issue log?
  Thanks!
  Dhiyu

  Hello Shabir,
  Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
  Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
  This will solve ur problem.
  Regards
  Deb
  [Reward points for helpful answers]