GTC provisioning through SPML

Similar Messages

• Error obtained while provisioning using a GTC connector through SPML

  Hi,
  I am getting the following error while provisioning a resource using GTC and SPML... have created GTC and provisioning process ..is working for 1 instance (workflow) but have created a new instance with the same connector which is failing during the provisioning process and I am getting the below error.pLZ HELP. .
  WARN,21 Apr 2010 20:02:06,039,[XELLERATE.GC.PROVIDER.PROVISIONINGFORMAT],SPML Request validation result w.r.t SPML v2 CORE schema(pstc_spmlv2_core.xsd)-->true
  DEBUG,21 Apr 2010 20:02:06,039,[XELLERATE.ADAPTERS],Class/Method: tcADPClassLoader/getClassLoader entered.
  DEBUG,21 Apr 2010 20:02:06,039,[XELLERATE.ADAPTERS],Class/Method: tcADPClassLoader/getClassLoader left.
  WARN,21 Apr 2010 20:02:07,336,[XELLERATE.GC.PROVIDER.PROVISIONINGTRANSPORT],SPML Response validation result w.r.t SPML v2 CORE schema(pstc_spmlv2_core.xsd)-->true
  WARN,21 Apr 2010 20:02:07,352,[XELLERATE.GC.PROVIDER.PROVISIONINGTRANSPORT],1. <errorMessage> present in SPML response is -->errorMessage=Retrieving the COM class factory for component with CLSID {BC8E841F-B86D-49E9-9422-3426C9B99FAF} failed due to the following error: 8000401a.
  ERROR,21 Apr 2010 20:02:07,352,[XELLERATE.GC.PROVIDER.PROVISIONINGTRANSPORT],WSProvisioningTransportProvider.sendData :problem with private methods
  com.thortech.xl.gc.exception.ProvisioningTransportException: SPML_RESPONSE_ERRORCODE_CUSTOM
       at com.thortech.xl.gc.impl.prov.WSProvisioningTransportProvider.checkSPMLRespoenseError(Unknown Source)
       at com.thortech.xl.gc.impl.prov.WSProvisioningTransportProvider.getSOAPMessage(Unknown Source)
       at com.thortech.xl.gc.impl.prov.WSProvisioningTransportProvider.sendData(Unknown Source)
       at com.thortech.xl.gc.runtime.GCAdapterLibrary.executeFunctionality(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:618)
  Edited by: user9340488 on 21/04/2010 23:05

  Got the errors.
  1) DB_STATUS.. error was coming since the lookup I gave there was not actually created in the database due to a refresh I did while creating it effectively deleting all the entered data.
  2) The error in logs was coming due to wrong input of the GTC database provider during the creation of IT Resource.

• How to force Windows Mobile Professional device to use only Wi-fi network provisioned through Afaria 7 SP4

  Hi
  We are deploying Windows Mobile Professional devices on our environments. All the devices connects only to internal network through Wi-fi.  Our security policy do not allow these devices to be connected to any other network (Other Wi-fi, Cellular etc).  Is there any way to force the devices to use only the Wi-fi network provisioned through Afaria.
  Tags edited by: Michael Appleby

  I have the same problem with an early 2013 macbook pro. gfxCardStatus ( http://gfx.io/ ) will allow you to force integrated and not do dynamic switching, however the external display still doesn't work.

• Direct provisioning through API - OIM 11g

  Hi,
  OIM 11g here. I am trying to use the APIs to make direct provisioning. What i have done till now:
  tcUserOperationsIntf userIntf = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
  ResourceData rd = userIntf.provisionResource(userkey, objectkey);
  now, in the ResourceData object i have two ids, obiKey and ouiKey. Now i need to extract the process instance key with those numbers. How can i do this?
  Using the userIntf getObjects method i can get the list of objects provisioned, iterate over it and retrieve the process instance key of the object which matches obiKey and ouiKey. Is there an easier method to do this?
  Another question, which one is the process instance key, ORC_KEY or ORC_TOS_INSTANCE_KEY ?
  Last, how do i trigger the task responsible for provisioning given the filled process form?
  thx in advance

  Ok, i guess the process instance key is ORC_KEY.
  Now i am trying to provision through APIs a resource object (say AD User) to an OIM user. I have used the provisionResource(userkey, objectkey) method, but the Create User task is not put in the Resource History (there is only the System Validation Task), and i don't know how to look for it's task id to add it manually.

• Unable  to work with Workflow Variable through SPML launchProcess Request ?

  Hi,
  I am trying to work with launch process request, which worked well with no error message when I am just using the workflow call through SPML "launchProcess Request " call. But when trying to use any workflow variable then getting exceptions. I don't undertsand about the error message. Is this trying to convert the variable in SIM variable.
  <spml:extendedResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#failure'>
  <spml:operationalAttributes>
  <dsml:attr name='errorMessages'>
  <dsml:value>Couldn't find method get4() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get4()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get3() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get3()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get2() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get2()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get1() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get1()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get0() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get0()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  </dsml:attr>
  Below is the code I am using .
  LighthouseClient client = new LighthouseClient();
       client.setUser("configurator");
       client.setPassword("configurator");
       String url = "http://xyz:8080/idm/servlet/rpcrouter2";
  client.setUrl(url);
       ArrayList mslist = new ArrayList();
       idlist.add("12345");
       System.out.println("UserList :- "+idlist);
       ExtendedRequest extReq = new ExtendedRequest();
       extReq.setOperationIdentifier("launchProcess");
       extReq.setAttribute("process", "TEST_WF");
       extReq.setAttribute("idList",idlist); //workflow Global variable
       ExtendedResponse res = (ExtendedResponse)client.request(extReq);
       if (res.getResult() .equals(ExtendedResponse.RESULT_SUCCESS))
       System.out.println("Workflow was successfully executed");
            } catch (Exception e) {System.out.println("Error : " + e.getMessage());}
  Please suggest me if I am using anything wrong. Its urgent... it halted my work.
  Regards,
  vinash.

  hi,
  in java code you set variable:
  extReq.setAttribute("my_email", "[email protected]");in express code of your workflow (you also can see it in your debugger if you set a breakpoint a the beginning of your workflow):
  <ref>my_email</ref>

• Modify user roles through SPML?

  Hi everyone,
  I've been stuck for a few days now on trying to modify the assigned role of a user through SPML. I'll be brutally honest with everyone: I have no idea whatsoever of what I'm doing, I just gather information and try to chuck along.
  Up to this point, I've been able to create users and search for users through SPML, and that's where everything falls down very rapidly. I'm using SPML 2.0 for creating users and SPML 1.0 for searching them.
  The IDM server has a specific role implemented named ITACCESS, which launches a process that calls other servers and things like that once it is assigned to a user. My goal is thus to modify the "Roles assigned" value of a specific user to "ITACCESS", basically.
  Am I wrong in thinking I can use SPML for this? What other ways of accessing the IDM server do I have available?
  The server is configured with the regular spml.xml and spml2.xml (stock sample ones, not modified). I have tried simply sending an SPML 2.0 modifyRequest, but to no avail:
  <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='IDMConnector-01' executionMode='synchronous' returnData='data'>
    <psoID ID='jlauwers'/>
    <modification>
      <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='roles' operation='replace'>
        <dsml:value>ITACCESS</dsml:value>
      </dsml:modification>
    </modification>
  </modifyRequest>
  ===========================
  <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='IDMConnector-01'>
    <pso>
      <psoID ID='jlauwers'/>
      <data>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
          <dsml:value>spml2Person</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='accountId'>
          <dsml:value>jlauwers</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
          <dsml:value>LighthouseFakePassword</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='firstname'>
          <dsml:value>John</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='lastname'>
          <dsml:value>Lauwers</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
          <dsml:value>[email protected]</dsml:value>
        </dsml:attr>
      </data>
    </pso>
  </modifyResponse>Any help would be gladly appreciated.
  Thanks for reading

  Hi everyone,
  I have had some amazing help and have finally been able to resolve this issue.
  For future reference:
  There is no need to change any attribute mapping or anything complicated, the following code and XML demonstrates an example to change assign a new role to a user in Sun IDM:
  LighthouseClient client = new LighthouseClient();
  client.setUrl("http://idmserver:8080/servlet/rpcrouter2");
  client.setUser("administrator");
  client.setPassword("administrator");
  ModifyRequest req = new ModifyRequest();
  SpmlResponse modifyResponse = new ModifyResponse();
  // enable server side trace
  req.setOperationalAttribute("trace", "true");
  // Set the objectclass
  req.setOperationalAttribute("objectclass", "userview");
  // Set the IDM Username
  req.setIdentifier("user:someuser");
  java.util.ArrayList al = new java.util.ArrayList();
  al.Add("NewRole");
  // Create, build and add a Modification to the request
  Modification m = new Modification("waveset.roles", al);
  req.addModification(m);
  modifyResponse = client.request(req);
  if (modifyResponse.getResult().Equals(SpmlResponse.RESULT_SUCCESS))
       Log.append("Modification succeeded");
  else
       Log.append("Modification not completed");The following is the typical XML exchange:
  <spml:modifyRequest xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'>
    <spml:operationalAttributes>
      <dsml:attr name='trace'>
        <dsml:value>true</dsml:value>
      </dsml:attr>
      <dsml:attr name='objectclass'>
        <dsml:value>userview</dsml:value>
      </dsml:attr>
      <dsml:attr name='session'>
        <dsml:value>AAAFJgAAILoAAAUGH4sIAAAAAAAAAMVaW2+jOBh9n1+B1Ic8rdpcmklH6UiEkK41BBCEVtqXiBI36y0BxGVGmV+/BnLB2DFgHqZP6fkcn2Nsvpszt7P3/6CXSoF7gM8DeXdAAUrS2E3DeCDF0N0ZgX98HqRxBgdSUg7eoAMMs/R5MJ4+5H8DyQ/3KFiHu5c4zKLnwR1Y3s0mTxNlPBrLT8PJZDKefvvr61AdrR5m34aj4UxVV6uJMsPgajXD33eTVPY8mCT53M+D4Wgyefw6epg+PE1Hg+9fJGluxijwUOT6Sf4vBoxCiwU/pPQY4e84CcSS0a6kr62Etbz7GxMVo4qVVKbzvDALUok9Ldu4Q0nku0e9GOOArbxcA/3FMhxzKyuK4eibEuokJF+lxFXDG8GR5Niq1UPXK4K/pHILShkVgMP6CtS3groTmYZXVMydnNmqCIdOA/amoLPF+CQ8juYs0c4TFgbJCn1ITkngTYsp/t9ahqYKLElxI/cd+ShFNQmkoUmDIpvyAmhgA0REGPHeDdBvN0VhQKqoWZpkGNaLrIN/5A0wdAEdZugjr/4grmATu2loQBF6AHK2Qzfo66bG0+AsQR8pFkzCLPZqKipokwBLtQ3HUvpwS4WRreBia6tjW2AiaqjXsuULKfgqWhnFl7Xjc4T4/oT3XIXxgeY8oW14V4a17sZdRKE1TF0p/0TEpgraFKDW6kYuPomFRAcoYfCB9lRovBg6piI4TyoDjwMqOUgV7TKhgtO8FBLBm4A4T0exVHmjdg/gVCwVC6P46QV58soMITeMvNUYuq4qfQLJmbPuzGm8hQwhN35mojw5w9BCg5g/r3PVXPpNcwdBIo79wlv17TWwjYTOHv7MQTjdGtiCuLvrdaJd/dUmIF49YC6FXu0l9GGNkoA4lEtVU3tQguWaRXuFm6nxWBH6KA5/ogT7lxp/HecKMC3jFdjY5Qi408BHwSe5zVWIt826BvQfIpRukqB9UCMlQC6tbNvgRWCtauC+++T5IiAOqarLC03kfKGE4iQx3sYCW4zVgjkTQUpAHE4Lr3QtQGni7fsVxjt2Y+GWlSPExLv8ZlhLgYaC8q8b7KHEl9QwiOdT/5b1F7WPQBy9YNqgjz+Gu4O2uumjDhyiME6J00NAHG6wNg1rI+SFQo/yQleI74UMRcALyVHuYvN+F7Mvd8PKa8yZuRvOO2E5husOS94YHd9bnEicmS/nAGPSFeRtPE4uLiq6nscim6K4z1lWO/5zfiWkoZpr13VUbe204DxcTIZ8jULMHtdtO+9oXAOWeMfrnPSxVLFtLfLC3moYnUimqYUW0X5kNRsm+gQMQ8tUuXu34I/l6ba51qSyhD/TEhDvWGqa8bbNR+fde9XuRrzI/E/+dQJvBEfWwtF+9LhOKFib7zoahzUp7HnrUfAz+ic03iREtJNSPgG6zKPxxkchWPAVTIyqj8abFIjWf1WmehHItrVUIlQOnhjZNeENY7OeHtVheRRY9RrL0nhMhCu3ExtVqtJ4swaxorVgYhSQNN6kQLSULPefUU8yDI2Hgqos5/fkLfnciIqu50ng2o3KT+VnNUjjo/QJjzjY4CiTn0awHEg/XT/DhHc2jiX0Lf54OJ1N1YdRfouvPD4NF4+Lp/wWfzw7Pwdq8uLHATjh85FXJH8XCiU8HNxgJ2kowC9nkML4w/Xg5Xnen/TO7y/LmN+ffq/w/cv/lfR9TrogAACMAwenmPTYv5nNkZAnqXXTe+MZ/Q==</dsml:value>
      </dsml:attr>
    </spml:operationalAttributes>
    <spml:identifier type='urn:oasis:names:tc:SPML:1:0#GUID'>
      <spml:id>user:someuser</spml:id>
    </spml:identifier>
    <spml:modifications>
      <dsml:modification name='waveset.roles' operation='replace'>
        <dsml:value>NewRole</dsml:value>
      </dsml:modification>
    </spml:modifications>
  </spml:modifyRequest>
  ========================
  <spml:modifyResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#success'>
    <spml:operationalAttributes>
      <dsml:attr name='session'>
        <dsml:value>AAAFJwAAILoAAAUHH4sIAAAAAAAAAMVaW2+jOBh9n1+BNA95WrW5tE1H6UiEkK41BBCEVtqXihK36y0BxGVGnV+/xuSCwbHBPEyf0vM5PsfYfDdn4Rav/8EgVyJ/Dx9G6m6PIpTlqZ/H6UhJob+zovDzYZSnBRwpWTV4i/YwLvKH0fT2uvwbKWH8jqJNvHtM4yJ5GH0Fq6/z2f1Mm06m6v14NptNb7/9dTfWJ+vr+bfxZDzX9fV6ps0xuF7P8ff9LFeDAGZZOffDaDyZzW7uJtc3d9Prm9H3L4qysFMUBSjxw6z8FwMW0eLANyX/TPB3vAxiyWhX0TdWwlre1YWJyCiyktp0QRAXUa6wp2UbdyhLQv/TJGM88KKuNsB8dCzPflE1zfLMbQX1ElKuUuGq4Y3gSPJc3Rmg6wnBX0q1BZWMGsBhfQL6M6HuRWbgFZG5syNbHeHQGcDdEjpXjk/B49qcFdp7QmJQnDiE9JQULloM+f/FsQxdYkman/ivKEQ5akigDSINmmqrS2CALZARYaXvfoR++zmKI1pFwyKSYTmPqgn+UbfAMiV02HGIguaDOIMidtsygCb1ANRihy7QN03C0+CtwBApDsziIg0aKmqoSICju5bnaEO4FWJkKzjZuup4IZiMmtZr2fGFlHwVnaLFV3Tj86T4/oT3XMfpvs15QLvwri1n04+bRKENzH2l/ETFphoqClAbfauST3Ih0QNaHL2h91ZoPBl6piI4T6oCjwdqOUgd7TOhhtO8HFLBm4I4T0dzdHWr9w/grVgqF0bx04vK5JUZQi4YeauxTFPXhgSSI2fTmbfxDjKk3PiRqeXJGYYOGuT8eZOr4dIvmnsIknHsJ966b2+AXST09vBHDsrpNsAOxP1dr5fsmq82BfHqAXsl9WqvYAgblBTEoVzphj6AEqw2LNozLKbGY2XokzT+iTLsXxr8TZwrwHasJ+BilyPhTqMQRR/0Ntch3jabBjB/yFD6WYbeowYpBXJpVdcFjxJr1SP/NaTPFwVxSHVTXRoy5wtlLU4a420scOVYHVgyUaQUxOF08Eo3EpQ23r5fcbpjNxYuWTlCbLzLz5azkmgoaP/60TtU+JIEg3g+9W/VfNSHCMTRC+YCffwx3B109e0QdWCfxGlOnR4K4nCDjW05WykvFActL3SG+F7I0iS8kJqULrbsdzH7chesvMacXbrhshNWYrjucNSt1fO9xYnEkfl0DjCmnEHexuPk4qSi73kk2VSL+5hldeM/5ldSGuq5dlNH3dZNC87D5WSo5yjE7HFdtvOOxjlgyXe8jkkfSxXb1iEvHKyG0Ylkmjpoke1H1rNhqk/AMHRMlft3C/5Ynu7aG0OpSvgjLQXxjqVhWM8v5eiye6+7/YiXRfjBv07gjeDIWnrGjwHXCYRVfNchHCZSOPDWg/Az+idtXCREtpNSPYF2mdfGhY9CsuAjTIyqr42LFMjWf3WmZhHItnVUIlUOHhjZNeEFo1jPgOqwOgqseo1lER4T6crtwNYqVdu4WINc0UqYGAVkGxcpkC0lq/1n1JMMg/BQtCrLxRV9S76wEtL1PAjc+En1qfqsR3n6qXzATxxscJQpTyNYjZSfflhgwq8ujiXtW/zp+HZ+q19Pylt87eZ+vLxZ3pe3+NP58Tm0Jic/DsAJX4gCkvydKLR4v/ejnWKgCL+cUQ7TNz+Ap+d5ddC7uDotY3F1+L3C9y//A9c39n66IAAAcSF27Dd5WEeyXvWz8UvVSYrS48Y=</dsml:value>
      </dsml:attr>
    </spml:operationalAttributes>
  </spml:modifyResponse>HTH,

• Request  submitted for provisioning through CUP

  HI All
  I am using SAP GRC 5.3
  i am using Compliant User Provisioning for creating requests.
  After submitting the requests  does CUP directly talk to target System or does it talk to any provisioning engine
  In short I want to know what actually happens( internally)  when a request is submitted for provisioning through CUP
  Thanks
  Jagan

  Mph,
    Once you complete the request in CUP and when it passes through all the approval stages, CUP will directly connect to target SAP system to provision users and roles. CUP has the java front-end which initiates the request and then it connects to the ABAP programs which are installed target SAP system for provisioning.
  Hope this helps.
  Regards,
  Alpesh

• GTC Connector using SPML Format Provider and Web Services Transport Provide

  Hello All,
  Did any body create a GTC connector which uses SPML Format for Format Provider and Web Services format for Transport Provider?
  Is there any doc which talks about the same?
  I need to provision to a system over web services and I thought GTC using the above formats should be an easy approach. Am I right?
  I was trying to follow:
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/devgtc.htm#BABDFDFE
  But Iam getting lost in the immerse details.
  Thanks in advance.

  Hi ,
  I tried creating one and am getting the following error while provisioning:
  SPML Response failed V2 schema validation
  Th eoracle document says :Ensure that the SPML response returned by the target system conforms to the SPML V2 standard specification
  Please help me with the same. What is it that needs to be done here.
  Thanks
  WIP

• OIM 11g R2 - Setting a field as mandatory while provisioning through catalo

  Hi,
  May I know how i can make a field as mandatory (Red Asterick) while trying to provision an account through catalog wizard.I dont see any option to set required=true while creating a form for an application instance.Thanks.

  login to sysadmin-> create sandbox-> go to form designer->select your form now click on customize link(right top corner)->select your attribute and set the required field as true and then save it. finally export sandbox. run catalog sync job. and then verify if attribute is mandatory in the request form/dataset or not.
  same mentioned in R2 release note

• GTC connectors and SPML compliant

  Hi
  I am trying to integrate a target application using GTC connector transport providers as web services and Format providers as SPML and even i have to create a dummy web service which is compliant with SPML so that it can be integrated with OIM.
  can any one pl help me to create a Dummy webservice compliant OIM SPML?
  Web services shud be created using Java.The web service needs to store data the in txt file and send a response to OIM.

  Make sure you are exporting the Generic Connector type object, and not the Resource Object. There are configurations that only come when you export this way. Otherwise you only get the resource and process definition workflow, and none of the configurations.
  You might also need to export the provider definition as well and import.
  -Kevin

• Limitations of Auto-Provisioning through CUP (AE)

  Hi all,
  I am looking for some information on what are all the benefits and limitations of using auto-provisioning over manual provisioning for the backend systems through CUP (AE).
  We are implementing GRC AC 5.3 and it is organization's business decision whether we need the proviosing piece to be automated or not. However, I would like to get your suggestions based on your project experiences esp in a decentralized security administration where security admins are in different geographical locations and have to provision only for their user groups.
  Can we perform all the activities thro' auto-provision similar to a security administrator manually creating a user, assign appropriate user groups etc.,  or is there any limitation?
  Which approach would be better for decentralized administration?
  Appreciate your suggestions..
  Thanks
  Siri

  Hi Alpesh & Williams,
  The user default settings such as date, timezone, decimal etc can be configured through the 'user defaults' and 'user default mapping' . I see the option of assigning user  groups and appropriate parameters too.
  Say the user belong to user group AAA_XXX  and another user belongs to AAA_YYY, where
  AAA - location
  XXX - Dept
  I have configured these (location, dept) as required fields while entering the request in CUP .
  However, during run time how will the correct user group be assigned to the user. Is it through the user default mapping? Where do we maintain all the user group information that is available in the ECC system? Do we have to create user default, user default mapping for each user group??
  The documentation from SAP is not very clear .. Appreciate if you can provide some lights on this area.
  Thanks
  Siri

• Portal Roles Intial load and Provisioning through IDM UI

  Dear All,
  I am trying to assign portal roles to Users in IDM 7.1 SP5.
  For this two activities needs to be performed:
  1) Portal roles Initial load in IDM Identity store
  2) Provisioning of Portal roles to Users through IDM UI
  Please suggest about the configuration guide or steps required for both points mentioned above.
  Thanks
  Honey

  Dear Christoph,
  Thanks for the reply.
  Now I am able to assign Role / Privileges to Users from IDM to UME.
  Require one clarification on  User / Identity creation:
  Where can I can set initial password for all the new user created from IDM UI ?
  I am able to create new User and assign roles as well from IDM UI and all is available in EP UME also.
  But when I am logging in with new user it is not taking the default password mentioned in Global Constant in IS.
  Do I need to mention the password somewhere else.
  Pls suggest.
  Thanks
  Honey
  Edited by: Honey Gyanani on Oct 6, 2010 9:10 AM

• Password policy not working fully through SPML

  We've come across a problem with password policy enforcement on IdM 6.0 where the "Number of Previous Passwords that Cannot be Reused" gets ignored. Consequently I can set the password back and forth between two values without error.
  If I attempt this through the IdM password interface, I get the message:
  {color:#ff0000}*Policy Violation (Password on Lighthouse User): New password cannot match any of the 4 previous passwords for this account.*
  {color}
  This is the response I am after through the SPML interface.
  Should this be supported? If it should be, where might I be going astray.
  The "Identity system account policy" set on the organisation I'm using is correctly configured to use the password policy as far as I can tell.
  Edited by: SuperDuperJavaSnooper on Aug 19, 2009 9:44 PM

  How do I go about reporting this as a bug of IdM 6.0?

• Provisioning through API

  All,
  Had a query regarding provisioning a resource to a user through OIM API. iam using the provisionObject in tcUserOperationsIntf which provisions a new resource for the user . I would like to pass in process form values before this provisions resource to the user . Currently i see that i can only set values on process form only when the provisioning happens.
  i require this because i want to choose which provisioning process to pick up based on a value on process form
  Thanks

  Something like that will also work . But whats complicating my requirement little bit , i have a single process form shared by two different process definition for this resource object . If i choose pre-population , i should prepoulate only for one process definition not the default process definition.
  Message was edited by:
  rufus

• Access provisioning through Access List

  I have Inter Vlan Routing done on my Core Switch, through which subnets are restricted to access each other, Example subnet of 10.1.23.0 cannot have access to subnet of 10.1.24.0.
  Due to certain requirement i want that 10.1.23.19(Users Worskstain IP) can access 10.1.24.41 (Users Workstation IP)
  Is it possible to do that, without disturbing my InterVlan Routing? Please suggest

  Below is the Configuration of Intervlan Routign on my core Switch, please suggest
  interface Vlan2
   description IAS
   ip address 10.1.14.2 255.255.254.0
   ip access-group IAS out
   vrrp 2 ip 10.1.14.5
   vrrp 2 priority 99
  interface Vlan3
   description MKT
   no ip address
   ip access-group MKT out
   vrrp 3 ip 10.1.6.5
   vrrp 3 priority 99
  interface Vlan4
   description ESG
   ip address 10.1.16.2 255.255.255.128
   ip access-group ESS out
   vrrp 4 ip 10.1.16.5
   vrrp 4 priority 99
  interface Vlan5
   description NMSG
   ip address 10.1.24.2 255.255.255.128
   vrrp 5 ip 10.1.24.5
   vrrp 5 priority 99
  interface Vlan6
   description OAG
   ip address 10.1.26.2 255.255.255.128
   vrrp 6 ip 10.1.26.5
   vrrp 6 priority 99
  interface Vlan7
   description SMG
   ip address 10.1.28.2 255.255.255.128
   ip access-group SMG out
   vrrp 7 ip 10.1.28.5
   vrrp 7 priority 99
  interface Vlan8
   description DMG
   ip address 10.1.30.2 255.255.255.128
   ip access-group DMG out
   vrrp 8 ip 10.1.30.5
   vrrp 8 priority 99
  interface Vlan9
   description DMS_UAT
   ip address 10.1.32.2 255.255.255.128
   ip access-group DMS_UAT out
   vrrp 9 ip 10.1.32.5
   vrrp 9 priority 99
  interface Vlan10
   description SEG
   ip address 10.1.34.2 255.255.254.0
   vrrp 10 ip 10.1.34.5
   vrrp 10 priority 99
  interface Vlan11
   description SEG-2
   ip address 10.1.33.2 255.255.255.128
   vrrp 11 ip 10.1.33.5
   vrrp 11 priority 99
  interface Vlan12
   description Finance_F2
   ip address 10.1.2.2 255.255.255.0
   vrrp 12 ip 10.1.2.5
   vrrp 12 priority 99
  interface Vlan13
   description Operations
   ip address 10.1.10.2 255.255.255.128
   ip access-group OPS out
   vrrp 13 ip 10.1.10.5
   vrrp 13 priority 99
  interface Vlan17
   description PD&T
   ip address 10.1.36.2 255.255.255.128
   ip access-group PDT out
   vrrp 17 ip 10.1.36.5
   vrrp 17 priority 99
  interface Vlan18
   description HR&Admin
   ip address 10.1.8.2 255.255.255.0
   ip access-group HR&Admin out
   vrrp 18 ip 10.1.8.5
   vrrp 18 priority 99
  interface Vlan19
   no ip address
  interface Vlan20
   no ip address
  interface Vlan21
   no ip address
  interface Vlan22
   description SEG3
   ip address 10.1.44.2 255.255.255.128
   ip access-group SEG3 out
   vrrp 22 ip 10.1.44.5
   vrrp 22 priority 99
  interface Vlan23
   description Call_Center
   ip address 10.1.42.2 255.255.255.0
   ip access-group CC out
   vrrp 23 ip 10.1.42.5
   vrrp 23 priority 99
  interface Vlan24
   description IT_Sec
   ip address 10.1.23.2 255.255.255.0
   vrrp 23 ip 10.1.23.5
   vrrp 23 priority 99
  interface Vlan25
   description Q-mgmt
   ip address 10.1.9.2 255.255.255.0
   ip access-group ACESSCONTROL out
   vrrp 25 ip 10.1.9.5
   vrrp 25 priority 99
  interface Vlan26
   description RTA
   ip address 10.1.150.2 255.255.254.0
   ip access-group RTA out
   vrrp 26 ip 10.1.150.5
   vrrp 26 priority 99
  interface Vlan27
   description P&D
   ip address 10.1.45.2 255.255.255.0
   ip access-group PD out
   vrrp 27 ip 10.1.45.5
   vrrp 27 priority 99
  interface Vlan28
   description Trustee
   ip address 10.1.18.2 255.255.255.0
   ip access-group TRUSTEE out
   vrrp 28 ip 10.1.18.5
   vrrp 28 priority 99
  ip access-list standard CC
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard CEO
   deny   10.1.2.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard CS
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
  ip access-list standard DMG
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard DMSSCAN
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard DMS_UAT
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard ESS
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard FIN
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard HRADMIN
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard IAD
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard IAS
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard ITSEC
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
  ip access-list standard MKT
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard NMSG
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard OAG
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
  ip access-list standard OPS
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard PD
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard PDT
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard Q-mgmt
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   permit any
  ip access-list standard RTA
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   permit any
  ip access-list standard SEG
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard SEG2
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard SEG3
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard SMG
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.18.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard TRUSTEE
   deny   10.1.2.0 0.0.0.255
   deny   10.1.4.0 0.0.0.255
   deny   10.1.6.0 0.0.0.255
   deny   10.1.8.0 0.0.0.255
   deny   10.1.9.0 0.0.0.255
   deny   10.1.10.0 0.0.0.255
   deny   10.1.12.0 0.0.0.255
   deny   10.1.14.0 0.0.0.255
   deny   10.1.23.0 0.0.0.255
   deny   10.1.24.0 0.0.0.255
   deny   10.1.26.0 0.0.0.255
   deny   10.1.28.0 0.0.0.255
   deny   10.1.30.0 0.0.0.255
   deny   10.1.32.0 0.0.0.255
   deny   10.1.33.0 0.0.0.255
   deny   10.1.34.0 0.0.0.255
   deny   10.1.35.0 0.0.0.255
   deny   10.1.36.0 0.0.0.255
   deny   10.1.38.0 0.0.0.255
   deny   10.1.42.0 0.0.0.255
   deny   10.1.44.0 0.0.0.255
   deny   10.1.45.0 0.0.0.255
   deny   10.1.48.0 0.0.0.255
   deny   10.1.50.0 0.0.0.255
   deny   10.1.150.0 0.0.0.255
   permit any
  ip access-list standard static-routes
   permit 10.1.136.0 0.0.1.255
   permit 10.1.138.0 0.0.1.255
   permit 10.1.142.0 0.0.0.255
   permit 10.1.144.0 0.0.1.255
   permit 10.1.160.0 0.0.1.255
   permit 10.1.200.0 0.0.1.255
   permit 10.1.204.0 0.0.1.255
   permit 10.1.210.0 0.0.0.255
   permit 10.1.222.0 0.0.1.255
   permit 172.18.100.0 0.0.0.255
   permit 172.18.101.0 0.0.0.255
   permit 172.18.102.0 0.0.0.255
   permit 172.18.103.0 0.0.0.255
   permit 172.18.104.0 0.0.0.255
   permit 172.18.105.0 0.0.0.255
   permit 172.18.106.0 0.0.0.255
   permit 10.1.146.0 0.0.0.255
   permit 192.168.1.0 0.0.0.255
   permit 10.1.145.0 0.0.0.255