How to Apply a Newly Created Access Policy on Existing Users in OIM????????

Similar Messages

• PF attribute modification in Access Policy for existing users.

  Hi Guys,
  I have an access policy for provisioning a resource. Suppose if I make some changes for the process form attribute value inside the access policy,How can I have the same attribute value reflected in the process form of users who are already provisioned by the access policy?
  Direct database update wont be a good idea here as I am having multiple access policies for the same resource. Is there any table which is having the relation between provisioned resource and curresponding access policy if at all I have to go for a custom scheduled task?
  Thanks,

  Does this solution also supposed to work in OIM 11g? I Tried it but data on the main form does not get reflected on the process form of existing users. For child data it does work.
  Edited by: bsteen on Aug 5, 2011 5:21 AM

• Access Policy for Existing Users

  Hi,
  Here is the Scenario:
  1. We have AD resource object having "Allow Multiple" Unchecked
  2. We have Users who are already provisioned to AD
  We are trying to introduce Auto Provisioning into our system for AD, I know new users will be evaluated against Access policies and will be provisioned to the resource and hence groups management will be taken care automatically, Questions:
  1. If I disable resources (and not revoke) for these new users what will be the group membership status -will they be removed from group?
  2. How to pull existing users under this auto prov umbrella? My thoughts: by writing a custom scheduler that will check resource provisioned and make it as part of the group, but will resource be revoked automatically if group is removed for these users? If not what should be the approach for existing users?
  Thanks in advance

  I've completed a similar tasks using SQL.Take a look at the following table and you can do these tasks:
  UPP, UPD, USG, POG and AD group table 'UD_ADUSRC'

• How can i add newly create infotype in t.code po13

  Can any one pl tel me how can i view newly created infotype in t.code PO13
  Edited by: Utkarsh M parikh on Mar 10, 2010 5:29 PM

  See:
  Mac OS X Automation,
  Automated Workflow Tips,
  Introduction to Automator tutorial, and
  a four-parter on Automation in Snow Leopard by Sal Saghoian:
  Snow Leopard Services,
  Services for iPhoto,
  Safari and WebKit integration, and
  Installing and using services.
  Finally, 
  Developing AppleScript Applications and
  Apple's Automator Developer Documentation

• How to get the Newly Created Material

  Hi all,
  Iam creating Materials using BDC sessions method,My Problem is to update the Newly Created Material in a Ztable.
  so iam getting the Newly created Matnr by the following peice of code
      SELECT  matnr FROM mara INTO  TABLE v_matnr
                             WHERE ersda = sy-datum
                             ORDER BY matnr DESCENDING.
  But the thing is,we are getting Previously created material.i.e the new material will be  created only after the sessions are processed,but when i write the above code in the program we are getting previous material.
  so how to update the newly created material.
  I think we can't do  that through program because we can get new material only after processing the session..so what is the solution for this.should we use userexits for getting the newly created material.
  thanks in advance
  balaji

  Hello,
  Use the <b>BAPI_MATERIAL_SAVEDATA</b> to create the materials.
  The BAPI will return the Material number which is created at that instance by which u can update the ZTABLE.
  Vasanth

• Creating access policy using OIM 11g APIs

  Is there a way to create an access policy using API? I see that there is AccessPolicyService but it only supports evalutePoliciesForUser. I need a way to add and modify policies.
  I'm using OIM 11.1.1.5
  Edited by: DJ on May 21, 2012 11:53 AM

  FYI, I hope the following links might be helpful, if you did not come across them before:
  OIM API for Create Access Policy:
  http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
  Example Code for OIM API Creation of Access Policy
  http://learnidm.blogspot.co.uk/2011_08_01_archive.html
  Thanks,
  Krish.

• Can someone please tell me how to view a newly created Genius playlist (not via Up Next, but as a stand-alone playlist)?  Thank you!

  Can someone please tell me how to view a newly created Genius playlist (not via Up Next, but as a stand-alone playlist)?  Thank you!

  >> then I get a completely blue screen.
  That probably means that you're not looking at a bug in Photoshop, but a problem with a driver - and the most likely cause would be your video card driver.
  And sure enough, your video card driver is almost 2 years out of date.
  Please go to NVidia's website and get the latest driver - then follow their directions for installation (so you don't get bits of old driver left over).

• Create schedulers for all existing user jobs

  Hi Forum,
  In my database (Oracle Database 10g Enterprise Edition Release 10.2.0.4.0), I have 7 DB schemas.
  There are total existing 50 jobs (usaer_jobs).
  I want to shift them all to scheduler (user_scheduler_jobs).
  My plan is,
  1.     Create schedulers for all existing user jobs.
  2.     Enable all schedulers.
  3.     Disable all jobs.
  Is there any way / method for such shifting? I am ready to this exercise schema wise at a time.
  How to create scripts for creating schedulers from existing jobs?
  Thank you & regards..

  PROCEDURE CREATE_JOB
  Argument Name               Type               In/Out Default?
  JOB_NAME               VARCHAR2          IN
  SCHEDULE_NAME               VARCHAR2          IN
  JOB_TYPE               VARCHAR2          IN
  JOB_ACTION               VARCHAR2          IN
  NUMBER_OF_ARGUMENTS          BINARY_INTEGER          IN     DEFAULT
  JOB_CLASS               VARCHAR2          IN     DEFAULT
  ENABLED               BOOLEAN           IN     DEFAULT
  AUTO_DROP               BOOLEAN           IN     DEFAULT
  COMMENTS               VARCHAR2          IN     DEFAULT
  CREDENTIAL_NAME          VARCHAR2          IN     DEFAULT
  DESTINATION_NAME          VARCHAR2          IN     DEFAULTdoes not appear to be an available option.

• Create new mailbox for existing users?

  Hi All,
  I am new to JNDI concepts. I need to create new mailbox for existing users in domino directory. is it possible?
  Scenario is : I have some users in domino directory. They dont have mail account now. I want to create it.
  Kindly guide me...
  Thanks,
  Ram

  Hi,
  You can try LSMW (Direct method) for uploading class values.
  Upload file can hae following structure:
  OBJEK     |     ATINN     |     KLART     |     ATWRT
  Release Grou+Release strategy |     Characteristic name     |     Class type     |     Class Value
  e.g. rel grp is PO, rel strategy is 01, characteristic name is EBAN_EKORG, and class value is 1000 then
  OBJEK     |     ATINN     |     KLART     |     ATWRT
  PO01     |     EBAN_EKORG |     032     |     1000
  multiple characterstics can be
  OBJEK     |     ATINN     |     KLART     |     ATWRT
  PO01     |     EBAN_EKORG |     032     |     1000
  PO01     |     EBAN_EKGRP |     032     |     100
  Regards,
  Yogesh

• Not able to get the AD organizations list while creating access policy

  Hi All,
  Had created IT Resource for AD server, and was able to successfully connect to it. And Now when I try to create a access policy, where I am not able to view any organization from AD.
  Can someone please let me know how to resolve this.
  Thanks in advance.....
  Regards
  Arun

  Please check the error log which I am getting when I ran the schedule job
  ======= Start Stack Trace =======================>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ADLookupReconTask : performReconciliation>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <Description : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecu
  rityContext error, data 52e, vece ]>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.exception.ConnectionException: [LDAP: error code 49 - 80090308: LdapErr: D
  SID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
  at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
  at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
  at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
  at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
  at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  >
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <================= End Stack Trace =======================>
  Based on which I had checked the credentials I provided, and they are correct. I am able to connect to AD with same credentials when I create new IT Resource.
  Not sure what went wrong
  Regards
  Arun

• How to view your newly created webservice in dynamo administrator??

  hi everyone,
  i newly created a webservice for getGiftlistId and i can successfully see that in my dynadmin webservice Registry . but when it comes to accessing that getGiftlistId.wsdl i could not able to find the URL fo the same. For example we have a webservice for getInventory , we can access the wsdl with a URL http://hostname:port/commerce/inventory/getInventory?WSDL.
  getInventory is a pre-built ATG webservice. so we can access directly with the above given URL. how can i access my getGiftlistId ??
  can anyone tell me the how that url's will be constructed???
  Thanks&Regard,
  Ravi.

  I don't know much about webservice.
  But when I generate server side code(for testing purpose) from wsdl using generate java bean skeleton option, It generates InvokeMY_SERVICE_SEIPort.wsdl.
  So to access the webservice I used following url:
       http://domainname:port/Webservice_context_root/../InvokeMY_SERVICE_SEIPort - this is the wsdl file path.
  In order to view the wsdl I used following url:
       http://domainname:port/Webservice_context_root/../InvokeMY_SERVICE_SEIPort?wsdl
  Thanks,
  Nitin.

• Create Access Policy with OIM API: can't fill child form

  Hi!
  I'm having a problem with creating OIM Access Policy with API. I'm doing the following:
  1. Create a new access policy via AccessPolicyIntf
  2. Add a resource object which will be provisioned to all users who are within policy scope
  3. Get Resource Object (Parent) Form Definition via FormDefinitionIntf
  4. Add data to parent form (AccessPolicyIntf setFormData(FormDefinitionKey))
  5. Now I want to add data to the child form, for that purpose I need to know child form definition key, but I can' get one, because there's no method like 'getChildFormDefinitionKey' in FormDefinitionIntf interface.
  Please, help me to get child form definition key, knowing parent form definition key and version

  See if this code helps:
  public String addChildTableValue(long userKey, String group, String objectName, String fieldName tcDataProvider ioDatabase) {
  log.debug("addChildTableValue() Parameter Variables passed are:" +
  "userKey=[" + userKey + "]" +
  "group=[" + group + "]" +
  "fieldName=[" + fieldName + "]" +
  "objectName=[" + objectName + "]");
  try{
  tcUserOperationsIntf userIntf = (tcUserOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcUserOperationsIntf");
  tcFormInstanceOperationsIntf formIntf = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
  boolean roleExists = false;
  //Result set of all Object for user
  tcResultSet obResultSet = userIntf.getObjects(userKey);
  if (obResultSet.isEmpty()){
  log.error("User has no provisioned objects");
  return "NO_OBJECTS_EXIST";
  }else{
  for (int ii=0; ii&lt;obResultSet.getRowCount(); ii++){
  obResultSet.goToRow(ii);
  if ((obResultSet.getStringValue("Objects.Name").equals(objectName)) &&
  (!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Revoked")) &&
  !(obResultSet.getStringValue("Objects.Object Status.Status").equals("Provisioning")))){
  log.debug("Resource object found: " + objectName);
  //Process Instance Key of the object
  long plProcessInstanceKey = obResultSet.getLongValue("Process Instance.Key");
  log.debug("Process instance key: " + plProcessInstanceKey);
  //Process Key for the parent for
  long plParentFormDefinitionKey = obResultSet.getLongValue("Process.Process Definition.Process Form Key");
  log.debug("Parent form definition key: " + plParentFormDefinitionKey);
  //Form version of the parent form
  int pnParentFormVersion = formIntf.getProcessFormVersion(plProcessInstanceKey);
  log.debug("Parent form version: " + pnParentFormVersion);
  //Result set of Child Form information
  tcResultSet childFormResultSet = formIntf.getChildFormDefinition(plParentFormDefinitionKey, pnParentFormVersion);
  //Child form definition key
  long plChildFormDefinitionKey = childFormResultSet.getLongValue("Structure Utility.Child Tables.Child Key");
  String plChildTableName = childFormResultSet.getStringValue("Structure Utility.Table Name");
  log.debug("Child form definition key: " + plChildFormDefinitionKey);
  log.debug("Child table name: " + plChildTableName);
  tcResultSet childFormData = formIntf.getProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey);
  if (!(childFormData.isEmpty())){
  log.debug("Searching child table current values");
  for (int iii=0; iii&lt;childFormData.getRowCount();iii++){
  childFormData.goToRow(iii);
  String fieldValue = childFormData.getStringValue(fieldName);
  log.debug("Child table entry: " + iii + " | value: " + fieldValue);
  if (fieldValue.equals(group)){
  roleExists = true;
  log.debug("Value already exists in child table");
  return "DUPLICATE_VALUE";
  log.debug("Value not found in child table");
  if (!roleExists){
  Hashtable childFormHash = new Hashtable();
  childFormHash.put(fieldName, group);
  formIntf.addProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey, childFormHash);
  log.debug("Value successfully added to table");
  return "VALUE_ADDED";
  log.debug("Provisioned resource " + objectName + " object not found");
  return "OBJECT_NOT_FOUND";
  catch(Exception ex){
  ex.printStackTrace();
  return "ERROR";

• How to add a newly created search group into portal's search functionality

  Is there a way to configure search in the portal to include a newly created search group?

  Could you please elaborate on what you are trying to do.
  What version of Portal are you using?
  What do you mean by a 'Search Group'?

• [OIM 9.1.0.2] Access Policy being evaluated to an OIM user disabled.

  Hi Gurus,
  I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
  Any tip on what I should take a look?
  Thanks in advance.

  Hi all,
  I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
  I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
  Thanks a lot.

• How can i get newly added contacts for a Mailbox User in Exchange Server 2013

  Hi all,
  I need to synchronize contacts in Exchange Server and Sugar CRM Application, for that
  i need to get newly added contacts for a User in Exchange Server 2013 by using EWS Managed API.
  I know how get the list of all contacts for a particular user , but in the list how i can find
  new contacts ?

  Hi Dora,
  that's the fun thing:
  You add your own property (and it'll be invisible to outlook users, not to worry).
  Extended Properties allow you to define custom property on Exchange Items. And it has a
  method for setting those too.
  Here's a short post doing a very simple intro on using Extended Properties.
  Glen's Exchange Blog is a generally useful resource when working with EWS, I'm confident you'll be able to find lots of tips there as well.
  Cheers,
  Fred
  There's no place like 127.0.0.1