How to assign AdminRole to user through OIM API
Hi all,
Can any one tell me which method I have to use to assign a AdminRole to user using OIM API..
Thanks in Advance
Hi karthik thanks for the link...
it is throwing the following error
Exception in thread "main" oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.platform.authopss.api.AdminRoleServiceDelegate
can i know which jar file to add for this error
thanks in advance
Similar Messages
-
Enabling a User through OIM API
Hi I am trying to enable a user through OIM API, However the end date is already passed for that user, I am setting up a new end date through the Program (showm below). However the update user is not working (i am not sure).
Map usermap = new HashMap();
usermap.put("Users.User ID", User_id );
Map grpmap = new HashMap();
grpmap.put("Groups.Group Name", Group_Name);
tcResultSet ts = userClient.findUsers(usermap); //find all users
String existing_end_date = ts.getStringValue("Users.End Date");
tcResultSet tg = groupClient.findGroups(grpmap); //find requireq group
long ukey = ts.getLongValue("Users.Key");
long gkey = tg.getLongValue("Groups.Key"); //find group key
// ENABLE THE USER
java.util.Date new_end_date = new java.util.Date(111,1,1);
Calendar cal = Calendar.getInstance();
cal.setTime(new_end_date);
DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
String Str1 = dateFormat.format(cal.getTime());
String Str2 = existing_end_date + " 12:00:00";
System.out.println(User_id+" OLD End Date:" + Str2 + " New End Date: " + Str1);
Map usermap2 = new HashMap();
usermap2.put("Users.User ID", User_id );
usermap2.put("Users.End Date", Str1);
userClient.updateUser(ts,usermap2);
userClient.enableUser(ukey);
I am getting the following error:
U0000018 OLD End Date:2009-09-30 12:00:00 New End Date: 2011-02-01 12:00:00
2/12/2010 15:02:53 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: The user cannot be enabled because the end date is passed.
Not sure why it is happening. It looks like the Updateuser is not working, or something else?
Please advise. Thanks in advance.Hi Suren,
thanks for the note.
I found that as soon as I enable the user, I am getting the followimg messages in the opmn logs:
INFO,06 Dec 2010 10:55:41,841,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:41,944,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,402,[XELLERATE.JAVACLIENT],System Event Handler: Enabling the User
INFO,06 Dec 2010 10:55:42,421,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:42,427,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,439,[XELLERATE.JAVACLIENT],System Event Handler: Changing application data based on Organization change.
INFO,06 Dec 2010 10:55:42,442,[XELLERATE.JAVACLIENT],System Event Handler: Auto-Group Membership Event.
INFO,06 Dec 2010 10:55:43,715,[XELLERATE.JAVACLIENT],System Event Handler: Evaluating User Policies
So, the access policies are getting evaluated, triggering provisioning processes.
What I am planning to do is, to disable the access policies and try to run the Program.
Because of this issue, my Program is throwing an error (until I looked into the opmn logs, it doesn't make sense).
6/12/2010 10:55:50 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: Error occurred enabling Xellerate User instance.
Regards
Vijay Chinnasamy -
How to assign roles to users using WL api?
Hi,
We have a requirement to allow creation of new users through application screens and assign groups and roles to those users.
My users will exist in external LDAP server while my groups and roles will exist in embedded LDAP server. Using WL APIs i am able to create users and add them to groups using the code peices given below:
========================================
userProviderControl.createUserSimple(form.userID, form.password);
groupProviderControl.addUserToGroup(ocnGroup, form.userID);
========================================
How do i assign roles to this new user programatically?
If i add a role from console (Home > Realm Roles > Summary of Security Realms > myrealm > Realm Roles -> Global Roles) and edit role condition to add this newly created user then i it works fine. I want to achieve the same i.e. edit role condition programatically.
Any help will be greatly appreciated.
Thanks,Problem Solved !!!
The data-type conversion needs to be performed in the SPML2 Person Form. Add a Field called waveset.roles and map it to the SPML2 attribute name being used in ur client. It's best done through a rule.....
If anybody is facing similar problem and need more details....please email me @ [email protected] -
Provisioning OIM user using OIM APIS
Hi All,
Could anyone help me out on how to provision a User using OIM APIS.
Thanks and Regards,
Vaasu.public class GetGroups {
tcUtilityFactory utilFactory = null;
tcSignatureMessage moSignature = null;
tcUserOperationsIntf moUserUtility = null;
tcResultSet userResultSet,userSet = null;
ConfigurationClient.ComplexSetting myConfig = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
final Hashtable env = myConfig.getAllSettings();
Map v = new HashMap();
public void UserGroups(String userid) {
try {
System.out.println(" I am in TRY");
moSignature = tcCryptoUtil.sign("xelsysadm", "PrivateKey");
utilFactory = new tcUtilityFactory(env, moSignature);
moUserUtility =
(tcUserOperationsIntf) utilFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
v.put("Users.User ID", userid);
userSet = moUserUtility.findAllUsers(v);
long user_key = userSet.getLongValue("Users.Key");
System.out.println( " Group Name " + grpName );
} catch(Exception e){
e.getMessage();
Like that
moobjIntf =
*(tcObjectOperationsIntf) utilFactory.getUtility("Thor.API.Operations.tcObjectOperationsIntf");*
Map objmap =new HashMap(0;
objmap.put("Objects.Name", "AD User") \\ just hardcoding this AD User you can pass it as variable also
tcResultSet moResultSet = moobjIntf.findObjects(objmap);
long obj_key = moResultSet.getLongValue("Objects.Key"); -
Assigning roles to LDAP users through BIP API
Hi.
My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
Is it possible to make that assignments through BIP API?
If not, any other ideas? New ideas or different approaches are welcome.
Thanks in advance.In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
Let me know if that helps. -
How to lock the AD Account through OIM
Hi.
I am provisioning AD through OIM 11g using the AD Connector. I have done the create user, modified user provisioning through OIM in AD successfully without any issue.
I would like to lock the OIM account and also lock the respective target accounts when OIM account is locked.
I have done the following task to lock the account in OIM and also in AD through OIM. They are
Process Definition Task
I have created the Change Account Status task in process definition.
This task will populate the OIM Account lock status value to the AD Account is Locked out field in the ADUSER form using the OIM API. The same API is working for all First Name, Last Name etc modification without any issue.
Lookup Definition
I have added the following entry in the Lookup.USR_PROCESS_TRIGGERS Lookup Definition
Code Key : USR_LOCKED and Decode : Change Account Status
OIM Admin Console
I have logged into the OIM admin Console as a Administrator and I have search the user and click the Lock Account button. The OIM Account is locked , but target resource account was not locked and also Change Account Status task was not triggered by OIM.
Do i need to do any special configuration for account lock for the target resource.
Help is greatly appreciated.In your System Configuration variables, find the value for "XLUserResource.ProvisionMode". Make sure this is set to Java and not DB.
>
This property determines whether provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure, or in the Java layer via Event Handlers.
Note: See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about Event Handlers.
This property has the following allowed values:
DB: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure. This in turn does not trigger any further process. Therefore, custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource does take place.
Java: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer via Event Handlers. Custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource takes place. This is applicable to the upgrade scenario, where you have your own tasks associated with provisioning processes in earlier releases of Oracle Identity Manager, and you want them to run even after 11g upgrade. In such scenario, set the value of this property value to JAVA.
>
-Kevin -
How to assign WSNavigatorRole to Users
Hi,
By default the role WSNavigatorRole is assigned to the group "Administrators". But our requirement is to assign this role to few individual users along with the administrators of the system. For this we tried to configure the Portal settings for the WSNavigatorRole in Visual Admin tool.
While doing so, we found that we can only provide the WSNavigatorRole to any one of the Pre-defined Security Roles and their associated groups and cannot assign specifi users for this role.
Can anyone please tell me how to assign the WSNavigatorRole to few specific users in Portal ?
Regards,
Anirban KunduGet the 'roleOccupant'or 'uniqueMember' etc. attribute of the group, via its DN. Add the member DN to the attribute. Replace the attribute in the group.e
-
How to create a Connection to UDB Database through OIM APIs.?
Hi,
In our OIM (9.1.0.2) implementation, there is a need to connect to a UDB database to execute some select queries and get the data. Is there any way in which I can do this?
I tried creating an ITResource to have all static database related information, but I was not able to use that ITResource and create an actual database connection in the java code.
As far as possible, I don't want to use any JDBC code to create the connection but want to know if there are any inbuilt OIM APIs which can help me in creating a database connection to point to the UDB database.
(We don't have the DBUM connector deployed.)
Please get back with your views/info on this.
Thanks,
Kulesh...Here is a constructor code for connecting to a database:
public DatabaseConnection(String hostname, String port, String driver, String sid, String admin, String password) throws ClassNotFoundException, SQLException{
log.info(CLASS_NAME + " -----> inputs=hostname[" + hostname +
"]port[" + port +
"]driver[" + driver +
"]sid[" + sid +
"]admin[" + admin +
"]password[********]");
Properties connectionProps=new Properties();
connectionProps.setProperty("user", admin);
connectionProps.setProperty("password", password);
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=" + hostname +
")(PORT=" + port +
"))(CONNECT_DATA=(SID=" + sid + ")))";
Class.forName(driver);
con = null;
con = DriverManager.getConnection(url, connectionProps);
If you want to use SSL, you will want to configure tcps for jdbc connection to the database, or any other form of connection and update your URL string for it.
-Kevin -
How to assign profiles at user level ?
hello every body.....i have created 2 users say x , y
and i have assigned them general ledger responsibilty.....
.at site level profile Gl set of books name is vision operation..
.now i have assigned Gl set of books profile to user x at user level
as vision china...and to user y as vision germany.....when i login with
different user name with gl responsibilty ......after navigating
to----journal-->enter--->new journal----for both users iam getting the
same currency which is at sit level...i thought for x user the currency
will be china currency
and for y user it will be germany curreny which i hav assigned at user level....
please help me regarding this.......
thanks and regars
imranHi,
i have assigned it at user level then why iam i
getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
Thanks,
Hussein -
Unlocking OID User Through OIM
Hi all,
I am testing an OID User Process task in OIM which can be run on a user's OIM account and unlock a locked user in OID
However, I am getting the following error after executing the task:
ERROR 11:54:51,375, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,376, RMICallHandler-113 XL_INTG.OID - ERROR in OID:com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:modifyAttributesReplace(S,A) NamingExceptionUnable to add attributes of the object
ERROR 11:54:51,376, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,376, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,376, RMICallHandler-113 XL_INTG.OID - [LDAP: error code 53 - Account Policy Error :9051: GSL_ACCOUNTUNLOCK_EXCP : Only Modify-add allowed on orclpwdaccountunlock attribute. Modify-delete and Modify-replace are not allowed.
ERROR 11:54:51,376, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,377, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,377, RMICallHandler-113 XL_INTG.OID - ERROR in com.thortech.xl.integration.OID.tcUtilOIDUserOperations:modifyUser(S,S,S,S) NamingExceptionError while connecting to target
ERROR 11:54:51,377, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,377, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,377, RMICallHandler-113 XL_INTG.OID - com.thortech.xl.integration.OID.util.tcUtilLDAPOperationsNamingException[LDAP: error code 53 - Account Policy Error :9051: GSL_ACCOUNTUNLOCK_EXCP : Only Modify-add allowed on orclpwdaccountunlock attribute. Modify-delete and Modify-replace are not allowed.
ERROR 11:54:51,378, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,378, RMICallHandler-113 XL_INTG.OID - ====================================================
ERROR 11:54:51,378, RMICallHandler-113 XL_INTG.OID - com.thortech.xl.integration.OID.util.tcUtilLDAPOperationsNamingException[LDAP: error code 53 - Account Policy Error :9051: GSL_ACCOUNTUNLOCK_EXCP : Only Modify-add allowed on orclpwdaccountunlock attribute. Modify-delete and Modify-replace are not allowed.
ERROR 11:54:51,378, RMICallHandler-113 XL_INTG.OID - ====================================================
DEBUG 11:54:51,378, RMICallHandler-113 XL_INTG.OID - com.thortech.xl.integration.OID.tcUtilOIDUserOperations:modifyUser(S,S,S,S) Returning with code: INVALID_NAMING_ERROR
I am using the adapter adpOIDMODIFYUSER to update the orclpwdaccountunlock attribute to 1.
Not sure if this is a correct method. Any ideas would be appreciated :)Bbagaria: OIDDAS is not enabled in our environment. However, I can unlock the user in OID using ldapmodify
ldapmodify -p 636 -h **** -D "cn=orcladmin" -w *** -v -f /home/oracle/unlock.ldif
dn: cn=JENZO,ou=***,dc=***,dc=***,dc=***
changetype: modify
add: orclpwdaccountunlock
orclpwdaccountunlock: 1
Rajiv: I did try that. Same results unfortunately. -
Hello All,
I need to programmatically assign roles to user and want to give some authorization at runtime..
please suggest me which function module to use ..
please help me asap
thanks,
jigs
helpful answers wil lbe rewardedHi all,
Thanks for the reply.
But i want to add one role to user not profile.
i got one bapi BAPI_USER_ACTGROUPS_ASSIGN, this bapi does work...
but actually deletes previous roles and then assign new one.
is there any fm which will add role to user without deleting existing role.
thanks,
jigs -
How To Assign Role To User Programatically?
Hi,
We Need Code to Assign Role To User In JSPDynapage.
Thanks
SubbaRao ChintaHi SubbaRao Chinta,
See http://help.sap.com/saphelp_nw70/helpdata/EN/7d/003c41325fa831e10000000a1550b0/frameset.htm and the corresponding JavaDoc: http://help.sap.com/javadocs/nw04/current/um/com/sap/security/api/IRoleFactory.html
Hope it helps
Detlev -
How to reconciile AD group user to OIM
Hi experts,
I need to write scheduled task to perform reconciile AD group user to OIM.
I did search on forum I got useful thread:
Reconcile AD group users to OIM Organization
If provide some steps to do this ,it will be helpful for me.
ThanksFor detailed information , look at the MS AD user management connector. The connector comes with scheduled tasks. All you need to specify is from which group users have to be reconciled.
http://download.oracle.com/docs/cd/B31337_01/doc.901/b31119.pdf
Read the documentation from above link to get more information. -
Ora-human-intervention How to assign it defined user
Hi All,
I am working on fault handler framework in SOA composite. In fault-policies.xml, there is option to assign it for human intervention if any fault has been occured using below tag
<Action id="ora-human-intervention">
<humanIntervention/>
</Action>
But here there is no option, to which user you want to assign it. By default it is assigning to weblogic user(Administrator). Is there any way to assign it on run time. Means for some exceptions i want to assign it to user A and for some other i want to assign it to User B. Fault handler user names will be available in My bepl process.
Please help
Regards,
SunilHi:
I think that ora-human-intervention is at the Enterprise Manager level.
So even if u want to assign it to an specific user, u will still need to enter to the EM, and manage the manual recovery from there. IS that what u r looking for?
Or u are expecting a user to enter to the Worklist and manage this type of errors from there?
thx
best -
Hi All,
I have created one variant. i want to assign this variant to one user.
Could you guide any one.
Thanks
Krishnahi kumar,
Screens variants are generally used in simplifying the screens.
When you run a transaction you can provide values to fields in advance.
Or, you can hide and change the ready-for-input status of fields
A screen variant can hold field values and properties for a single screen. You can assign screen variants to transaction variants. For this you use SHD0 transaction.
For example, you want to permit certain users to view blocked invoices, but you do not want them to release. There is a transaction MRBR that shows all the blocked invoices, but this transasction also shows gives options and icons to permit release.
In order to remove such option of release together with that icon, you can create screen variant and assign to this transaction MRBR. In this screen variant you hide the option of release. The screen variant can be assigned to those users.
Field Status variants (FSV)are associated, generally with the GL accounts where control which field to be displayed, available for change etc when that GL is called.
FSVs are not available for any screen. Screen variant are available for all screens and transaction.
assign me the points....
Ranjit
Maybe you are looking for
-
Yay! Another post from me! I've got an if statement in a bean that seems to be processing fine when I create a test java class, but doesn't work fine when the bean is invoked by a jsp. My code, let me shows you it: First, the test class: package com.
-
Japanese JIS encoding conversion in Linux
My program reads in a japanese data from MySQL database which the data is stored in UTF-8 and convert it into EUC-JP encoding in Linux and finally write it into a Text File. However, when I open the Text File, the contents have been garbled. I do not
-
All was well until today. But whenever I start the app i get a warning from the iTunes Setup Assistant: The Registry settings used by the iTunes drivers for importing......Please reinstall iTunes Yesterday my pc (OS Windows7) 'lost' my CD/DVD and I h
-
Hi, I have installed Business Objects Enterprise XI 3.1 SP5 and SAP Integration Kit XI 3.1 SP5 (server install) on a Windows Server 2003 server for a customer. Both installations completed successfully. I've also installed Crystal Reports 2008 and th
-
i have a 10.6.8 mac os x system in a intel processor computer. how can I addressbook contacts to icloud. I tried exporting my import my addressbook and failed, then exportind a vcard from all contacts and failed and finale only one vcadr and failed.