It's posible the OID role Provisioning With OIM?

Hi experts,
I'm installing and configuring the OIM connector for OID. However I've found on the installation guide the next 'warnings':
- Reconciliation of roles is supported only for ODSEE and Novell eDirecotory target systems.
- Provisioning of roles is supported only for ODSEE and Novell eDirecotory target systems.
then my question is: how can I provision OID roles to any user using OIM??? If I can't do role provisioning to OID, I cant see so much utility for this connector.
My request its to provisioning roles that I've created on OID, using OIM interface.
Has anyone done this?
Thanks for you time.
regards.
Edited by: Daniel Cermeño on Sep 10, 2012 4:39 PM

Hi Leoncio and Gyanprakash,
Tanks for your response, thats make me feel more quiet.
I have still one question about this. In the installation and configuration guide says:
- If you are using the default connector configuration, for every group in the target system, create a corresponding organizational unit (with the same group name) in Oracle Identity Manager. This ensures that all groups from the target system are reconciled into their newly created organizational units, respectively.
- You can also configure the connector to reconcile the groups under one organization.
Then, when I run the reconciliation of OID groups in OIM. I obtain one organization with one resource representing my OID group. Or, if I prefer, I obtaion one organization with many resource that represents all my OID groups. However, I dont find how to provision this resources to my OIM users, cause I need that one user be part of one o more groups. If I put the user in the organization that represent my OID group, how I can provision more groups?
Furthermore, the reconciliations of OID groups creates resources/organizations, but in my understending this no create OIM roles isn't?
I'm sorry for my ignorance. This maybe is a trivial question, but I hope you can clarify this concepts to me.
Thanks for your time.
regards.
Edited by: Daniel Cermeño on Sep 11, 2012 8:08 AM

Similar Messages

  • OID manual provisioning from OIM

    Hi,
    while provisioning users in OIm and giving them certain entitlements, when I provision a user with OID It resource,it gets added to OID automatically. I want to do this provisioning manually....that is approval based
    The goal is to give required access to a new User in the system by following standard approval process and manual creation of the user in respective target systems
    how this can be achieved
    following reports need to be generated:
    •     User creation was approved/rejected by Manager.
    •     User creation was approved/rejected by Manager.
    •     User creation was approved/rejected by Manager.
    Edited by: Chhavi Saluja on Jan 31, 2010 10:17 PM

    The user in your it resource, do you have it lowercase? Also, does the user exist in your target?
    -Kevin

  • Please help:  Simple AD Provisioning with OIM issue

    Hi everyone,
    Hopefully someone can lend a helping hand. I am trying to provision to AD, but I am getting the following error:
    16:21:50,937 INFO [STDOUT] Running Get Attribute Map
    16:21:51,500 INFO [STDOUT] Running Get Path
    16:21:51,546 INFO [STDOUT] Running Create User
    16:21:51,609 ERROR [ACTIVEDIRECTORYCONTROLLER] Problem creating object: javax.na
    ming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data 0, best match of:
            'DC=HappyGoLucky,DC=com'
    ]; remaining name 'cn=Jeff Chang'
    I have imported all XML files and copied the necessary jar files to the xellerate\javatasks and xellerate\ext folders. Additionally, I fully configured the IT Resource (AD Server) and successfully compiled the adapter via Adapter Manager. FWIW, I tested my IT Resource settings in Softerra LDAP Browser successfully. I am NOT using any type of approval workflow. The failure message occured after I created an Xellerate User and tried to provision a new AD resource. The IT Resorce is using dc=happygolucky,dc=com as the root context (which means it should provision to cn=users,dc=happygolucky,dc=com) and I am not using SSL.
    I am using JBoss 4.02, Windows Server 2003, and Oracle DB.
    Any help would be greatly appreciated.
    Thanks,
    Jeff Chang
    Message was edited by:
    user555460

    I don't think AD Server Cert to the Java keystore is required.
    Anyway, besides that - I can tell you 1 problem. remaining name 'cn=Jeff Chang' is the problem area. Your remaining name should be something like cn=Jeff Chang, ou=WhateverOu,DC=HappyGoLucky,DC=com .
    If you are able to add a user with the same credentials via LDAP Browser, this should work. I can even share a piece of code for doing the same:
    public String createUser(String cnvalue, String fname, String lname, String treevalue){
              String rtnval="EXECUTION_SUCCESS";
              String treenodevalue="ou=WhateverOu,DC=HappyGoLucky,DC=com";
              if(treevalue!="")
                   treenodevalue=treevalue;
              try {
                   BasicAttributes attrs      = new BasicAttributes();
                   BasicAttribute ocs           = new BasicAttribute("objectClass");
                                                 ocs.add("top");
                                                 ocs.add("person");
                                                 ocs.add("rajnishbhatia19Class");
                   attrs.put(ocs);
                   attrs.put(new BasicAttribute("cn", cnvalue));
                   attrs.put(new BasicAttribute("sn", lname));
                   //attrs.put(new BasicAttribute("displayName", fname+" "+ lname)); // I named this custom attribute - your schema might not have it.
                   String fulldn="cn="+cnvalue+","+treenodevalue;
                   getContext().createSubcontext(fulldn, attrs);
              catch (Exception ex) {
                   rtnval="ERROR: "+ex.getMessage();
                   ex.printStackTrace();
                   return rtnval;
    I am also using this code on JBoss 4.02, Windows Server 2003, and Oracle DB environment. I have used this code to create user in Sun One DS & ADAM. I'm sure it should be consistent for AD as well.
    Hope this helps.

  • Google Apps Provisioning with oim error

    Hi All,
    While I was doing the provisioning of Google apps by creating new user in oim I got this error:
    " java.lang.NoClassDefFoundError: com/google/gdata/client/appsforyourdomain/UserService "
    but have I copied the 4 jars into the ThirdParty dir.
    1.gdata-appsforyourdomain-1.0.jar
    2.gdata-core-1.0.jar
    3.gdata-client-1.0.jar
    4.google-collect-1.0-rc1.jar.
    Please suggest any solution regarding this error.
    -Ashish

    set in class path then try once, it will work.
    I think it is an OIM Bug. I did the below mentioned steps to resolve the issue:
    1.Remove all the jars (from database third party as well using “DeleteJar.sh”)
    2.Add all the four jars into the classpath and with the same window start Managed Server.
    Edited by: User 247 on Feb 9, 2012 10:29 PM

  • Provisioning with OIM

    I want to get started with basic provisioning activities. Already have OIM 11gR2 and Jdev, AD installed.
    I am looking to some basic getting started activities with Provisioning. Please suggest urls, or resources to get started.
    Thanks

    Download AD connector(activedirectory-11.1.1.5.0.zip) from below site and follow connector doc for further steps.
    http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
    Find below link for OIM developer guide
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/toc.htm

  • Upgrade OID for use with OCS?

    Hi all,
    we run Oracle Application Server 10.1.2.0.0, and we received a request to have the OID of our system used by applications build with Oracle Collaboration Suite 10.1.2.3.
    1. In general: Is it possible to run OCS 10.1.2.3 apps against the OID of an AS 10.1.2.0.0 installation?
    2. Is there any upgrade path from the OID which comes with AS 10.1.2.0.0 to the OID included in OCS 10.1.2.3 and AS 10.1.2.0.2?
    3. Unfortunately, there seems to be no way to upgrade the complete AS 10.1.2.0.0 to 10.1.2.0.2. If so, what would be the preferred way to upgrade at least the OID to 10.1.2.1.0?
    Thanx in advance for your comments on this issue.
    - Thomas

    To answer Q3) the upgrade path from 10.1.2 is to use 10g Release 2 (10.1.2) Patch Set 1 (10.1.2.1.0) ). From the patch set notes
    This patch set is not a complete software distribution. You must install this patch set over one of the following existing installations:
    * Oracle Application Server 10g Release 2 (10.1.2.0.0)
    * Oracle Application Server 10g Release 2 (10.1.2.0.1) Standard Edition One
    Functional wise 10.1.2.1 is the same as 10.1.2.0.2
    regards,
    --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • How to test the OID IT Resource connection

    Hi,
    I am trying to test the connectivity of the OID IT Resource in OIM. Could somebody help me in knowing how to test the connectivity of the resource.
    Regards,
    Nitin

    Hi Suren,
    I am not using any Ldap browser. I am using Oracle Directory Manager.
    I tried giving the following value in my searchfilter (objectclass=top)(cn=HPOONIA).
    But I am getting the following errors :
    Parameter Variables passed into com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:tcUtilLDAPOperations(): Login Variables are:: are sServerName = 129.146.14.92, sPortNo = 389, sPrincipalDN = cn=orcladmin,cn=Users,dc=csc,dc=com, sProviderURL = ldap://129.146.14.92:389,
    INFO,09 Apr 2010 04:40:09,317,[XL_INTG.OID], Parameter Variables passed into com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:tcUtilLDAPOperations(): Login Variables are:: are sServerName = 129.146.14.92, sPortNo = 389, sPrincipalDN = cn=orcladmin,cn=Users,dc=csc,dc=com, sProviderURL = ldap://129.146.14.92:389,
    DEBUG,09 Apr 2010 04:40:09,318,[XL_INTG.OID], Parameter Variables passed into com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:tcUtilLDAPOperations(): Login Variables are:: for isSSLEnabled = false
    DEBUG,09 Apr 2010 04:40:09,318,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : tcUtilLDAPOperations():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : processChange():: STARTED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : checkEmpty():: STARTED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : checkEmpty():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : checkEmpty():: STARTED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : checkEmpty():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,322,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : getSearchAttributes():: STARTED
    DEBUG,09 Apr 2010 04:40:09,323,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : getFieldMappings():: STARTED
    DEBUG,09 Apr 2010 04:40:09,323,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : getSearchAttributes():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,323,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : connectToAvailableOID():: STARTED
    DEBUG,09 Apr 2010 04:40:09,323,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : hashTableEnv():: STARTED
    DEBUG,09 Apr 2010 04:40:09,335,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : hashTableEnv():: FINISHED
    INFO,09 Apr 2010 04:40:09,335,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : connectToAvailableOID() : SSL option is not selected in ITResource
    DEBUG,09 Apr 2010 04:40:09,348,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : connectToAvailableOID():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,348,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : doReconSearch():: STARTED
    DEBUG,09 Apr 2010 04:40:09,349,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : isPagingSupport():: STARTED
    DEBUG,09 Apr 2010 04:40:09,353,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : isPagingSupport():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,353,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch():: STARTED
    DEBUG,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : Parameter Variables passed are: pSearchBase = [cn=Users,dc=csc,dc=com], pFilterExpression = [(&(objectclass=top)(cn=HPOONIA)(modifyTimestamp>=19000101010001Z))], pIsRelative = [true], pAttrNames = [[Ljava.lang.String;@3250b1]
    INFO,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : Parameter Variables passed are: pSearchBase = [cn=Users,dc=csc,dc=com], pFilterExpression = [(&(objectclass=top)(cn=HPOONIA)(modifyTimestamp>=19000101010001Z))], pIsRelative = [true], pAttrNames = [[Ljava.lang.String;@3250b1]
    DEBUG,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : javax.naming.directory.SearchControls@14fa707search controls**********************
    DEBUG,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : count limit**********************
    DEBUG,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : subtree scope**********************
    DEBUG,09 Apr 2010 04:40:09,354,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : setting returning attributes if NOT NULL**********************
    DEBUG,09 Apr 2010 04:40:09,370,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : DID NOT FIND ANY RECORDS after Modified Time Stamp
    DEBUG,09 Apr 2010 04:40:09,370,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : parseControls():: STARTED
    DEBUG,09 Apr 2010 04:40:09,370,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : getControlInstance():: STARTED
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : getControlInstance():: FINISHED
    INFO,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : parseControls() : >>Next Page
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : parseControls():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : cookie: [B@5eef81
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : cookie length : 0
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch() : Total No Of Records are reconciled are = 0
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP():: STARTED
    DEBUG,09 Apr 2010 04:40:09,376,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP() : Closing initial directory context
    DEBUG,09 Apr 2010 04:40:09,380,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : pagingReconSearch():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : doReconSearch():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP():: STARTED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP() : Closing initial directory context
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.util.tcUtilLDAPOperations : disconnectFromLDAP():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : processChange():: FINISHED
    DEBUG,09 Apr 2010 04:40:09,381,[XL_INTG.OID],com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation : execute():: FINISHED
    Please help.
    Regards,
    Nitin

  • Integrating HPOO with OIM

    Hello,
    I am working on a new project and there is an initiative to integrate with HP products.
    One product is on the list to integrate with OIM. It's HP Operations Orchestration (HPOO).
    Has anyone done an integration with HPOO?
    What is the advantage to integrate with this tool?
    Thanks
    Khanh

    Normally we have connectors to integrate any tool with OIM. For HPOO, I don't think any connector is available. You can see all connectors here:
    http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
    OIM can manage life cycle of identities on the tools integrated with it. You can contact oracle support.oracle.com, if they have connector for this, else you need to develop custom connector for HPOO. You can refer links here for connector development:
    http://docs.oracle.com/cd/E10391_01/doc.910/e10374/cnnctrs.htm#BABGHHGE
    OIM - Custom connector
    regards,
    GP

  • Provisioning with roles

    Question for everyone. We are switching over some of our code base to do resource assignment with roles. Previously this was done through our workflow. I have a few basic (I hope) questions about resource provisioning with roles.
    1. I assume that the account doesn't get actually provisioned until a provisioning service is called right? Just the assignment of the role itself doesn't kick off a provisioning service?
    2. Do you advise setting attributes within the role itself either through a rule or static variable. The reason I ask this is because we have several attributes that get set only when we are going to provision that resource. They are globals for the most part. A perfect example of this would be the domain account ID. We are still trying to set the attributes in the workflow and it seems that this is giving us some headaches.
    Thanks!

    Hi,
    Once a role is assigned to a user the provisioning workflow is not commenced until those changes are saved. If you use the administrator interface you must first edit the user, then assign a role, save the changes and commit those changes either via the 'Save' or 'Save in backgound' buttons. On the changes are committed then the workflow will provision the user in the resources as defined in the role.
    It is advisable to use the attribute setting within the role rather than the workflow. You can however call rules from within the role to provide a greater level of flexability if that is required. See [Understanding and Managing Roles|http://docs.sun.com/source/820-2954/IDM_admin_roles-and-resources.html#wp1081754] for more information
    Hope this helps

  • How to map the bulk users with the required  roles in portal at one time

    Hi,
    Would anyone tell me how to map the bulk users with the required roles in portal at one time?

    Thanks for all the reply.
    <b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
    I tried the first option like
    [group]
    gid=
    gdesc=
    user=
    Thr problem with this is I could n't put more no of users in the notepad.
    I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
    I tried creating seperate notepad but in Import it says "exists"
    I'm not sure about LDAP. Would anyone explain me the best approach to do this.

  • Proble with the Standard role(eu_role)

    Hi All,
    I am facing some problem with Standard Role(eu_role). Actually i copied the standard role from the path
    Portal Content -> Content Provided By SAP -> End user content -> Standard Role and pasted it in Portal Content itself, when i am trying to assign the copied eu_role to the user in User Administration the copied role is not getting displayed in "Available Roles".
    Can any one help me out to solve this problem.
    Thanks & Regards,
    Ramesh.

    I did not find any radio buttons as you said beside the reply
    select radio button whose answer resolved your issue.
    Solved problem (10)
    Very helpful answer (6)
    Helpful answer (2)
    Thanks & Regards,
    Ramesh.

  • Need to build the security roles (actual technical roles) with HRCON object

    I need to build the security roles (actual technical roles) with HRCON objectfor date driven security.
    Please help me that how could i learn and what should be the approach.
    i.e. What is the requirement for learing to build the security roles (actual technical roles) with HRCON object for date driven security.

    Hi marco,
    It is related to Context solution and I need to implement HR Security in terms of context solution.
    So Could you please describe Following points:
    1. What is context solution
    2. How can i implement this context solution and HR Basic security as well
    3 What is the prerequiest to learn about HR security
    4. I am new for HR Security, SO what would be the approach to implement HR Security.
    Thanks

  • If client uses all the APO modules along with ECC then what is the CIF role in DP

    Hi All,
      As per my knowledge if the client is using only SAP ECC and DP then CIF does not play any role but what about if client uses all the APO modules along with ECC then what is the CIF role in DP ?
    Thanks in advance ..

    Hi Vinod,
      i am aware all the above details what u mentioned.
    Generally  i am extracting the historical data from Excel to BI in DP- @ my project.
    But if the data is in SAP ECC then do we need to use CIF to extract the data to BI in DP... so what is the role of CIF in DP if client uses only DP module? and if the client uses all the APO modules then what is the role of CIF in DP especially ?....awaiting for ur response....
    Thanks.

  • Comparison Required for the large role with multiple profiles

    Hello,
    We are small SAP team of only several people. I have created a large functional role for our functional person. Everything was fine for a while, but now whenever I need to add/remove code from the role and push it over to production I get an unusable role (in red) and some type of "Comparison Required" message.  I am not sure how to do this Comparison so I have to remove this role (and underlying profiles) from user than add it again to the user's profile.  This fixes the issue of an unusable role, but raises auditing questions.
    I tried to address the issue via transaction SUC but it seems I am not using it properly.  Please, advise.
    Thanks in advance
    Galina

    Yes you should schedule it at least once a day, in my systems it's running around midnight.
    Use transaction PFUD or schedule a background job with one of this reports:
    PFCG_TIME_DEPENDENCY (this is the old report)
    RHAUTUPD_NEW (this is the new version of report) <- I'm using this in R/3 4.7 and Netweaver 7.0
    Short text
    User Master Data Reconciliation
    Description
    This report runs the user master comparison for roles you have selected. For single roles you can also start the user master comparison in transaction PFCG.
    You can either execute it with the single processing types in dialog mode or schedule it as a complete reconciliation in the background.
    To run only specific processing types in the background, schedule a variant of program RHAUTUPD_NEW.
    You can choose the following processing types:
    Profile Comparison
    />: Start the profile comparison directly after the profiles have been generated or imported. Provided you are using time-dependent role assignments, we recommend you schedule daily background jobs. The authorization profiles will then be reconciled with the user master data. Profiles no longer current will be deleted from the user master records and the current profiles will be entered.
    Composite Role Comparison : Start the composite role comparison, if you want to make changes to a composite role definition  (that is, add to or delete single roles from a composite role) or if you want to import a change. Single role assignments will then be reconciled with the composite role assignments for the user. If you want to include single roles in the composite role, the single roles are assigned to those users who are assigned to the composite role. Conversely, the single roles assigned to users are deleted, if the single role is removed from the composite role.
    HR Comparison : Start the HR comparison, if you want to make changes to the HR Org Model, which affect the indirect role assignment. You can only select this processing type, if HR Org is active. The switch HR_ORG_ACTIVE in table PRGN_CUST must be set to YES.
    Cleanups: Carry out a cleanup, if  you want to generate or import profiles. Generated profiles that do not have any roles are deleted.
    Further options:
    Issuing error messages: In dialog mode all error mesasges are displayed on the screen.
    Replicating local HR assignments centrally (You can only select this option, if this client is an active child system of a CUA group and HR org. Role assignments in the child system that have arisen from links in the local HR Org model are replicated for information in the central system
    Thanks,
    Adrian

  • List of Portal users with the assigned Roles.....

    Hello All,
    I am working on EP6 SP9 and want to know from where can I get a list of all Portal users along with the assigned roles for each of them.
    One way I found is by searching for all users in User Administration role and along with the searched users, there is also an icon for Assigned roles.
    Apart from the above mentioned way, is there any other way by which I can get a direct list of the same. Is there a Java sample code for this.....?
    Please help.
    Awaiting Reply.
    Thanks and Warm Regards,
    Ritu R Hunjan

    Hi Ritu,
    Yes it is possible to get the roles of the users. You can try the following java code.
    package com.hcl.user;
    import java.util.Iterator;
    import java.util.Vector;
    import com.sap.security.api.IRole;
    import com.sap.security.api.IRoleFactory;
    import com.sap.security.api.IRoleSearchFilter;
    import com.sap.security.api.ISearchResult;
    import com.sap.security.api.IUser;
    import com.sap.security.api.IUserAccount;
    import com.sap.security.api.IUserFactory;
    import com.sap.security.api.UMFactory;
    import com.sapportals.portal.prt.component.AbstractPortalComponent;
    import com.sapportals.portal.prt.component.IPortalComponentRequest;
    import com.sapportals.portal.prt.component.IPortalComponentResponse;
    public class role_member extends AbstractPortalComponent {
    public void doContent(
    IPortalComponentRequest request,
    IPortalComponentResponse response) {
    try {
    IUserFactory userfactory = UMFactory.getUserFactory();
    IRoleFactory rolefactory = UMFactory.getRoleFactory();
    IRoleSearchFilter rolefltr = rolefactory.getRoleSearchFilter();
    rolefltr.setMaxSearchResultSize(2000);
    ISearchResult result = rolefactory.searchRoles(rolefltr);
    while (result.hasNext()) {
    response.write("<table border=0>n");
    String uniqueid = (String) result.next();
    IRole role = rolefactory.getRole(uniqueid);
    response.write("<tr><td bgcolor=Red>"+ role.getDisplayName()+ "</tr></td>n");
    Iterator users = role.getUserMembers(true);
    while (users.hasNext()) {
    String unique_user = (String) users.next();
    IUser user = userfactory.getUser(unique_user);
    IUserAccount account[] = user.getUserAccounts();
    response.write(
    "<tr><td>" + account[0].getLogonUid() + "</tr></td>n");
    response.write("</table>n");
    response.write("</br>n");
    } catch (Exception e) {
    This code gives you the list of all the users of your portal along with the roles assigned to them.
    Apart from this if you want you want to know all the roles assigned to the user on portal itself then the way you mentioned is the correct method.
    Regards
    Pravesh
    PS: Please consider awarding points.

Maybe you are looking for

  • 5800 Contacts problem

    Whenever i create a new msg and select one particular contact and when i search for another contact which "exists" in my list.. It doesn't appear at all !!!!.. Is this prob might be cos of sim-card? I had this prob quite recently and not on the day o

  • Order cannot be placed using "Create sales order" fiori app

    We have setup "create sales order" fiori app and tried to place a order. We encountered with the error saying "In the context of Data Services an unknown internal server error occured" whilst clicking "Checkout" button. We looked up Error log and fou

  • IS my TimeMachine backing up properly?

    How can I be sure my TM back-up is "working" properly?  I need to do a bootable clone and want to verify my data is safe and backed up before beginning the process. I  opened the folders in my TM backup. When I open the iPhoto on the back-up, it open

  • How can i open a pdf in safari without the screen turning black?

    How can I open a PDF in Safari without the screen turning black?

  • My iCloud pane froze.

    I can't close iCloud. Nor can I shut down my iMac using the Apple menu. When I cut off/restart the electricity I get back to the same problem. How do I get out of this vicious circle?