Manager for a user object during reconciliation

Similar Messages

• Connection for added/updated objects during export and import

  Hi,
  Plz help me..
  During export and import of updated/added objects to production,
  do we need to create the dataservers manually or else how can it be managed for an existing object???
  Thanks..

  eg AD_CTX_DDL
  APPS_ARRAY_DDL
  APPS_DDL
  ORA-20000 APPS_DDL/APPS_ARRAY_DDL package(s) missing or invalid in schema CTXSYS (Doc ID 944150.1)
  CS_KB_CTX_PKG. I think these are packages.Run the following scripts from $CS_TOP/patch/115/sql directory:
  cskbdstb.pls
  cskbdsts.pls
  Also I am missing certain privileges on packages given to system and application users by sys eg DBMS_SHARED_POOL. I have already executed adgrantsHave you run recreate grants and synonym from adadmin?
  Thanks,
  Hussein

• Change Reference Attribute - "Manager" for multiple users

  Hi,
  I have a scenario in which I have to create a workflow to change a reference value attribute - "Manager" for multiple users in one go. Is it possible to achieve this with workflow. If yes, then how?
  Regards,
  Manuj Khurana

  Hello,
  not out of the box, since in workflows and custom activities you can only access the reqestor and target object direcly.
  But you can develop your own custom activity that fits you need, or do it with powershell custom activity.
  I did a very similar thing, to be able to change users group membership from the user UI, so I have also edit objects other then requestor and target in a workflow.
  Since both (manager and member) are reference attributes you maybe find this article helpful:
  http://social.technet.microsoft.com/wiki/contents/articles/19615.fim-2010-r2-how-to-manage-group-membership-from-the-user-ui.aspx
  I used this powershell activity in my solution:
  http://fimpowershellwf.codeplex.com/
  Regards
  Peter
  Peter Stapf - ExpertCircle GmbH - My blog:
  JustIDM.wordpress.com

• ArgumentError: Items must support IManaged. See [Managed] for more information: object: "profile1"

  Hi
  I am trying to retrieve data from my database as an object
  that I have created using JDBC. However I get the following error:
  ArgumentError: Items must support IManaged. See [Managed] for
  more information: object: "profile1"
  at mx.data::ConcreteDataService/
  http://www.adobe.com/2006/flex/mx/internal::normalize()[C:\depot\flex\branches\enterprise_ bridgeman\frameworks\mx\data\ConcreteDataService.as:2595
  at mx.data::DataList/
  http://www.adobe.com/2006/flex/mx/internal::processSequence()[C:\depot\flex\branches\enter prise_bridgeman\frameworks\mx\data\DataList.as:1597
  at mx.data::DataList/
  http://www.adobe.com/2006/flex/mx/internal::processSequenceResult()[C:\depot\flex\branches \enterprise_bridgeman\frameworks\mx\data\DataList.as:1788
  at
  DataListRequestResponder/result()[C:\depot\flex\branches\enterprise_bridgeman\frameworks\ mx\data\ConcreteDataService.as:5857]
  at
  mx.rpc::AsyncRequest/acknowledge()[E:\dev\3.0.x\frameworks\projects\rpc\src\mx\rpc\AsyncR equest.as:74]
  at
  NetConnectionMessageResponder/resultHandler()[E:\dev\3.0.x\frameworks\projects\rpc\src\mx \messaging\channels\NetConnectionChannel.as:469]
  at
  mx.messaging::MessageResponder/result()[E:\dev\3.0.x\frameworks\projects\rpc\src\mx\messa ging\MessageResponder.as:199]
  Thanks

  This problem arises if you do not have the matching AS file
  for the java file you are trying to access.

• User status during reconciliation

  Hi All,
  I have configured AD connector for reconciliation and it is working fine. Also I have created Resource Object, Process Definition and form for multiple resources of AD, during reconciliation when event is linked user status is set to 'Provisioning' instead of 'Provisioned' as per the default functionality and during the successive recon the status is changed to 'Enabled'.
  Can any one please tell me what configuration might be missing due to which the status is set to 'Provisioning' at first time.
  Any pointers in this regards will be appreciated.
  TIA

  After successful target source recon, the status should be 'Enabled' or 'disabled' depending on the user account status in AD. Can you look at the tasks that are executed when the status is set to 'provisioning'? Which task fails? what is logged in the logs? Could be that 'Get ObjectGUID' task is not completed and it completes before the next run of the scheduler, which is why it works fine in second run.

• Deleting IDM user accounts during reconciliation

  Hello All,
  We have an authoritative data source which is a MySQL database. I have loaded all the users from the DB into IDM. What I want to know is can we delete the user in IDM when the user account is deleted from the MySQL database?
  How can I achieve this during reconciliation?
  Any help would be highly appreciated.
  Thank you very much.
  Vamsi

  I think you need to use the per account workflow, which is part of the recon policy. It should be something like:
  <Extension>
  <WFProcess name='UC2 ORA Per Acct Workflow' title='UC2 ORA Per Acct Workflow'>
  <Variable name='userName' input='true'/>
  <Variable name='accountId' input='true'/>
  <Variable name='loginApplication' input='true'/>
  <Variable name='resource' input='true'/>
  <Activity id='0' name='start'>
  <Transition to='Sync Attributes'>
  <eq>
  <ref>initialSituation</ref>
  <s>AR_SITUATION_NAME_UNMATCHED</s>
  </eq>
  </Transition>
  <Transition to='Deprovision User'>
  <eq>
  <ref>initialSituation</ref>
  <s>AR_SITUATION_NAME_DELETED</s>
  </eq>
  </Transition>
  <Transition to='Disable User'>
  <eq>
  <ref>initialSituation</ref>
  <s>optional logic here</s>
  </eq>
  </Transition>
  <Transition to='Clear Task Results'/>
  <WorkflowEditor x='38' y='177'/>
  </Activity>
  <Activity id='1' name='Sync Attributes'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' name='Checkout User' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='checkoutView'/>
  <Argument name='type' value='User'/>
  <Argument name='id' value='$(accountId)'/>
  <Argument name='authorized' value='true'/>
  <Argument name='Form' value='UC2 ORA Per Acct Form'/>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  <Return from='WF_ACTION_ERROR' to='ERROR'/>
  </Action>
  <Action id='1' name='Checkin User Object' application='com.waveset.session.WorkflowServices'>
  <Condition>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Condition>
  <Argument name='op' value='checkinView'/>
  <Argument name='view'>
  <ref>user</ref>
  </Argument>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='259' y='7'/>
  </Activity>
  <Activity id='2' name='Deprovision User'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' name='Checkout User' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='checkoutView'/>
  <Argument name='authorized' value='true'/>
  <Argument name='type' value='Deprovision'/>
  <Argument name='id' value='$(accountId)'/>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  <Return from='WF_ACTION_ERROR' to='ERROR'/>
  </Action>
  <Action id='1' name='Select All Accounts for Deprovision'>
  <expression>
  <set name='user.resourceAccounts.selectAll'>
  <s>true</s>
  </set>
  </expression>
  </Action>
  <Action id='2' name='Checkin User Object' application='com.waveset.session.WorkflowServices'>
  <Condition>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Condition>
  <Argument name='op' value='checkinView'/>
  <Argument name='view'>
  <ref>user</ref>
  </Argument>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='308' y='241'/>
  </Activity>
  <Activity id='3' name='Disable User'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='disableUser'/>
  <Argument name='accountId' value='$(accountId)'/>
  <Argument name='doWaveset' value='true'/>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='390' y='387'/>
  </Activity>
  <Activity id='4' name='Clear Task Results'>
  <Action id='0' application='SET_RESULT_LIMIT'>
  <Argument name='limit' value='0'/>
  </Action>
  <Transition to='end'/>
  <WorkflowEditor x='351' y='104'/>
  </Activity>
  <Activity id='5' name='end'>
  <WorkflowEditor x='691' y='50'/>
  </Activity>
  </WFProcess>
  </Extension>
  Reg/Suveer

• Finding the finance manager for a user

  Hi,
  I have the user id of a user along with the O type, obj id and the department the person belongs to.
  Now how do I find out the finance manager for that person?
  Are there any function modules that can give us the finanace manager for that particular user based on the users o type, obj id and the department the person belongs to?
  Thanks and Regards,
  Mick

  Hello Mick,
  If you have clear rule to find the FI manager based on Org. object and structure, evaluation path is a one of solution.
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/c5/e4b2bb453d11d189430000e829fbbd/frameset.htm">http://help.sap.com/saphelp_erp2005vp/helpdata/en/c5/e4b2bb453d11d189430000e829fbbd/frameset.htm</a>
  Regards,
  Masa

• What is the password for 'oracle' user created during XE installation?

  Hi,
  What is the password for 'oracle' user automatically created when XE is installed?
  I installed XE on Linux and it's created under 'oracle' user, but I don't know 'oracle' password. So, I cannot stop TNS listener.
  During configuration, it prompted me to enter SYS and SYSADMIN password but it didn't ask me to enter 'oracle' user password.
  Please let me know or point me to the document.
  Thanks,
  N

  Hi Jari,
  I tried your suggestion, but it didn't work unfortunately.
  When I type (sudo su -oracle) as follows, it still prompts the password. When I hit Enter key w/o anything, it seems to proceed and the prompt shows up in the following line. So, I thought it was successful, but when I checked 'whoami', it's not logged in as 'oracle'.
  So, I created the password for 'oracle' and logged in as 'oracle' using a new password. Then, I stopped TNS listener to uninstall XE.
  It would be nice if it's documented in XE document somewhere... since it's created by XE installation, I assumed some kind of default password was used.
  Thanks,
  N

• Read group membership for a user object and populate every group with matching user from another domain

  I have LON\JSmith in LON domain and DEL\JimSmith in DEL domain
  I would like to extract group memberships of LON\JSmith in LON domain and append matching by email (i.e. DEL\JimSmith) user object in every group in LON domain.
  for instance
  LON\JSmith and DEL\JimSmith is the same person and has same email address [email protected]
  LON\JSmith belongs to 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey
  The outcome of the script should be
  LON\JSmith; DEL\JimSmith    should be in 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey.
  How can i do it?
  Navgup

  Hi Navgup,
  Please refer to the script below, to query users in other domain by specifying the parameter "-Server" in the cmdlet "get-aduser", and also note I haven't tested the script below:
  import-module activedirectory
  get-adgroupmember "group"|foreach{
  $email=(get-aduser $_.samaccountname -properties *).EmailAddress#get the user email
  Get-ADUser -filter {EmailAddress -eq $email} -properties * -server DomainB.company.com|select samaccountname, memberof}#filter user name and group with the email in other domain
  To get users across domain, please also refer this blog:
  Adding/removing members from another forest or domain to groups in Active Directory:
  http://blogs.msdn.com/b/adpowershell/archive/2010/01/20/adding-removing-members-from-another-forest-or-domain-to-groups-in-active-directory.aspx?Redirected=true
  I hope this helps.

• "Starting user manager for UID 120" loop during startup

  Hi guys,
  Recently after not turning on my computer for a week and a half, I got this issue when I start up. Basically after I load into Arch Linux, that message loops for like 12 times before the computer gets stuck at a random part of the boot process. I think it is a hardware issue but I am unsure. Here's a pic of it below:
  http://i.imgur.com/Qd1DgXP.jpg

  Mike:
  Welcome to Apple Discussions.
  If you have a new installation and you do not have any data to preserve, the easiest thing is to go back, reformat and erase HDD, then reinstall software. If you have data on it that is not backed up the do an Archive and Install.
  Please do post back with further questions or comments.
  Cheers
  cornelius

• Connection From Satellite System to Solution Manager for key users

  Hi All,
  Can anybody suggest which RFC connection/destination should be maintained in BCOS_CUST table under satellite system to connect to Solution Manager.
  1. SM_SSMCLNT010_TRUSTED
  2. SM_SSMCLNT010_BACK
  I don't want user to Login to solution manager while creating a support message. They should create a support messsage seamlessly from satellite system.
  Any help is greatly appreciated.
  Thanks...

  Thakur,
    Sorry for the cryptic answer back there - read it myself and it didn't make much sense to me either so here we go with the seamless way to allow users to create service messages.
    There are 2 ways to do this - 1 way is to use a connection like the 'BACK' connection but if you do this - all user tickets entered will have the username of the 'BACK' connection logon id as the message creator.  The other way is to use the trusted connection so the userid of the person logging the message is transfered with the created ticket.
    I will assume that you want to preserve the unique userid and use trusted connections. So here we go:
  Step 1 - Go into BCOS_CUST on the Satelite and put in your TRUSTED RFC Connection as the detination for the Service Messages - either use the one that Solman created when generating or make your own ABAP Trusted Connection.
  Step 2 - All users in Satelite and in Solution Manager need to have Authority Object S_RFCACL assigned to their userid's so they can use the Trusted RFC Connection (this is not in SAP_ALL or SAP_NEW).
  Step 3 - All users that will use this method of creating service tickets need both a userID and a BP with the respective system keys to allow them to enter tickets for those Satelites.
    That is all there is to it assuming that all issues with Trusted Connections have been worked through already (test this in SM59 by going to your 'TRUSTED' connection on the Satelite and execute the RemoteLogon button - you should be sent to the Solution Manager with out having to logon).
    If this answers your question, please set this message to answered.
  Edited by: David Milliken on Jan 25, 2008 1:55 AM

• SSO through the BOE repository manager for different user names.

  Hi all.
  I have a task to provide a SSO access from Portal to the Crystal reports, stored in the BO folder. 
  I've configured everything following the configuration guides, including:
  1. SSO by SAP Logon Ticket with the back-end system.
  2. System in portal SLD. Connection tests passed successfully.
  2. BusinessObjects Enterprise repository manager (BOErm) in KM.
  I've created  in the Portal a test user with the same name as in the back-end system. Everything works fine.
  But I SSO doesn't work if users are different.
  The problem is that production users have different names in the Portal and in the back-end system.
  I cannot find how can I configure user mapping for access reports through the BOErm.
  I changed the Logon Method in the portal system from SAPLOGONTICKET to the UIDPW but it didn't help.
  Seems like BOErm doesn't use the portal system at all and always connects to the back-end by SAPLOGONTICKET method.
  Can anybody help me to solve my problem?
  How can portal users access folders in the back-end system where they have different users names?
  Thank you in advance.
  Mikhail.

  Hi,
  just to clarify it a bit more.
  You have a SAP EP woth SSO to BO. Whats the Datasource ? R/3, BW, CRM ?
  Usually the names of the users are identical on the SAP EP and the Backend like BW.
  You just have to confiure SSO (like you did), import the roles from BW to BO, grant permissions on EP (that the users/roles can see the iView), grant permissions on BO (that the users/roles have access to the report) and you should be fine.
  Where is the mismatch of the Usernames ? Between SAP EP and Backend like BW ?
  SAPLOGONTICKET is the only authentication method you can use between SAP EP and BO
  Regards
  -Seb.

• Need to deny access to file manager for the user

  Hi
  I need to be able to deny access to the file manager, as I dont want my client deleting files. however, for some reason I have to allow him access to this as he needs to be able to upload files through InContext Editor (he needs to link pages to documents that are not on the server so he needs to upload them and to do this, I have to grant him access to file manager).  How can I get around this?  I dont want to have to reupload his site every time he deletes a file....

  Unfortunately it can't be done - access to the file manager allows deleting as well as uploading and at this point that cannot be changed.

• Setting up Remote Management for external users

  Hi All,
  We currently have a zenworks 10.3 environment set up and all appears to be working well on the LAN with regards to being able to remote control machines etc. We are now looking to expand the remote control to enable support staff to remote control machines outside of our LAN.
  From what I understand so far through reading the zenworks documentation, is that we would need some kind of proxy server setup in the DMZ that will listen for requests from the client device and forward these on to the agent. There will inevitably need to be firewall changes etc etc... but i guess my question is to you guys who I expect have set some this up in your own environments, is how have you guys gone about achieving this? Its evident that there may be more than one way to achieve this, but would be useful to know the correct way of doing this?
  I know the question is a little vague, but this is the first time we’ve looked into the remote management externally - and this is where all the knowledge is :)
  Thanks

  Martyu89,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Script to Grant Role for All User Objects.

  Hi DBAs,
  I have created a select_only role. I need a script to populate that role with all user_objects belonging to one person and eventually grant that role to another person. Perhaps a dynamic sql.
  Please help.
  Thanks
  -Samar-

  Samar,
  Please see if the following documents help.
  Note: 18080.1 - Script to Create Roles
  Note: 174138.1 - How to Tranfer all Roles and Grants to Another Database
  Note: 729428.1 - Script to create roles & apply grants from database A to B
  Regards,
  Hussein