Modify user roles through SPML?
Hi everyone,
I've been stuck for a few days now on trying to modify the assigned role of a user through SPML. I'll be brutally honest with everyone: I have no idea whatsoever of what I'm doing, I just gather information and try to chuck along.
Up to this point, I've been able to create users and search for users through SPML, and that's where everything falls down very rapidly. I'm using SPML 2.0 for creating users and SPML 1.0 for searching them.
The IDM server has a specific role implemented named ITACCESS, which launches a process that calls other servers and things like that once it is assigned to a user. My goal is thus to modify the "Roles assigned" value of a specific user to "ITACCESS", basically.
Am I wrong in thinking I can use SPML for this? What other ways of accessing the IDM server do I have available?
The server is configured with the regular spml.xml and spml2.xml (stock sample ones, not modified). I have tried simply sending an SPML 2.0 modifyRequest, but to no avail:
<modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='IDMConnector-01' executionMode='synchronous' returnData='data'>
<psoID ID='jlauwers'/>
<modification>
<dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='roles' operation='replace'>
<dsml:value>ITACCESS</dsml:value>
</dsml:modification>
</modification>
</modifyRequest>
===========================
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='IDMConnector-01'>
<pso>
<psoID ID='jlauwers'/>
<data>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
<dsml:value>spml2Person</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='accountId'>
<dsml:value>jlauwers</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
<dsml:value>LighthouseFakePassword</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='firstname'>
<dsml:value>John</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='lastname'>
<dsml:value>Lauwers</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
<dsml:value>[email protected]</dsml:value>
</dsml:attr>
</data>
</pso>
</modifyResponse>Any help would be gladly appreciated.
Thanks for reading
Hi everyone,
I have had some amazing help and have finally been able to resolve this issue.
For future reference:
There is no need to change any attribute mapping or anything complicated, the following code and XML demonstrates an example to change assign a new role to a user in Sun IDM:
LighthouseClient client = new LighthouseClient();
client.setUrl("http://idmserver:8080/servlet/rpcrouter2");
client.setUser("administrator");
client.setPassword("administrator");
ModifyRequest req = new ModifyRequest();
SpmlResponse modifyResponse = new ModifyResponse();
// enable server side trace
req.setOperationalAttribute("trace", "true");
// Set the objectclass
req.setOperationalAttribute("objectclass", "userview");
// Set the IDM Username
req.setIdentifier("user:someuser");
java.util.ArrayList al = new java.util.ArrayList();
al.Add("NewRole");
// Create, build and add a Modification to the request
Modification m = new Modification("waveset.roles", al);
req.addModification(m);
modifyResponse = client.request(req);
if (modifyResponse.getResult().Equals(SpmlResponse.RESULT_SUCCESS))
Log.append("Modification succeeded");
else
Log.append("Modification not completed");The following is the typical XML exchange:
<spml:modifyRequest xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'>
<spml:operationalAttributes>
<dsml:attr name='trace'>
<dsml:value>true</dsml:value>
</dsml:attr>
<dsml:attr name='objectclass'>
<dsml:value>userview</dsml:value>
</dsml:attr>
<dsml:attr name='session'>
<dsml:value>AAAFJgAAILoAAAUGH4sIAAAAAAAAAMVaW2+jOBh9n1+B1Ic8rdpcmklH6UiEkK41BBCEVtqXiBI36y0BxGVGmV+/BnLB2DFgHqZP6fkcn2Nsvpszt7P3/6CXSoF7gM8DeXdAAUrS2E3DeCDF0N0ZgX98HqRxBgdSUg7eoAMMs/R5MJ4+5H8DyQ/3KFiHu5c4zKLnwR1Y3s0mTxNlPBrLT8PJZDKefvvr61AdrR5m34aj4UxVV6uJMsPgajXD33eTVPY8mCT53M+D4Wgyefw6epg+PE1Hg+9fJGluxijwUOT6Sf4vBoxCiwU/pPQY4e84CcSS0a6kr62Etbz7GxMVo4qVVKbzvDALUok9Ldu4Q0nku0e9GOOArbxcA/3FMhxzKyuK4eibEuokJF+lxFXDG8GR5Niq1UPXK4K/pHILShkVgMP6CtS3groTmYZXVMydnNmqCIdOA/amoLPF+CQ8juYs0c4TFgbJCn1ITkngTYsp/t9ahqYKLElxI/cd+ShFNQmkoUmDIpvyAmhgA0REGPHeDdBvN0VhQKqoWZpkGNaLrIN/5A0wdAEdZugjr/4grmATu2loQBF6AHK2Qzfo66bG0+AsQR8pFkzCLPZqKipokwBLtQ3HUvpwS4WRreBia6tjW2AiaqjXsuULKfgqWhnFl7Xjc4T4/oT3XIXxgeY8oW14V4a17sZdRKE1TF0p/0TEpgraFKDW6kYuPomFRAcoYfCB9lRovBg6piI4TyoDjwMqOUgV7TKhgtO8FBLBm4A4T0exVHmjdg/gVCwVC6P46QV58soMITeMvNUYuq4qfQLJmbPuzGm8hQwhN35mojw5w9BCg5g/r3PVXPpNcwdBIo79wlv17TWwjYTOHv7MQTjdGtiCuLvrdaJd/dUmIF49YC6FXu0l9GGNkoA4lEtVU3tQguWaRXuFm6nxWBH6KA5/ogT7lxp/HecKMC3jFdjY5Qi408BHwSe5zVWIt826BvQfIpRukqB9UCMlQC6tbNvgRWCtauC+++T5IiAOqarLC03kfKGE4iQx3sYCW4zVgjkTQUpAHE4Lr3QtQGni7fsVxjt2Y+GWlSPExLv8ZlhLgYaC8q8b7KHEl9QwiOdT/5b1F7WPQBy9YNqgjz+Gu4O2uumjDhyiME6J00NAHG6wNg1rI+SFQo/yQleI74UMRcALyVHuYvN+F7Mvd8PKa8yZuRvOO2E5husOS94YHd9bnEicmS/nAGPSFeRtPE4uLiq6nscim6K4z1lWO/5zfiWkoZpr13VUbe204DxcTIZ8jULMHtdtO+9oXAOWeMfrnPSxVLFtLfLC3moYnUimqYUW0X5kNRsm+gQMQ8tUuXu34I/l6ba51qSyhD/TEhDvWGqa8bbNR+fde9XuRrzI/E/+dQJvBEfWwtF+9LhOKFib7zoahzUp7HnrUfAz+ic03iREtJNSPgG6zKPxxkchWPAVTIyqj8abFIjWf1WmehHItrVUIlQOnhjZNeENY7OeHtVheRRY9RrL0nhMhCu3ExtVqtJ4swaxorVgYhSQNN6kQLSULPefUU8yDI2Hgqos5/fkLfnciIqu50ng2o3KT+VnNUjjo/QJjzjY4CiTn0awHEg/XT/DhHc2jiX0Lf54OJ1N1YdRfouvPD4NF4+Lp/wWfzw7Pwdq8uLHATjh85FXJH8XCiU8HNxgJ2kowC9nkML4w/Xg5Xnen/TO7y/LmN+ffq/w/cv/lfR9TrogAACMAwenmPTYv5nNkZAnqXXTe+MZ/Q==</dsml:value>
</dsml:attr>
</spml:operationalAttributes>
<spml:identifier type='urn:oasis:names:tc:SPML:1:0#GUID'>
<spml:id>user:someuser</spml:id>
</spml:identifier>
<spml:modifications>
<dsml:modification name='waveset.roles' operation='replace'>
<dsml:value>NewRole</dsml:value>
</dsml:modification>
</spml:modifications>
</spml:modifyRequest>
========================
<spml:modifyResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#success'>
<spml:operationalAttributes>
<dsml:attr name='session'>
<dsml:value>AAAFJwAAILoAAAUHH4sIAAAAAAAAAMVaW2+jOBh9n1+BNA95WrW5tE1H6UiEkK41BBCEVtqXihK36y0BxGVGnV+/xuSCwbHBPEyf0vM5PsfYfDdn4Rav/8EgVyJ/Dx9G6m6PIpTlqZ/H6UhJob+zovDzYZSnBRwpWTV4i/YwLvKH0fT2uvwbKWH8jqJNvHtM4yJ5GH0Fq6/z2f1Mm06m6v14NptNb7/9dTfWJ+vr+bfxZDzX9fV6ps0xuF7P8ff9LFeDAGZZOffDaDyZzW7uJtc3d9Prm9H3L4qysFMUBSjxw6z8FwMW0eLANyX/TPB3vAxiyWhX0TdWwlre1YWJyCiyktp0QRAXUa6wp2UbdyhLQv/TJGM88KKuNsB8dCzPflE1zfLMbQX1ElKuUuGq4Y3gSPJc3Rmg6wnBX0q1BZWMGsBhfQL6M6HuRWbgFZG5syNbHeHQGcDdEjpXjk/B49qcFdp7QmJQnDiE9JQULloM+f/FsQxdYkman/ivKEQ5akigDSINmmqrS2CALZARYaXvfoR++zmKI1pFwyKSYTmPqgn+UbfAMiV02HGIguaDOIMidtsygCb1ANRihy7QN03C0+CtwBApDsziIg0aKmqoSICju5bnaEO4FWJkKzjZuup4IZiMmtZr2fGFlHwVnaLFV3Tj86T4/oT3XMfpvs15QLvwri1n04+bRKENzH2l/ETFphoqClAbfauST3Ih0QNaHL2h91ZoPBl6piI4T6oCjwdqOUgd7TOhhtO8HFLBm4I4T0dzdHWr9w/grVgqF0bx04vK5JUZQi4YeauxTFPXhgSSI2fTmbfxDjKk3PiRqeXJGYYOGuT8eZOr4dIvmnsIknHsJ966b2+AXST09vBHDsrpNsAOxP1dr5fsmq82BfHqAXsl9WqvYAgblBTEoVzphj6AEqw2LNozLKbGY2XokzT+iTLsXxr8TZwrwHasJ+BilyPhTqMQRR/0Ntch3jabBjB/yFD6WYbeowYpBXJpVdcFjxJr1SP/NaTPFwVxSHVTXRoy5wtlLU4a420scOVYHVgyUaQUxOF08Eo3EpQ23r5fcbpjNxYuWTlCbLzLz5azkmgoaP/60TtU+JIEg3g+9W/VfNSHCMTRC+YCffwx3B109e0QdWCfxGlOnR4K4nCDjW05WykvFActL3SG+F7I0iS8kJqULrbsdzH7chesvMacXbrhshNWYrjucNSt1fO9xYnEkfl0DjCmnEHexuPk4qSi73kk2VSL+5hldeM/5ldSGuq5dlNH3dZNC87D5WSo5yjE7HFdtvOOxjlgyXe8jkkfSxXb1iEvHKyG0Ylkmjpoke1H1rNhqk/AMHRMlft3C/5Ynu7aG0OpSvgjLQXxjqVhWM8v5eiye6+7/YiXRfjBv07gjeDIWnrGjwHXCYRVfNchHCZSOPDWg/Az+idtXCREtpNSPYF2mdfGhY9CsuAjTIyqr42LFMjWf3WmZhHItnVUIlUOHhjZNeEFo1jPgOqwOgqseo1lER4T6crtwNYqVdu4WINc0UqYGAVkGxcpkC0lq/1n1JMMg/BQtCrLxRV9S76wEtL1PAjc+En1qfqsR3n6qXzATxxscJQpTyNYjZSfflhgwq8ujiXtW/zp+HZ+q19Pylt87eZ+vLxZ3pe3+NP58Tm0Jic/DsAJX4gCkvydKLR4v/ejnWKgCL+cUQ7TNz+Ap+d5ddC7uDotY3F1+L3C9y//A9c39n66IAAAcSF27Dd5WEeyXvWz8UvVSYrS48Y=</dsml:value>
</dsml:attr>
</spml:operationalAttributes>
</spml:modifyResponse>HTH,
Similar Messages
-
Unable to modify user password through OAM identity system console.
HI,
I am trying to reset the password of a user through OAM Identity console.
I had logged in through orcladmin(admin), and tried to update the password for users, as well as orcladmin also.
After clicking save, its giving me error "Modify User Entry Failed" and password is not updated in LDAP
Also note that I am able to modify any other attribute of that user like last name, title, firstname etc through identity console.
Its only user password attribute which is not geting updated.
I am user OVD, which is integrated with OID & AD for user store.
Also I tried to set "Access Attribute control" for modifying user password, but that didnt help.
Kinldy suggest if you have came across this kind of issue.
Regards,
Ankit.HI,
Thanks for the replies.
As my OVD is integrated with OID & AD both, I am picking up the users from OID for update.
Also the SSL is configured betveen OVD & AD, but still AD user password is also not successfull.
Niether of two is working.
I am not able to create a user through Identity System console, as I had not configured workfllow.
I believe for updating user attibute, workflow defination need not to be define.
Also As I had mentioned before, I am able to modify all the other attributes other than user password.
Also Schema is extended properly.
Thanks & Regards,
Ankit -
Problem assigning internet user Role through portal
Hi All,
Please could someone help me with the following:
I am creating a registration process that creates a new CRM Business partner with contact person and internet user roles. When i run the Bapi from with in CRM everything works fine however when i run my jsp dynpage application and call the same bapi, the internet user that i create does not have any of the logon details or roles. Does anyone know why this is? i am using the same user when running in crm and the portal.
Many thanks in advance
CalvinHi Sunil,
Thanks for your reply. answers to your questions:
1. Yes, all portal users are maintained and have the same roles as CUA users. Portal authenticates against CUA.
2. Yes the user is created correctly on the backend. i have created a BAPI that creates users, BP's and assigns roles. This Bapi works perfectly when run in CRM but as soon as it is accessed via the portal the internet user role does not have all the required information.
Many thanks
Calvin -
Weblogic API for modifying users/roles
I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.I searched the newsgroup and found that somebody addressed this issue.
"Andrey" <[email protected]> wrote in message
news:[email protected]...
>
WebLogic 7.0
I have read a number of questions on how to do these but not many answers,so
after figuring it all out, I thought I would post a message describing allthese
tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
for WebLogic)
-1. Imports required :
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
importweblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.GroupEditorMBean;
import weblogic.management.security.authentication.UserEditorMBean;
importweblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.providers.authentication.*;
0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
server - I have it inside EJB):
DefaultAuthenticatorMBean authBean;
Context ctx = new InitialContext();
MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
>
//Find UserEditorMBean
DomainMBean dmb = mbeanHome.getActiveDomain();
SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
RealmMBean rmb = scmb.findDefaultRealm();
AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
>
for (int i = 0; i < providers.length; i++) {
if (providers[i] instanceof DefaultAuthenticatorMBean) {
authBean = (DefaultAuthenticatorMBean) providers;
break;
1. Create/Drop/Update users
to perform these tasks, the user must be logged in into weblogic and be in
Administrators
group. Then, the code is as follows:
create user: authBean.createUser(username, password, description);
remove user: authBean.removeUser(username);
change user's description: authBean.setUserDescription(username,newDescription);
>
remove user from group: authBean.removeMemberFromGroup(groupname,username);
>
add user to group: authBean.addMemberToGroup(groupname,username);
>
2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
a member of Administrators group)
authBean.resetUserPassword(username, newPassword);
3. Change your own password:
this is a bit trickier, because if you are not an admin, you can't changeyour
own password!!!! This is a part that I personally don't understand - seemslike
a screw up on BEA's part. So, to allow users to change their ownpasswords, you
must change security context in the middle of processing to that of Adminuser
and run this function as Admin user. Although a bit ackward, it's veryeasy to
do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
for the user and always runs in logged in user's security context. Now,suppose
you want to add a method to EJB A to change current password. The methodmay
look like:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
Now, there is no way to do it in EJB A, because for most users, it willrun in
a 'non-admin' security context. So, to get around it, you create another
EJB - EJB B. This EJB has one method:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
and one major difference - this EJB always runs in a secrity context ofadmin
user. To get an EJB B running 'as admin user', all you have to do in EJBA is
the following
EJB A:
public void changePassword(String logon, String oldpwd, String newpwd)
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
props.put(Context.SECURITY_CREDENTIALS, "password");
// get context that with different credentials
Context ctx = new InitialContext(props);
EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
EJBBLocal adminEJB = home.create();
adminEJB.changePassword(logon, oldpwd, newpwd);
adminEJB.remove();
of course, this poses a problem of hardcoding user id and password foradmin user
in your application - you can come up with your own ways to secure that.
THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
to do pretty much everything, however for the sake of security, I woulddefinetly
vote against it and use part 3 to ONLY allow users change their ownpasswords
>
Enjoy
Andrey
"Yonatan Taub" <[email protected]> wrote in message
news:[email protected]...
I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it. -
Roles through SearchRequest ?
Hi,
anybody tried to query user roles through spml ?
I can get the default attributes (sn,gn,telephone) with
SearchRequest, and more by setting attributes (list/all),
but no roles.
Could anybody give me a hint ?
Best,
KjellHi...
Yes, i've tried <ref>waveset.roles</ref>... or better, i'm inside workflow and the context is variables.user, and i see, while debugging, the value change but when i call the refreshView and the checkinView the value defaults to nothing...
i don't understand why...
could you help me???
thanks
Jorge -
Provisioning EP roles and user groups through CUP
Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
KeeThanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un: ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee -
Does anyone come across with this error from SPML request " <spml:errorMessage>ID 'id' is invalid. </spml:errorMessage>.
Im getting this error while im trying to modify user with SPML request. It is using custom form and custom workflow. The same workflow and form works fine for create user, but it is giving above error for modify user. I know that create and modify user uses same workflow and form.
If i use create user workflow (out-of-the-box), it works fine for create and modify user using SPML, but i customized .
Any suggestion is appriciated
-S-I've usually seen errors like this when the accountId is null on a workflow view checkIn operation such as this snip below (note that id is an argument).
<Action application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkoutView'/>
<Argument name='type' value='User'/>
<Argument name='id'>
<ref>accountId</ref>
</Argument>What I'd suggest you try if possible is put a global error handler in your workflow like right at the top outside of any Activity such as Start and just below the variable declarations like this:
<Comments>
 Object containing information for registering a sunset date/time.
 </Comments>
</Variable>
<Variable name='error'>
<Comments>Set in the event of unusual processing errors.</Comments>
</Variable>
<Variable name='options'>
<Comments>Options to pass to the provisioning task regarding resource
 provisioning.
 </Comments>
</Variable>
<Transition to='end'>
<Comments>
 Terminate if we encounter unusual errors (not provisioning errors).
 </Comments>
<select>
<ref>error</ref>
<ref>WF_ACTION_ERROR</ref>
</select>
</Transition>
<Activity id='0' name='start'>
<Transition to='Rename'>
<notnull>Then use the Workflow debugger to set a breakpoint on this <select> code and then you can trap the point in which the error occurs and inspect the variable namespace. If you don't want to use the debugger you could use the dumpView method:
<invoke name='dumpFile'>
<ref>user</ref>
<s>c:/temp/requestAccess-userView.xml</s>
</invoke> If you using activeSync and you're seeing this error I'd be tempted to breakpoint the activeSync userForm and simply step through the execution of the workflow until you find the error. Before the debugger was introduced debugging workflow errors was a world of pain.
HTH,
Paul -
Modify Script to Create User Role on Single Database.
Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GOThanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission. -
Function module to modify the user roles & profiles
Hi All,
I am working on user maintenance and i need a function module to modify the user roles & profiles.
Thanks in Advance.
Phani.i used the below fms
BAPI_USER_ACTGROUPS_ASSIGN for assigning the roles.
delete the profiles of the user qnd assign the profiles to the user:
BAPI_USER_PROFILES_DELETE
BAPI_USER_PROFILES_ASSIGN
i used the above FMs for my requirement.
Regards,
Phani. -
Locked users and modify user screens modifications.
Hi,
Need a suggestion how to...:
1. Filter locked users list screen so it will display
users locked with a particular reason only.
2. Make "modify user" action (available from locked
users and users search result lists) to display my
edit user form instead of portal's default one.
Thank you,
YuriHi;
1. How can I log in to SYS account despite being locked. Is it because i logged in through external authentication?set ORACLE_HOME, ORACLE_SID than
sqlplus "/as sysdba"
alter user xx account unlock;
2. Is locking the SYS user a standard practise ? If so, why ?
SYS and SYSTEM are default users, created with the creation of the database. Although they have much power - as they are granted the DBA role - they're still ordinary users. Because SYS owns the data dictionary, (s)he is considered a bit more special than SYSTEM. But SYS has the SYSDBA privilege which SYSTEM doesn't. This makes it possible for SYS to become a very very powerful user. This is the case when (s)he connects as sys/password as SYSDBA or / as sysdba. The as sysdba phrase is a request to aqcuire the privileges associated wht the single SYSDBA system privileges (see here).
Source:
http://www.adp-gmbh.ch/ora/misc/sys_system_internal.html
Regard
Helios -
Custom plugin based on user role membership
Hi all,
I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
I'll try to explain the scenario more in details:
1. I create a user identity through a request
2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
- Email notifications after role grant
- Re: OIM 11g Role Membership Event Handlers.
I tried to implement what explained in the threads, but I would be sure about what I've done.
Here what I've done:
1. created plugin.xml file
2. created EventHandler.xml metadata file
3. developed a java calss for testing pourpose
4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
6. copied the zip file to $OIM_HOME/server/plugins
7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
8. built the wlfullclient.jar (only the first time)
9. registered the custom plugin
10. created the custom plugin dataset file
11. imported it in OIM database using "weblogicImportMetadata" utility
12. purged cache using "PurgeCache" utility
NOTE: all the steps above was executed using the system user running OIM process
test java class
package com.zeropiu.sky.custom.eventhandlers;
import java.io.Serializable;
import java.util.HashMap;
import com.thortech.util.logging.Logger;
import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
import oracle.iam.platform.kernel.spi.PostProcessHandler;
import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
import oracle.iam.platform.kernel.vo.BulkEventResult;
import oracle.iam.platform.kernel.vo.BulkOrchestration;
import oracle.iam.platform.kernel.vo.EventResult;
import oracle.iam.platform.kernel.vo.Orchestration;
import oracle.iam.platform.context.ContextManager;
import java.util.Set;
public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
private static final String className = "TestUserAnonimi";
@Override
public void initialize(HashMap<String, String> arg0) {
// TODO Auto-generated method stub
String methodName = "initialize";
System.out.println("###### " + className + " - " + methodName);
@Override
public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
// TODO Auto-generated method stub
String methodName = "isApplicable";
System.out.println("###### " + className + " - " + methodName + " - STARTED");
System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
Set<String> allContextManagerParams = allContextManagerPairs.keySet();
String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
for (int i = 0; i < parameters.length; i++) {
System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
System.out.println("###### " + className + " - " + methodName + " - ENDED");
return true;
@Override
public boolean cancel(long arg0, long arg1, AbstractGenericOrchestration arg2) {
// TODO Auto-generated method stub
String methodName = "cancel";
System.out.println("###### " + className + " - " + methodName);
return false;
@Override
public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
// TODO Auto-generated method stub
String methodName = "compensate";
System.out.println("###### " + className + " - " + methodName);
@Override
public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
// TODO Auto-generated method stub
String methodName = "Eventresult execute";
System.out.println("###### " + className + " - " + methodName);
return null;
@Override
public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
// TODO Auto-generated method stub
String methodName = "BulkEventResult execute";
System.out.println("###### " + className + " - " + methodName);
return null;
plugin.xml file
<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
<plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
</plugin>
</plugins>
</oimplugins>
EventHandler.xml metadata file
<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
</eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
###### TestUserAnonimi - initialize
###### TestUserAnonimi - isApplicable - STARTED
###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
###### TestUserAnonimi - isApplicable - ENDED
##### TestUserAnonimi - BulkEventResult execute
Thanks,
Daniele
Edited by: 886636 on Jan 24, 2012 2:53 AM
Edited by: 886636 on Jan 24, 2012 2:53 AMProbably I don't explain myself clearly....sorry for that!
Anyway you are right, the role of the user can change after the user is initially provisioned.
I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
Is it possible with pre-populate adapter?
Sorry again for my not very clear explanations.
Daniele
Edited by: 886636 on Jan 24, 2012 4:10 AM -
OIM 11g Modify User Profile for Updating End Date
Hi Gurus!
We have an OIM implementation where users may request the creation of other users by means of a Create User request template. In this template we set the End Date to be 3 months after the request date.
In order for the requester to extend the period of a user's OIM user account (along with its provisioned resources) we customized a Modify User Profile by displaying the End Date field and automatically populate it again to 3 months after the request date. Also we developed a custom event handler to enable the user when it is disabled and the End Date is updated to a future date.
This Modify User Profile is working great when the user is still enabled (the End Date is still in the future), however, when the End Date has passed (and the user is Disabled) the requester is not able to see the user when selecting the Modify User Profile request template.
Is there a way to allow requesters to also see disabled users in the Modify User Profile request template?
Thank you in advance.
Regards,Hi Kevin,
thanks for your reply!
But, in this case, when the user is already disabled due to his End Date, how can a requester, through the Self Service TAB, enable it?
The Enable User request template does not work since when trying to enable the user, OIM sees the End Date is already passed and the DataSet validation throws an exception.
The only way I saw was providing a Modify User Profile Request template to change the End Date and developing a custom event handler to enable the user upon the extension of the End Date...
How can, in this situation, a requester enable the user and extend its End Date?
Thank you!
Regards, -
Windows Small Business Server User Roles - Missing or deleted
I have a small business server sbs 2008 r2.
The user roles, Standard, Administrator, Standard w/ admin are no longer available. I don't know why, or how. All I can guess is the previous IT admin, removed the roles, without permission.
I am wondering is there a way to simply get them back?As Robert says, You can create them manually.
http://technet.microsoft.com/en-us/library/cc794287(v=ws.10).aspx
KnowHow :
Behind the scenes, each User Role is created as a disabled user account in Active Directory, and these accounts are used as “Templates” for user creation. To view these, open Active Directory Users and Computers (from the
Administrative Tools start menu folder, or through Start à Type “dsa.msc” and press enter. Drill down to the SBSUsers folder under “<yourdomain>\MyBusiness\Users\” and you’ll see several disabled user accounts listed.
Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help. -
How to create/get user & role in Weblogic 9.2 programmatically?
Hi,
I am new to Weblogic 9.
I need to create a web service to manage user/role in WebLogic 9.
Searching thru the web and found some classes like:
AtnSecurityMgmtHelper, AtnProviderDescription etc
Are those the correct classes to create/retrieve user & role?
If so, what jar file contains those classes and where is the jar
file?
Thanks in advance,
TerryYou can do it with WLST help
http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019913
or via JMX through http://e-docs.bea.com/wls/docs92/javadocs/weblogic/management/security/authentication/UserEditorMBean.html and such -
How to add a new tab on modify user form
Hi,
In OIM11g, we can assign roles to a user using a tab named Roles in the modify user form. I want to add a new custom tab alongside all the already present tabs.
The new custom attribute functions the same as 'Roles' in OIM.
Does OIM11g provide any functionlity to do so?
Thanks..Have you seen the 11g tutorial thing about adding a Custom ADF tabs in OIM Self Service Console at
http://apex.oracle.com/pls/apex/f?p=9830:37:3242381082783477::NO:RIR:IR_PRODUCT,IR_PRODUCT_SUITE,IR_PRODUCT_COMPONENT,IR_RELEASE,IR_TYPE,IRC_ROWFILTER,IR_FUNCTIONAL_CATEGORY:,,,OIM_11g,,,
Is that any help?
Also, more general advice on customising OIM 11g is available at:
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/uicust.htm
Try metalink too because there may be examples of how to do stuff with OIM 11g there.
Good luck
Maybe you are looking for
-
How to send mail to groups or distribution lists
Ok so what appears to be a rather large problem with the Apple Mail Server. the complete lack of being able to create a group in workgroup manager and then have that group as an email account that when email is sent to the group name the mail is then
-
IPlanet 4.1 - Weblogic 5.1 Clustering
Query 1: The libproxy.so proxy plugin seems to slow down the response. Anyway to tune it? Query 2: I have a servlet in iPlanet which upon receiving the request manages the Session and pass the request to the Weblogic Clu
-
Hai Gurus, I am working in SAP abap .Now my PM ask me to learn EP as soon as Possible. I don't have any idea about this friends. Please give me a clear idea about this.. 1 . I dont know java programing ... ( Is this mandatory ) 2. Is it p
-
My Magic Mouse won't double click
I cannot double click with my new magic mouse (or older wired logitech mouse) to open anything, whether it be in finder, the desktop, iTunes etc... I'm sure that it isn't the fault of the iMac as there has been no update or change of settings.
-
I am using PHP/MySQL with Dreamweaver CS5, v.11. I want to query my table for a color entered by the user, and return results for words like "Brown" even if there are words before or after in the table cell. E.g., : Silver Brown Yellow Grey Blue Brow