Modifying bulk role

Similar Messages

• OIM 11g - Modify Assign Roles request

  Hi everyone,
  I would like to know if it's possible to modify Assign Roles request in order to restrict the available assignees. I mean for example, if a manager wants to create a new Assign Roles request, he will be able to select only users whose he is the manager of.
  If someone knows how to do that he will be really helpfull !
  Thanks in advance,
  Thibault

  Thanks for both of you !!
  Indeed it's OOTB and it didn't work for me because there was another authorization policy configured for REQUEST_ADMINISTRATOR which allowed them to search for all users. And because all of my requesters had this role, they could search for all users. So I configured a new request template which allow a role, that I had already created before, to create request and now it works fine.
  Thanks !!
  Thibault

• How to modify waveset.roles

  Hi
  I'm trying to modify waveset.roles by removing the role that already exists, and replacing it with the name of another role.
  I checkout a User view, and then modify it like this:
  <removeAll>
  <ref>userView.waveset.roles</ref>
  <s>old_role_name</s>
  </removeAll>
  <append>
  <ref>userView.waveset.roles</ref>
  <s>new_role_name</s>
  </append>
  I have tried variations on the syntax, such as using <get><ref>userView.waveset</ref><s>roles</s> too, but after I check the view back in, my change hasn't been applied.
  Can anyone tell me what I am doing wrong? Is waveset.roles readonly? Should I be using a different type of view (rather than User)?
  Many thanks
  Richard

  Hi sec_tk, thanks for the reply, I did what you said and it works a treat now. Really appreciate your help.
  In case it helps anyone else, here is the relevant part of my workflow:
  <!-- check out the user (don't use Empty Form because otherwise the global attributes dont seem to be available) -->
                  <Action application='com.waveset.session.WorkflowServices'>
                      <Argument name='op' value='checkoutView'/>
                      <Argument name='type' value='User'/>
                      <Argument name='id' value='$(userName)'/>
                      <Argument name='authorized' value='true'/>
                      <Variable name='view'/>
                      <Return from='view' to='checkedOutView'/>                   
                  </Action>
                 <Action name="ModifyContractorRoleIfNecessary">
                      <block>
                          <cond>
                              <isTrue><ref>roleNeedsModifying</ref></isTrue>
                              <block>
                                  <append name='checkedOutView.waveset.roles'>
                                      <s>new_role_name</s>
                                  </append>
                                  <remove name='checkedOutView.waveset.roles'>
                                      <s>old_role_name</s>
                                  </remove>
                                  <!-- Update an unrelated global property (just something else that needs doing) -->
                                  <set name='checkedOutView.global.memberClass'>
                                      <String>new_role_name</String>
                                  </set>                                                            
                              </block>
                          </cond>
                      </block>
                  </Action>
                  <!-- Checkin the user view -->
                  <Action application='com.waveset.session.WorkflowServices'>
                    <Argument name='op' value='checkinView'/>
                    <Argument name='view' value='$(checkedOutView)'/>
                  </Action>

• Modify user roles through SPML?

  Hi everyone,
  I've been stuck for a few days now on trying to modify the assigned role of a user through SPML. I'll be brutally honest with everyone: I have no idea whatsoever of what I'm doing, I just gather information and try to chuck along.
  Up to this point, I've been able to create users and search for users through SPML, and that's where everything falls down very rapidly. I'm using SPML 2.0 for creating users and SPML 1.0 for searching them.
  The IDM server has a specific role implemented named ITACCESS, which launches a process that calls other servers and things like that once it is assigned to a user. My goal is thus to modify the "Roles assigned" value of a specific user to "ITACCESS", basically.
  Am I wrong in thinking I can use SPML for this? What other ways of accessing the IDM server do I have available?
  The server is configured with the regular spml.xml and spml2.xml (stock sample ones, not modified). I have tried simply sending an SPML 2.0 modifyRequest, but to no avail:
  <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='IDMConnector-01' executionMode='synchronous' returnData='data'>
    <psoID ID='jlauwers'/>
    <modification>
      <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='roles' operation='replace'>
        <dsml:value>ITACCESS</dsml:value>
      </dsml:modification>
    </modification>
  </modifyRequest>
  ===========================
  <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='IDMConnector-01'>
    <pso>
      <psoID ID='jlauwers'/>
      <data>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
          <dsml:value>spml2Person</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='accountId'>
          <dsml:value>jlauwers</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
          <dsml:value>LighthouseFakePassword</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='firstname'>
          <dsml:value>John</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='lastname'>
          <dsml:value>Lauwers</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
          <dsml:value>[email protected]</dsml:value>
        </dsml:attr>
      </data>
    </pso>
  </modifyResponse>Any help would be gladly appreciated.
  Thanks for reading

  Hi everyone,
  I have had some amazing help and have finally been able to resolve this issue.
  For future reference:
  There is no need to change any attribute mapping or anything complicated, the following code and XML demonstrates an example to change assign a new role to a user in Sun IDM:
  LighthouseClient client = new LighthouseClient();
  client.setUrl("http://idmserver:8080/servlet/rpcrouter2");
  client.setUser("administrator");
  client.setPassword("administrator");
  ModifyRequest req = new ModifyRequest();
  SpmlResponse modifyResponse = new ModifyResponse();
  // enable server side trace
  req.setOperationalAttribute("trace", "true");
  // Set the objectclass
  req.setOperationalAttribute("objectclass", "userview");
  // Set the IDM Username
  req.setIdentifier("user:someuser");
  java.util.ArrayList al = new java.util.ArrayList();
  al.Add("NewRole");
  // Create, build and add a Modification to the request
  Modification m = new Modification("waveset.roles", al);
  req.addModification(m);
  modifyResponse = client.request(req);
  if (modifyResponse.getResult().Equals(SpmlResponse.RESULT_SUCCESS))
       Log.append("Modification succeeded");
  else
       Log.append("Modification not completed");The following is the typical XML exchange:
  <spml:modifyRequest xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'>
    <spml:operationalAttributes>
      <dsml:attr name='trace'>
        <dsml:value>true</dsml:value>
      </dsml:attr>
      <dsml:attr name='objectclass'>
        <dsml:value>userview</dsml:value>
      </dsml:attr>
      <dsml:attr name='session'>
        <dsml:value>AAAFJgAAILoAAAUGH4sIAAAAAAAAAMVaW2+jOBh9n1+B1Ic8rdpcmklH6UiEkK41BBCEVtqXiBI36y0BxGVGmV+/BnLB2DFgHqZP6fkcn2Nsvpszt7P3/6CXSoF7gM8DeXdAAUrS2E3DeCDF0N0ZgX98HqRxBgdSUg7eoAMMs/R5MJ4+5H8DyQ/3KFiHu5c4zKLnwR1Y3s0mTxNlPBrLT8PJZDKefvvr61AdrR5m34aj4UxVV6uJMsPgajXD33eTVPY8mCT53M+D4Wgyefw6epg+PE1Hg+9fJGluxijwUOT6Sf4vBoxCiwU/pPQY4e84CcSS0a6kr62Etbz7GxMVo4qVVKbzvDALUok9Ldu4Q0nku0e9GOOArbxcA/3FMhxzKyuK4eibEuokJF+lxFXDG8GR5Niq1UPXK4K/pHILShkVgMP6CtS3groTmYZXVMydnNmqCIdOA/amoLPF+CQ8juYs0c4TFgbJCn1ITkngTYsp/t9ahqYKLElxI/cd+ShFNQmkoUmDIpvyAmhgA0REGPHeDdBvN0VhQKqoWZpkGNaLrIN/5A0wdAEdZugjr/4grmATu2loQBF6AHK2Qzfo66bG0+AsQR8pFkzCLPZqKipokwBLtQ3HUvpwS4WRreBia6tjW2AiaqjXsuULKfgqWhnFl7Xjc4T4/oT3XIXxgeY8oW14V4a17sZdRKE1TF0p/0TEpgraFKDW6kYuPomFRAcoYfCB9lRovBg6piI4TyoDjwMqOUgV7TKhgtO8FBLBm4A4T0exVHmjdg/gVCwVC6P46QV58soMITeMvNUYuq4qfQLJmbPuzGm8hQwhN35mojw5w9BCg5g/r3PVXPpNcwdBIo79wlv17TWwjYTOHv7MQTjdGtiCuLvrdaJd/dUmIF49YC6FXu0l9GGNkoA4lEtVU3tQguWaRXuFm6nxWBH6KA5/ogT7lxp/HecKMC3jFdjY5Qi408BHwSe5zVWIt826BvQfIpRukqB9UCMlQC6tbNvgRWCtauC+++T5IiAOqarLC03kfKGE4iQx3sYCW4zVgjkTQUpAHE4Lr3QtQGni7fsVxjt2Y+GWlSPExLv8ZlhLgYaC8q8b7KHEl9QwiOdT/5b1F7WPQBy9YNqgjz+Gu4O2uumjDhyiME6J00NAHG6wNg1rI+SFQo/yQleI74UMRcALyVHuYvN+F7Mvd8PKa8yZuRvOO2E5husOS94YHd9bnEicmS/nAGPSFeRtPE4uLiq6nscim6K4z1lWO/5zfiWkoZpr13VUbe204DxcTIZ8jULMHtdtO+9oXAOWeMfrnPSxVLFtLfLC3moYnUimqYUW0X5kNRsm+gQMQ8tUuXu34I/l6ba51qSyhD/TEhDvWGqa8bbNR+fde9XuRrzI/E/+dQJvBEfWwtF+9LhOKFib7zoahzUp7HnrUfAz+ic03iREtJNSPgG6zKPxxkchWPAVTIyqj8abFIjWf1WmehHItrVUIlQOnhjZNeENY7OeHtVheRRY9RrL0nhMhCu3ExtVqtJ4swaxorVgYhSQNN6kQLSULPefUU8yDI2Hgqos5/fkLfnciIqu50ng2o3KT+VnNUjjo/QJjzjY4CiTn0awHEg/XT/DhHc2jiX0Lf54OJ1N1YdRfouvPD4NF4+Lp/wWfzw7Pwdq8uLHATjh85FXJH8XCiU8HNxgJ2kowC9nkML4w/Xg5Xnen/TO7y/LmN+ffq/w/cv/lfR9TrogAACMAwenmPTYv5nNkZAnqXXTe+MZ/Q==</dsml:value>
      </dsml:attr>
    </spml:operationalAttributes>
    <spml:identifier type='urn:oasis:names:tc:SPML:1:0#GUID'>
      <spml:id>user:someuser</spml:id>
    </spml:identifier>
    <spml:modifications>
      <dsml:modification name='waveset.roles' operation='replace'>
        <dsml:value>NewRole</dsml:value>
      </dsml:modification>
    </spml:modifications>
  </spml:modifyRequest>
  ========================
  <spml:modifyResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#success'>
    <spml:operationalAttributes>
      <dsml:attr name='session'>
        <dsml:value>AAAFJwAAILoAAAUHH4sIAAAAAAAAAMVaW2+jOBh9n1+BNA95WrW5tE1H6UiEkK41BBCEVtqXihK36y0BxGVGnV+/xuSCwbHBPEyf0vM5PsfYfDdn4Rav/8EgVyJ/Dx9G6m6PIpTlqZ/H6UhJob+zovDzYZSnBRwpWTV4i/YwLvKH0fT2uvwbKWH8jqJNvHtM4yJ5GH0Fq6/z2f1Mm06m6v14NptNb7/9dTfWJ+vr+bfxZDzX9fV6ps0xuF7P8ff9LFeDAGZZOffDaDyZzW7uJtc3d9Prm9H3L4qysFMUBSjxw6z8FwMW0eLANyX/TPB3vAxiyWhX0TdWwlre1YWJyCiyktp0QRAXUa6wp2UbdyhLQv/TJGM88KKuNsB8dCzPflE1zfLMbQX1ElKuUuGq4Y3gSPJc3Rmg6wnBX0q1BZWMGsBhfQL6M6HuRWbgFZG5syNbHeHQGcDdEjpXjk/B49qcFdp7QmJQnDiE9JQULloM+f/FsQxdYkman/ivKEQ5akigDSINmmqrS2CALZARYaXvfoR++zmKI1pFwyKSYTmPqgn+UbfAMiV02HGIguaDOIMidtsygCb1ANRihy7QN03C0+CtwBApDsziIg0aKmqoSICju5bnaEO4FWJkKzjZuup4IZiMmtZr2fGFlHwVnaLFV3Tj86T4/oT3XMfpvs15QLvwri1n04+bRKENzH2l/ETFphoqClAbfauST3Ih0QNaHL2h91ZoPBl6piI4T6oCjwdqOUgd7TOhhtO8HFLBm4I4T0dzdHWr9w/grVgqF0bx04vK5JUZQi4YeauxTFPXhgSSI2fTmbfxDjKk3PiRqeXJGYYOGuT8eZOr4dIvmnsIknHsJ966b2+AXST09vBHDsrpNsAOxP1dr5fsmq82BfHqAXsl9WqvYAgblBTEoVzphj6AEqw2LNozLKbGY2XokzT+iTLsXxr8TZwrwHasJ+BilyPhTqMQRR/0Ntch3jabBjB/yFD6WYbeowYpBXJpVdcFjxJr1SP/NaTPFwVxSHVTXRoy5wtlLU4a420scOVYHVgyUaQUxOF08Eo3EpQ23r5fcbpjNxYuWTlCbLzLz5azkmgoaP/60TtU+JIEg3g+9W/VfNSHCMTRC+YCffwx3B109e0QdWCfxGlOnR4K4nCDjW05WykvFActL3SG+F7I0iS8kJqULrbsdzH7chesvMacXbrhshNWYrjucNSt1fO9xYnEkfl0DjCmnEHexuPk4qSi73kk2VSL+5hldeM/5ldSGuq5dlNH3dZNC87D5WSo5yjE7HFdtvOOxjlgyXe8jkkfSxXb1iEvHKyG0Ylkmjpoke1H1rNhqk/AMHRMlft3C/5Ynu7aG0OpSvgjLQXxjqVhWM8v5eiye6+7/YiXRfjBv07gjeDIWnrGjwHXCYRVfNchHCZSOPDWg/Az+idtXCREtpNSPYF2mdfGhY9CsuAjTIyqr42LFMjWf3WmZhHItnVUIlUOHhjZNeEFo1jPgOqwOgqseo1lER4T6crtwNYqVdu4WINc0UqYGAVkGxcpkC0lq/1n1JMMg/BQtCrLxRV9S76wEtL1PAjc+En1qfqsR3n6qXzATxxscJQpTyNYjZSfflhgwq8ujiXtW/zp+HZ+q19Pylt87eZ+vLxZ3pe3+NP58Tm0Jic/DsAJX4gCkvydKLR4v/ejnWKgCL+cUQ7TNz+Ap+d5ddC7uDotY3F1+L3C9y//A9c39n66IAAAcSF27Dd5WEeyXvWz8UvVSYrS48Y=</dsml:value>
      </dsml:attr>
    </spml:operationalAttributes>
  </spml:modifyResponse>HTH,

• Modify bulk users attribute

  Hi All,
  I'm not really expert on vbscript and been trying to search from internet about the problem that i have but just couldn;t find any solution. We are currently making a review on our AD and found users having wrong attributes.
  Now, we want this to be modified in bulk. Hoping this forum could help me out.
  Here's my request. I have a list of users in text file (logonname or SAMAccount). And I want to modify their country code to AU.
  The script should be like this.
  cscript <script name> /File:<location of the txt file> /attribute:<target attribute> /Value: <value of the attribute>
  So in short, my tasks should be like this.
  cscript <script name> /File:"c:\users.txt" /attribute:countryCode /Value:"AU"

  These are the first few results for a search of 'how to use admodify.net':
  http://exchangeis.com/exchange-tutorial/using-admodify-a-real-world-example-2/
  http://www.msexchange.org/articles-tutorials/exchange-server-2003/tools/ADModify-Change-Exchange-Specific-AD-User-Attributes.html
  http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/45/Default.aspx
  I recommend continuing to search if these results do not push you in the right direction. If none of this even makes sense, I'd also suggest the consultant route.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Modifying standard roles

  Hi!
  We are going to use standard roles as much as possible. However, we are in the need of modifying them somewhat. Does anyone have information/documentation containing how to best do this, what is not suggested etc...
  I would really appreciate if anyone would help me with this.
  Sincerely
  Anders Öhrling

  Anders,
  Could you give more information on this? I understand you are looking towards using a standard template but will only update certain fields according to your requirements. Are you working from a post migration of 3.5 perspective?

• Bulk Role Delete

  I want to unassign a set of roles for a number of users and delete the user accounts for these users.Is it possible to do this using the Bulk Action option available in SUN IDM 8.1? If so what should be the format of the csv file I need to give as input? Currently I am giving a file with the content:
  user,command,roles,resources
  206812,delete,|Remove|A:Portal LDAP:All Users,MYNMG
  But this is only deleting the resource MYNMG. It is not unassigning the role A:Portal LDAP:All Users. Can someone tell me what the error in my input file is?
  Also which option should I choose from the Action dropdown?

  Hi,
  This is the command file I use to remove roles.
  command,user,waveset.roles
  Update,206812,|Remove|A:Portal LDAP:All Users
  Hope this helps

• Modified Security roles summary report

  Just curious if anyone has modified the Security roles summary report to include the individual permissions object class. So for some permissioned userid or group that has the canned role Remote Tools Operator, the report would also show that Collection
  has Control AMT = Yes, Read = Yes, Read Resource = Yes, and Remote Control = Yes.
  Report Builder and I are not friends yet.

  I'm cleaning up old post, did you figure this out, If so how?
  http://www.enhansoft.com/

• Last Modified By Role

  Hi All,
  We want to create a report on Account which will also show the Role of the Last Modified By Person.
  Any Suggestion for this..
  Thanks

  Hi,
  I dont think the details of the last modified user are surfaced in Analytics Subject Area
  May be i can suggest storing the "Role" of the last modified user using workflow in a custom field and surface the same in reports
  Hope it helps
  -- Venky CRMIT

• Modify security role assignment at runtime

  hello,
  assume following example:
  In order to use declarative security on a EJB called TestBean, I secured
  TestBean by using the <method-permission> tag in ejb-jar_TestBean.xml,
  and grant permission to a role called adminRole
  At deploy-time, a principal called adminGroup is assigned to adminRole,
  using the <security-role-assigment> tag in weblogic-ejb-jar_TestBean.xml.
  The methods of TestBean are invoked by a JSP (TestJSP).
  This works fine.
  Now I want to add a new principal to adminRole at runtime.
  Is this possible as a matter of principle?
  Can this be managed by TestJSP?
  thanx for your help,
  Michael

  Hello,
  could you provide addition information on the server version and the facets installed in the dynamic web and EAR project ?
  thanks
  Raj

• OIM Modify Assign Role Template

  Hello all,
  I would like to know, if its possible to change the name of the users showed into the Assign Role Template, I mean, when I create a request using the Assign Role Template, the OIM let me to search the users who Im gonna add to the respective Roles.
  So when I look for those users, in the "Available Users" Field, appears the "display name" or the "First name and Middle name". What I want is that instead of show me the "display name", show me the "userLogin".
  Is it possible?
  Hope could help me.

  any update please?

• Weblogic API for modifying users/roles

  I need to write an application which will enable adding users to weblogic
  domain and configuring roles.
  Does Weblogic provide such API?
  If so, what are the relevant packages?
  P.S.
  I wasn't sure which exact newsgroup my question belongs to.
  If anyone has a better suggestions please provide it.

  I searched the newsgroup and found that somebody addressed this issue.
  "Andrey" <[email protected]> wrote in message
  news:[email protected]...
  >
  WebLogic 7.0
  I have read a number of questions on how to do these but not many answers,so
  after figuring it all out, I thought I would post a message describing allthese
  tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
  for WebLogic)
  -1. Imports required :
  import weblogic.jndi.Environment;
  import weblogic.management.MBeanHome;
  import weblogic.management.WebLogicObjectName;
  import weblogic.management.configuration.DomainMBean;
  import weblogic.management.configuration.SecurityConfigurationMBean;
  import weblogic.management.security.RealmMBean;
  importweblogic.management.security.authentication.AuthenticationProviderMBean;
  import weblogic.management.security.authentication.GroupEditorMBean;
  import weblogic.management.security.authentication.UserEditorMBean;
  importweblogic.management.security.authentication.UserPasswordEditorMBean;
  import weblogic.security.providers.authentication.*;
  0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
  server - I have it inside EJB):
  DefaultAuthenticatorMBean authBean;
  Context ctx = new InitialContext();
  MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
  >
  //Find UserEditorMBean
  DomainMBean dmb = mbeanHome.getActiveDomain();
  SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
  RealmMBean rmb = scmb.findDefaultRealm();
  AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
  >
  for (int i = 0; i < providers.length; i++) {
  if (providers[i] instanceof DefaultAuthenticatorMBean) {
  authBean = (DefaultAuthenticatorMBean) providers;
  break;
  1. Create/Drop/Update users
  to perform these tasks, the user must be logged in into weblogic and be in
  Administrators
  group. Then, the code is as follows:
  create user: authBean.createUser(username, password, description);
  remove user: authBean.removeUser(username);
  change user's description: authBean.setUserDescription(username,newDescription);
  >
  remove user from group: authBean.removeMemberFromGroup(groupname,username);
  >
  add user to group: authBean.addMemberToGroup(groupname,username);
  >
  2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
  a member of Administrators group)
  authBean.resetUserPassword(username, newPassword);
  3. Change your own password:
  this is a bit trickier, because if you are not an admin, you can't changeyour
  own password!!!! This is a part that I personally don't understand - seemslike
  a screw up on BEA's part. So, to allow users to change their ownpasswords, you
  must change security context in the middle of processing to that of Adminuser
  and run this function as Admin user. Although a bit ackward, it's veryeasy to
  do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
  for the user and always runs in logged in user's security context. Now,suppose
  you want to add a method to EJB A to change current password. The methodmay
  look like:
  public void changePassword(String logon, String oldpwd, String newpwd)
  throws some exceptions
  Now, there is no way to do it in EJB A, because for most users, it willrun in
  a 'non-admin' security context. So, to get around it, you create another
  EJB - EJB B. This EJB has one method:
  public void changePassword(String logon, String oldpwd, String newpwd)
  throws some exceptions
  and one major difference - this EJB always runs in a secrity context ofadmin
  user. To get an EJB B running 'as admin user', all you have to do in EJBA is
  the following
  EJB A:
  public void changePassword(String logon, String oldpwd, String newpwd)
  Hashtable props = new Hashtable();
  props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
  props.put(Context.SECURITY_CREDENTIALS, "password");
  // get context that with different credentials
  Context ctx = new InitialContext(props);
  EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
  EJBBLocal adminEJB = home.create();
  adminEJB.changePassword(logon, oldpwd, newpwd);
  adminEJB.remove();
  of course, this poses a problem of hardcoding user id and password foradmin user
  in your application - you can come up with your own ways to secure that.
  THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
  to do pretty much everything, however for the sake of security, I woulddefinetly
  vote against it and use part 3 to ONLY allow users change their ownpasswords
  >
  Enjoy
  Andrey
  "Yonatan Taub" <[email protected]> wrote in message
  news:[email protected]...
  I need to write an application which will enable adding users to weblogic
  domain and configuring roles.
  Does Weblogic provide such API?
  If so, what are the relevant packages?
  P.S.
  I wasn't sure which exact newsgroup my question belongs to.
  If anyone has a better suggestions please provide it.

• Compare Bulk Roles

  Hi All Gurus,
  I need to compare roles between two systems.
  I know we can do in SUIM, but it allows doing just one role at a time.
  I want to do Mass role comparison.
  Is there a Program or Tool in SAP that allows Mass Role Comparison?
  Any help will be appreciated
  Thanks
  Sid

  Sid,
  I assume dual maintenance mean you are not transporting the role(s) from one system to another. You can try using the mass role download and mass role upload of role and run SUPC after upload to generate the profiles to keep them in synch.
  As far as I know, SAP does not have the report you are looking for, of course you can always develop a custom report. Many of us do that all the time. We also rely on Excel & Access to supplement reports that SAP does not provide.
  With the PFCG features (transport, role download & upload), I never have to compare same role across systems, because I only maintain the role once even for a Dual Maintenance landscape (Two DEV systems – Production Support & future phase for the project). We just have the business process to download the role(s) from one system to another right after update.
  Hope you find your solution.
  Thanks,
  Lye

• How to Modify "Workflow Role LOV"

  Hi All,
  Can someone please help me, I need to Restrict the vacation rule LOV with the below functionality.
  If a user is trying to set a vacation rule, Currently  he/she Can Able to See all the Employees and Users, We Require View only Employee 'Payroll' or 'Operating Unit' level. not to Show All the Employees. Please help me.
  Thanks and Regards
  Rama

  Pl see if MOS Doc 965413.1 can help

• Role management in OIM 11g.

  Hi All,
  I am working on OIM 11g PS1.
  In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
  For this the simplest way is to add the user to role 'Role Administrators'.
  Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
  The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
  Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
  The error that comes on GUI:
  "ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
  Error in Weblogic logs:
  "<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
  ons in phase INVOKE_APPLICATION 5
  javax.el.ELException: java.lang.NullPointerException
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
  at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
  at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
  at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused By: java.lang.NullPointerException
  at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  Thanks,
  Sneha

  Hi,
  I found the resolution for this, so I thought I would share it here with everyone.
  I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
  To enable the view of role membership please follow the steps below:
  1. Login as XELSYSADM
  2. Goto Administration and search for the org which the users are assigned to
  3. Open the org details
  4. Click "Administrative Roles"
  5. Click "Assign"
  6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
  This will really solve the issue.
  Thanks,
  Sneha.