Multiple approvals in OIM

Similar Messages

• Not able to create request for multiple user in oim 11gr2

  Hi,
  I am trying to assign a resource to multiple user using oim identity console as System Administrator.
  But when i am assigning the resource to multiple user its taking the same value for both the users.
  Please let me know how to add the different value for different users.
  Thanks

  That's the rules of how it works.  A request has 1 request form per resource for all users on the request.  Those fields must all be marked as available in bulk as well to be viewed if you have more than 1 user on the request.  If you need to provide different values based on the user, your best option is pre-populate adapters on the process form and use logic to populate the fields.  You will not be able to manually provide different values during the request.
  -Kevin

• Multiple Approvals for an interactive activity

  I have an interactive activity in my workflow. To proceed from this activity i need multiple approvals from different users/participants. The number of users/participants providing approvals are collected dynamically.All the users/participants are in the same role (Approver).
  Also, the participant who approves the activity should not again see the pending item in his inbox but the other users should still be able to see it. For instance, if there are 3 approvals needed of user1,user2 and user3, and user1 approves then the item should now be visible as pending only for user2 and user3.
  Appreciate any help regarding this.

  Hi Dan,
  Thanks for your reply. I did try using the update() method but m still getting the same exception. Below please find the code snippet that i am using. Would be great if you help if me recognize the mistake:-
       private DirectorySession createFDISession() throws AuthenticationException, ProtocolNotSupportedException{
            DirectorySession directorysession = null;
            this.configuration = configure();
            String directoryId = "";
            String fdiPreset = "";
            directoryId = configuration.getProperty(ProcessService.DIRECTORY_ID);
            fdiPreset = configuration.getProperty("FUEGO_FDI_PRESET");
            DirectoryPassport directoryPassport = DirectoryPassport.createWithIDAndPreset(directoryId, fdiPreset);
            directoryPassport.fillPassport();
            directorysession = Directory.startSession(directoryPassport);
            return directorysession;
  public void addUserInFDI(UserVO userVO, List<String> roleMap) throws AuthenticationException, ProtocolNotSupportedException, DirectoryException
            DirectorySession directorysession = null;
            if (userVO != null && userVO.getUserId() != null && !userVO.getUserId().trim().equals(""))
  // create directory session
                 directorysession = this.createFDISession();
                 List<RoleAssignment> roleAssignmentList = new ArrayList<RoleAssignment>();
                 try {
                      for(String role:roleMap)
                      roleAssignmentList.add(getRoleFromString(directorysession, role, "", ""));
                      String organizationUnit = configuration.getProperty("ORGANIZATION_UNIT");
                      String newUserPwd = configuration.getProperty("FUEGO_FDI_NEW_USER_PASSWORD");
                      DirOrganizationalUnit orgUnit = DirOrganizationalUnit.fetch(directorysession,organizationUnit);
                      DirHumanParticipant user = DirHumanParticipant.create(directorysession, userVO.getUserId(), userVO.getFirstName(), userVO.getLastName(),
                                userVO.getFirstName(), userVO.getEmail(), userVO.getPhone(), "",
                                newUserPwd, orgUnit,(RoleAssignment[]) roleAssignmentList.toArray(new RoleAssignment[roleAssignmentList.size()]), true);
                      //calling the update function on the created user
  user.update();
                      System.out.println("permission : "+user.getPermissions());
                 finally
                      directorysession.disconnect();
            } else {
                 log.info( "Invalid user's information : " + userVO);
       private RoleAssignment getRoleFromString(DirectorySession directorysession, String roleParamStr, String roleStr, String parameterStr) throws DirectoryException
            RoleAssignment roleAssignment = null;
            roleStr = "";
            parameterStr = "";
            if(roleParamStr.indexOf("||") < 0)
                 roleStr = roleParamStr.trim();
            else
                 ArrayList<String> roleParamList = getArrayList(roleParamStr, "||");
                 if(roleParamList != null)
                      roleStr = roleParamList.size() > 0 ? roleParamList.get(0).trim() : "";
                      parameterStr = roleParamList.size() > 1 ? roleParamList.get(1).trim() : "";
            DirOrganizationalRole dirOrganizationalRole = DirOrganizationalRole.fetch(directorysession, roleStr);
            if (dirOrganizationalRole.isParametric())
                 if (parameterStr == null || parameterStr.equals(""))
                 roleAssignment = new RoleAssignment(dirOrganizationalRole.getId(), parameterStr, 127, 0);
                 roleStr = roleAssignment.role;
                 parameterStr = roleAssignment.parametricValue;
            else
                 roleAssignment = new RoleAssignment(dirOrganizationalRole.getId(), 95, 0);
                 roleStr = roleAssignment.role;
                 parameterStr = null;
            return roleAssignment;
       public ArrayList<String> getArrayList(String inputStr, String delim) {
            ArrayList<String> returnStr = new ArrayList<String>();
            if (inputStr!=null)
                 StringTokenizer strTokens = new StringTokenizer(inputStr, delim);
                 while (strTokens.hasMoreTokens()) {
                      returnStr.add(strTokens.nextToken().trim());
            return returnStr;
       }

• Email notifications for multi level approvals in OIM 11g

  Hi,
  I am using OIM 11g.
  And in my current environment, we have 4 levels of approvals and need to send a different type of email notification in every level to the corresponding approver.
  Can you please let me know how to implement this in SOA composite. first two approvals are sequential and the remaining two approvals are parellel.
  Thanks,
  Swathi

  You have to use combination of switch and if task. In if block you have provide the condition. This conditon will be predicted over some variable. This variable you will set in payload where approver will be decide.
  You can have multiple mail notification or you can set the body content dynamically(set the variable data in payload where the approver is being manipulated) use this variable in body content.
  Kuldeep

• How can HelpDesk manage users in multiple Organizations in OIM R2

  Hi All,
  I looking to satisfy a requirement for OIM 11g R2 where a helpdesk administrator can only manage users that belong to a particular institution. However, there are approximately 50% of users that belong to more than one institution, where helpdesk staff from each institution should be able to manage the user. Customer is currently
  doing this in Waveset by assigning users to orgs dynamically through rules which allows multiple virtual orgs. OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management very difficult.
  How can a administrators from different org manage same User. If that user belongs to different org?
  How to achieve this in OIM R2?
  Thanks
  Akshat

  Hi Adr,
  I know the OIM Authorization is around the Organization, and a user can present in only one org in OIM.
  I wanted to know, can we force the authorization based on Department/Institutions rather than Org. I am thinking in reagards of OES Authorization policies.
  OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management slightly difficult.
  I am looking to determine the best approach to accommodate this requirement. Due to the high number of users that reside within multiple institutions, leveraging organizations will not work. Asa far i know OES APM should be able to accommodate this, but could not find any solid guidance in the Oracle training or Oracle by Example documentation.
  Any thoughts?
  -Ak

• Need Help --- Pending Approvals in OIM 9X

  HI,
  I'm working with OIM api's where I need to find pending approvals for a user.I found two methods getPendingApprovalTasksAssignedToUser & getPendingApprovalTasksAssignedToUserPaged to fetch records. But the problem is the returned resultset rows are not equal missing one record where the request status is Application Access Objects Not Approved
  I have suppresed pagination in getPendingApprovalTasksAssignedToUserPaged by giving page index as total pending approvals for that user.Now able to fectch all records.
  Regards,
  877247

  Thanks

• ECR send for multiple approvals.

  Hi Gurus,
  I have an scenerio where I create an ECR with 1) BOM, 2) Material and 3) DIR(pdf) attached as an object. Now the objects 1 & 2 would be routed internally (within the plant)  for approvals, but 3) is a doc which has to be send to many different countries for approval. How can I configure the signature network so that for object 3 I can select the approvers from different regions?
  Can we link this process to the lotus notes where the user can select the individual email address?
  Thanks In Advance,
  Paddy

  Hi Paddy,
  Multiple approval for single status of ECR process very well possible using signature network, but if all the approvers should provided with SAP.
  I don't think it is possible to get the approval through mail.
  If required to configure the more than one SAP user to approve the ECR status, assign the all required 'single signatures' U have configured to 'Signature Strategy', and select the 'Release' tab and release the stratagy with the number of users got ticked with check box from the matrix of all possibilities given by SAP.
  The release matrix consists of all release possibilities like,  If ticked the check box under one single signature means only one of that user assigned to that single signature is sufficient to set the status to the ECR, if it ticked to two single signatures means, both the user assigned to the single signatures are required to  set the status to the ECR.
  U can very well define predecessor signature, if the more users required to set the status to ECR.
  If any more clarification required on signature network post to me.....
  Rgds,
  Sukan

• How to create a PDF form with multiple approvals?

  Hello ,
  I am trying to add approvals to a pdf I created . I am trying to add approvals such that
  once the form is filled up by the user and emailed to the concerned person (admin) , they approve the form , this action inturn sends the pdf to the next person who has to approve it and so such that the pdf file is "approved" when all approvers has put their approvals on it nd then the form gets sent back to the admin.
  Ive been trying various ways to get this done,
  any help wil be much appreciated , maybe its a simple fix and im missing something , but im very new to live cycle and have only designed basic forms so far.
  Thanks and Regards,
  Akshay

  Hello ,
  I am trying to add approvals to a pdf I created . I am trying to add approvals such that
  once the form is filled up by the user and emailed to the concerned person (admin) , they approve the form , this action inturn sends the pdf to the next person who has to approve it and so such that the pdf file is "approved" when all approvers has put their approvals on it nd then the form gets sent back to the admin.
  Ive been trying various ways to get this done,
  any help wil be much appreciated , maybe its a simple fix and im missing something , but im very new to live cycle and have only designed basic forms so far.
  Thanks and Regards,
  Akshay

• Multiple Approvals for a process

  Hi Experts,
  I have a scenario where I need to get approvals from 3 differnet users. Also the users are not same all the time. I have to choose them dynamically.If all the three approves my request then I have to continue with further processing other wise I have to go to step 1.
  Is this achievable in Guided Procedures? If yes please brief me how can I do that.
  Please suggest.
  Thank You,
  Suresh

  Hi Suresh
  /people/dipankar.saha3/blog/2007/05/31/how-to-create-dynamic-approval-process-using-conditional-loop-block-in-guided-procedure
  Check this blog.
  Regards
  Navneet

• Multiple Instances of OIM on same Oracle Application Server

  I want to install two instance of OIM on the same machine.
  I want to create two oc4j instances on Oracle Application Server 10g Release 3 (Patch 4) and install two separate instances of OIM 9.1 on top of it. Database is on a different machine.
  Has somebody done that before?? Is it possible??
  Thanks
  MS

  If you use two different XELLERATE_HOME , and two different ORACLE_HOME for oas it is possible, always you must use different rmi, http, https port for both oas installations.

• WS12300111: Leave Request Approval - Multiple Approvals

  Hello.
  I am part of a project, trying to implement ESS/MSS at a large international NPO Customer, and have encountered a problem.
  I plan to use the WS12300111 Workflow for the approval process of Leave Requests, but since the customer in some situations require more than one approval, I have to enhance the workflow. At first glance it seems simple just to repeat the approval process, but since the request will be marked as approved at the first approval step, that will not work.
  We are required to keep the implementation as close to SAP Standard as possible, so the portal guys tell me, that it is not really an option to make changes to the approval functions.
  I have considered making the first approval a simple workflow task, that doesn't update the request itself, but since a rejection should update the request and trigger the Process Leave Request by Employee task, I really don't see that working either.
  Any thoughts on the subject, or maybe even a solution, will be greatly appreciated.
  Best regards
  Poul Steen Hansen
  Denmark

  Hi dude,
  Well, I might not be able to give you the coding, but I can explain it how to do this. Check the procedure.
  Create a new BOR and create a new method - CHANGESTATUS.
  Add one and only IMPORT parameter REQUEST of type PTREQ_HEADER-REQUEST_ID.
  In the coding part, firstly lock your request using the FM - ENQUEUE_EPTREQ.
  Then create an instance using the static method ca_pt_req_header=>agent->get_request which takes the REQUEST number as input and gives us the instance as OUTPUT.
  Having the instance in hand, we can use the method initiate_state_transition to change the status of this method. Pass the SEND status as INPUT and get the new updated status as OUTPUT.
  Unlock the leave request using the FM - DEQUEUE_EPTREQ.
  Implement and release this method in your BOR.
  And please make sure that your method is INSTANCE INDEPENDENT METHOD.
  In your template create a Standard background task after your first approval step which calls this method.
  Regards
  <i><b>Raja Sekhar</b></i>

• Running multiple instances of OIM on same machine

  I have two instances running on same machine. I made the following changes in JBoss to achieve it:
  * deploy/jboss-web.deployer/server.xml
  o change 8080 to 18080
  o change 8443 to 18443
  o change 8009 to 18009
  * deploy/http-invoker.sar/META-INF/jboss-service.xml
  o change 8080 to 18080
  * deploy/jbossws.sar/jbossws.beans/META-INF/jboss-beans.xml
  o change 8080 to 18080
  o change 8443 to 18443
  * deploy/ejb3.deployer/META-INF/jboss-service.xml
  o change 3873 to 13873
  * deploy/jms/uil2-service.xml
  o change 8093 to 18093
  * conf/jboss-service.xml
  o change 8083 to 18083
  * conf/jboss-minimal.xml
  o change 1099 to 11099
  o change 1098 to 11098
  * conf/jboss-service.xml
  o change 1099 to 11099
  o change 1098 to 11098
  o change 4444 to 14444
  o change 4445 to 14445
  o change 4446 to 14446
  Both servers startup properly but after startup I get following exception:
  Server 1
  22:45:01,120 ERROR [ACCOUNTMANAGEMENT] Class/Method: tcDefaultSignatureImpl/verifySignature encounter some problems: CN=Custome
  OU=Customer, O=Customer, L=City, ST=NY, C=US
  22:45:01,121 ERROR [ACCOUNTMANAGEMENT] Class/Method: Authenticate/connectSignature encounter some problems: CN=Customer, OU=Cus
  er, O=Customer, L=City, ST=NY, C=US
  22:45:01,122 ERROR [ACCOUNTMANAGEMENT] Class/Method: Authenticate/connect encounter some problems:
  com.thortech.xl.security.tcLoginException:
  at com.thortech.xl.security.tcLoginExceptionUtil.createException(Unknown Source)
  at com.thortech.xl.security.tcLoginExceptionUtil.createException(Unknown Source)
  at com.thortech.xl.security.Authenticate.connectSignature(Unknown Source)
  at com.thortech.xl.security.Authenticate.connect(Unknown Source)
  at com.thortech.xl.security.Authenticate.connect(Unknown Source)
  at com.thortech.xl.security.jboss.UsernamePasswordLoginModule.login(Unknown Source)
  Server 2
  22:45:01,214 ERROR [DATABASE] Class/Method: tcDataBaseClient/bindToInstance encounter some problems: SecurityException; nested exc
  eption is:
  com.thortech.xl.security.tcLoginException:
  java.rmi.AccessException: SecurityException; nested exception is:
  com.thortech.xl.security.tcLoginException:
  at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:388)
  at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:136)
  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
  at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:637)
  at org.jboss.ejb.Container.invoke(Container.java:981)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  Can any one help me to resolve this?

  I also change the ports in internal-settings.xml for IIOP, rarely used but sometimes necessary.
  --olaf                                                                                                                                                                                                                               

• Multiple approvals for approval workflow in MOSS

  Hi All,
  I have to develop a workflow in MOSS.
  My requirement is as follows:-
  Site Owner uploads a word document in document library and triggers the approval workflow.
  It will send an email to say about 10 people asking them to edit and approve the document.
  Current status of document is "In Progress".
  Even if out of 10, 8 people edit and approve the document, status of document should be in "In Progress".
  Only after all 10 people edit and approve the document status of document should be "Complete" and send an email to site owner that the document is approved by all the people.
  Please let me know how to accomplish this task.
  Your help is highly appreciated.
  Thanks & regards,
  Manish

  Hi.
  You can create a WF like this:
  Regards,
  Bubu
  http://zsvipullo.blogspot.it
  Please mark my answer if it helped you, I would greatly appreciate it.

• OIM 11g - email notification

  Dear All,
  I need to create quick POC that will involve provisioning to multiple resources during OIM profile creation. One consolidated e-mail notification should be sent as a result.
  1. I never used simulated/fake/manual resource. If you used it in the past maybe you can guide me through as for how to create it?
  2. How to make sure that centralized e-mail is sent at the end (all resources are provisioned)?
  I was planning to create default role or use ALL USERS role that will be attached to access policies for different resources. When HR record comes, OIM user profile is created and default role (ALL USERS, for example) is assigned.
  This role will trigger execution of access policies that will create accounts on the target platforms.
  My challenges are:
  1) ONE consolidated email notification upon SUCCESSFUL completion (default event that somehow should be triggered maybe by job?, custom task that sets the flag in custom table upon successful completion? or maybe I overengineering .....)
  2) send user to manual queue if creation of the user account on any of the target resources fail.
  If you can provide any guidance as for how this could be done I would appreciate it very much
  Thank you for your time

  1. The process is outlined here: http://iamreflections.blogspot.com/2010/08/oim-howto-leverage-standard-connector.html
  2. There are two parts to this question.
  The first part is to figure out the triggering event. If you know what resource will be last provisioned you can simply put a task that is fired on completion of the final provisioning task that then checks the result of all other resources using the APIs. If you don't know which resource will be last you could let the final provisioning task in each resource have a follow up task that sets a variable on the user form, then have another folllow up task that checks if all values are set and if so do the appropriate thing (if not just exit)
  Traditionally you would assign a task to the sysadmin using the API if you wanted a manual intervention (http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcProvisioningOperationsIntf.html#reassignTasksToUser(long[], long)) but there is the new concept of queues that I actually haven't worked with (http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcQueueOperationsIntf.html) that may be what you are looking for.
  Email sending tends to be easier using Javamail than trying to leverage the email framework once you want something that isn't very basic.
  Hope this helps
  /Martin

• Request Approval Process exception in OIM 11g

  Hi,
  We have upgraded oim 9.1 to oim 11.1.1.5 and we did not have any request approvals in oim 9.1.
  Now we are using oim 11g to develop request approval process. We have tried to raise a request for "Provisioning Resource" - Application Access and "Assign Role" - Business Role Request in OIM 11g environment. Both the Requests are failing with the same exception as below,
  Error:
  IAM-2050014:An error occurred while initiating approvals for request oracle.iam.platform.workflowservice.exception.IAMWorkflowException: Tasklist mapping failed for workflowdefinition: default/DefaultRequestApproval!1.0 due to javax.naming.NamingException: String index out of range: -1. The corresponding error message is {1}.
  Any idea on the above error?
  Thanks!!

  you can follow these videos to see if you can get a basic manager approval working for a self request resource.
  http://www.youtube.com/watch?v=KCA_cxKsi_o&feature=channel_video_title