OIA webservice for removing user role

Hi,
I need information regarding web services exposed in OIA for removing roles etc. We need it in our environment wherein we may not be having priviledge to make database query directly for removing user roles.
(the use case is as follows:
when user id disabled in OIM, assosciated database resource (DBAT, OIA database is used;rbx_users) is disabled ,and user's role is to be removed)
how this can be achieved via web-service call.
any pointers will be helpful
regards,
chhavi

Hi Pallavi,
i have the same problem, can you provide me more specific details?
-exactly oimjdbc.properties location please?
-which is what I have to modify?
Thanks in advance!

Similar Messages

Support parameters for downloadable user-role in the Aruba controller

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

Weblogic API for modifying users/roles

I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

I searched the newsgroup and found that somebody addressed this issue.
"Andrey" <[email protected]> wrote in message
news:[email protected]...
>
WebLogic 7.0
I have read a number of questions on how to do these but not many answers,so
after figuring it all out, I thought I would post a message describing allthese
tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
for WebLogic)
-1. Imports required :
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
importweblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.GroupEditorMBean;
import weblogic.management.security.authentication.UserEditorMBean;
importweblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.providers.authentication.*;
0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
server - I have it inside EJB):
DefaultAuthenticatorMBean authBean;
Context ctx = new InitialContext();
MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
>
//Find UserEditorMBean
DomainMBean dmb = mbeanHome.getActiveDomain();
SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
RealmMBean rmb = scmb.findDefaultRealm();
AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
>
for (int i = 0; i < providers.length; i++) {
if (providers[i] instanceof DefaultAuthenticatorMBean) {
authBean = (DefaultAuthenticatorMBean) providers;
break;
1. Create/Drop/Update users
to perform these tasks, the user must be logged in into weblogic and be in
Administrators
group. Then, the code is as follows:
create user: authBean.createUser(username, password, description);
remove user: authBean.removeUser(username);
change user's description: authBean.setUserDescription(username,newDescription);
>
remove user from group: authBean.removeMemberFromGroup(groupname,username);
>
add user to group: authBean.addMemberToGroup(groupname,username);
>
2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
a member of Administrators group)
authBean.resetUserPassword(username, newPassword);
3. Change your own password:
this is a bit trickier, because if you are not an admin, you can't changeyour
own password!!!! This is a part that I personally don't understand - seemslike
a screw up on BEA's part. So, to allow users to change their ownpasswords, you
must change security context in the middle of processing to that of Adminuser
and run this function as Admin user. Although a bit ackward, it's veryeasy to
do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
for the user and always runs in logged in user's security context. Now,suppose
you want to add a method to EJB A to change current password. The methodmay
look like:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
Now, there is no way to do it in EJB A, because for most users, it willrun in
a 'non-admin' security context. So, to get around it, you create another
EJB - EJB B. This EJB has one method:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
and one major difference - this EJB always runs in a secrity context ofadmin
user. To get an EJB B running 'as admin user', all you have to do in EJBA is
the following
EJB A:
public void changePassword(String logon, String oldpwd, String newpwd)
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
props.put(Context.SECURITY_CREDENTIALS, "password");
// get context that with different credentials
Context ctx = new InitialContext(props);
EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
EJBBLocal adminEJB = home.create();
adminEJB.changePassword(logon, oldpwd, newpwd);
adminEJB.remove();
of course, this poses a problem of hardcoding user id and password foradmin user
in your application - you can come up with your own ways to secure that.
THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
to do pretty much everything, however for the sake of security, I woulddefinetly
vote against it and use part 3 to ONLY allow users change their ownpasswords
>
Enjoy
Andrey
"Yonatan Taub" <[email protected]> wrote in message
news:[email protected]...
I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

Request Offerings not showing up for custom User role in SMPortal

Hello All,
I've created a custom End User role and scoped it to the domain users group.
To this role I want to show a specific set of Request Offerings on the portal
For that Purpose I created a new Service Offering and added these Request Offerings to it.
I then went on to create a Catalog Group and added the Service Offering to it.
I then created the custom user role based on the EndUser role and allowed them to see all Forms, all Queues, All CI's and on the Catalog group I select that they could only see the Catalog Group which I just created.
I then logged in into the SMPortal and was expecting that my Service Offering would be shown to them.
However, they don't see the service offering.
What could cause this?
Is there something I'm missing?
Thanks in advance!
Filip

You have to add the Service Offerings and the Request Offerings in the Catalog Group. Nesting doesn't work because Service Offerings and Request Offerings are different types of objects.
This offers the option the manage the access to Service Offerings and Request Offerings very granular if needed. For instance you can control access to a Service Offering in one Catalog Group related to one user role (A) and use two additional Catalog Groups
with different Request Offerings related to other user roles (B) and (C). Result will lead to:
User in Role A and B -> Can see Service Offerings A containing Request Offerings B
User in Role A and C -> Can see Service Offerings A containing Request Offerings C
User in Role A, B and C -> Can see Service Offerings A containing Request Offerings B and C
User in Role A only -> Don's see anything because of the missing permission on any Request Offering. So the "empty" Service Request won't show up in the portal.
Hope his helps.
Andreas Baumgarten | H&D International Group

Obtaining url patterns for a user Role/Group

I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.

I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.

Need a Script for Removing User Profiles in Windows 7

I am in need of a script that will allow me to remotely delete user profiles from multiple computers. I am an IT Admin over around 15-20 computers that are publicly used by many different people each day, and at least once a month we have to go into each
computer individually..my computer, properties, profiles and delete them one by one. This is growing very tedious due to manpower and the number of computers we have to do this on.
I have absolutely zero knowledge in the scripting department so could somebody point me in the right direction on this? I would like to have a script that i can just run once a month or so and say "delete all profiles from computers x y and z that are
over a few months old." Is this possible? Thanks in advance!

Try this link - http://superuser.com/questions/643417/delete-user-profile-from-command-line-windows-7
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/7663ea51-9f4e-4fd7-9946-e16e65c3ed9d/remove-windows-7-user-profiles-via-powershell-script-initiated-on-logoff?forum=ITCG
Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

How to create Users/Roles for ldap in weblogic without using admin console

Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AM

Hi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark.

Which user role I need to use for import WSM policies?

Hi.
I'm looking for a user role that has the grant for to import new policies in wsm via EM (soaadmin em).
There is a preconfigured user that can do that?
If no, how can I create one new give him the right permission?
Is it possible?
Obviously using the admin one I can made this operation but ADMIN has too many privileges.
Thank you
diego

Hi Colins,
Thanks for your suggestion to create a sample on the APEX. I will do that and will post the problem in the FORUM.
Normally I add my name at the end of each conversation in the forum. I forgot to add one in this thread.
Cheers,
Krishna.

Restrict GL / Cost Centre combinations for users/roles?

Hi,
Please could someone advise if it is possible to restrict Cost Centre and GL Account combinations during PO creation for specific users/roles?
For example:
Valid Combinations:
CC A1 GL 99
CC B2 GL 88
Scenarios:
Create PO with A1, 99 -> Allowed
Create PO with B2, 77 -> Not Allowed
I've found a related post, but not exactly my requirement - any other thoughts? Or has anyone done this themselves?
Authorisations - User Profile for purchasing - restrict by cost centre

Use the user exit MM06E005 to control the CC and G/L for user dependent.
to do that - ask ABAPer to create the custom table for user, CC and GL combination and let teh user exit read the combination from the table and give a error or warning based on your requirements.

Some asset classes do not show up for a user in S_ALR_87011990

Hi
When the asset history sheet is run in S_ALR_87011990, a user is unable to display some asset classes in the report. This was referred to security team. They say that everything looks fine and nothing appears wrong for that user--roles and profiles ok etc.,. No worklists are being used and no variants are being used. No dynamic selections either.
Can someone let me know why the user is unable to display some asset classes. Asset classes that the user is unable to display were created last year. Most users are able to display these asset classes in the report except this user.
Please help and provide some exact solution.
Best wishes
Rajmohan..

Hi Rajmohan,
most probably it is a authorization problem.
Please compare the assets which are not shown with this user. It could be a cost center.
regards Bernhard

How to hide custom fields in Shopping cart depening on user role

Hi,
We have some custom fields in shopping cart for basic view. Every thing works fine. Now client is asking to hide all the custom fields based on user role.
I found some function module to fund roles. now my main problem is unable to find the cusotm filed screen field name.
When I tryed to find the screen field name using BBPSC02/03, its giving 'GT_DISPLAY_100-FIELD'. If I try to use this field, its not working.
Could you pls tell me how to find custom screen filed name to hide in shopping cart.
Thanks,
Ram

Hi Ram,
As Laurent suggested,to hide the custom fields based on the user role,you need to implement the logic in BADi "BBP_CUF_BADI_2".
You have the importing parameter IV_USER in this BADI.
Pass this parameter to tables AGR_USERS and AGR_USERT to get the user role
OR
Use FM: BAPI_USER_GET_DETAIL
with USERNAME= user id and can retrieve Table: ACTIVITYGROUPS Field:AGR_NAME
if you want the otherway around
you can also use FM: RSRA_USERS_OF_AGR_GET
with I_AGR_NAME= role and you can retieve Table: ACTIVITY_GROUPS_USERS Field: UNAME(usr Id)
Then check the value for the User role as obtained using the above steps and accordingly set the property for the custom fields to hide them.
BR,
Deepti.

Fetching accessible record type list for any user

How to get list of standard record types being accessible for any user role?
One solution - We know the entire list of standard record types, so we can keep trying to access each record type and if we get access violation exception, then skip that record type. This solution is NOT a good idea as it will be poor in performance and may become insufficient in future version of OCOD (which may have more standard record type than the count present today).
Is there any direct API available? or any generic solution?

Hello,
this is the forum for the tool {forum:id=260}. Please mark this question as answered, so others know that they can ignore it.
Then post again in {forum:id=75}
Regards
Marcus

Can we define different session time-outs for different user types in the DD?

Hello,
Do you know a way to specify different session time-outs in deployment
descriptor for different users/roles?
For example:
Role-A should be invalidated after 10 minutes
Role-B should be invalidated after 100 minutes
Shortly, I would be grateful if you can help,
Fehmi.

"Fehmi" <[email protected]> wrote in message
news:3f50fb75$[email protected]..
>
Hello,
Do you know a way to specify different session time-outs in deployment
descriptor for different users/roles?
For example:
Role-A should be invalidated after 10 minutes
Role-B should be invalidated after 100 minutes
I don't believe you can timeout a session based on a user or a role. I think
you can just specify when
all sessions timeout (via the session descriptor). But, you may want to ask
in the weblogic.developer.interest.servlet newsgroup.

Using named Search has constrainst on user roles

Is there a standard way to use named search as a constraint for a user role. There are constraints related to flat files and masks but I can't find any on Named search file. Anyone have an ide how to solve this?
Regards
John-Kjell

Hey John,
Why dont u save a named search in Data Manager with whatever field ie. on prices field.
And then u configure the User having that role in the Config UI ie. make all the configurations for that user like whichever fields u want to show to that user and than while passing the url for search ui in that u specify the user and the named search in the url itself.
For eg:
http://localhost:50100/SRM-MDM/SRM_MDM?sap-locale=EN&HOOK_URL=&mask=&namedSearch=&username=Admin&password=admin&catalog=SRM_MDM_Catalog_2.0&server=localhost&datalanguage=EN
In &namedsearch=<Specify the Named Search u saved>
and in &username=<Specify the user for which it is configured>
Try dis out
Regards Tejas................

MM End user roles Segregating - Suggestions

Dear SAP Experts,
In our company, Purchase Dept 10 persons are using SAP MM Screen. We would like to minimize the work as well as for logging in SAP Screen usage.
Kindly tell your all suggest that, Work profile allocating on daily basis, so that we can control manpower, work allocating and SAP Screen logging.
Kindly send your all suggestion for end user roles - How to do and Who should do and When can do.
Awaiting your valuable suggestions.
Thanks & regards,
Ramana

Vendor Master - Display
Material Master - Display
Condition Master - Display
Inforecord - Display
Maintain Source List
Display Source List
Purchase Req - Create
Purchase Req - Change
Purchase Req - Display
Purchase Req - Release
Purchase Order - Create
Purchase Order - Change
Purchase Order - Display
Purchase Order - Release
Stores Dept Transactions
Goods Receipt for PO/Return Delivery to Vendor
Transfer Posting
Goods Issue
Inventory Stock Reports
Display material document
Capture of Excise Invoice
Create/Change/Display Depot Excise Invoice
Create Sub-contracting challan
Change Sub-contracting challan
Display Sub-contracting challan
Reconcile Sub-Conrating challan
Complete/Reversals/Recredit of S/C Challan
Depot Stock With Balances
Annexure IV Report
Excise Dept Transactions
Excise Master Maintainance
Update RG1 Register
Extract & Print Excise Registers
Create Tax Code
Sales Tax register
Reversal of Excise duty for rejected items
Change/Posting of Excise Invoice
Monthly Utilization
Excise JV'S
List of Excise Invoices
Invoice Verificaiton
Enter Invoice
Park Invoice
Invoice Verification in Back Ground
Display invoice Document
Cancel Invoice Document
Release Block invoices
Display list of invoices
Invoice Overview
Output Messages
Evaluated Receipt Settlement
Automatic Delivery cost settlement
Invoicing plan Settlement
GR/IR account Maintaince
Display/Cancel Account Maintaince Transaction
Change Material document
Enter Goods Issue
Enter Transfer posting
Enter other goods receipt
Create Reservation
Change Reservation
Display Reservation
List Display Reservations
Reservation list inventory management
Goods receipt for order
Plant Stock Availability
Stock on posting date
Shelf life list
Output from goods movement
Stocks at sub contractor
Enter return delivery
Cancel material document
Material analysis-stock selection
Material analysis-receipts/issues-selection
key figure:Slow moving terms
Key figure:stock value
Key figure-Dead stock
Stock requirements list
Changes to source list
Reorganize source list
Source list for material
Changes to purchasing info record
Quotation price history
Info records per vendor
Info records per material
Purchase order price history
Release(Approve) purchasing documents
Purchasing documents for material group
Purchasing documents per project
Purchasing documents per account assignment
Purchasing documents per vendor
Purchasing documents for material
Purchasing documents per document no.
SC stock monitoring for vendor
Purchasing documents per supplying plant
Create Contract
Change Contract
Display Contract
Purchasing documents for material group
Purchasing documents per vendor
Purchasing documents for material
Create RFQ
Change RFQ
Display RFQ
Maintain Quotation
Display Quotation
Price comparison list
Purchasing documents per requirement tracking no.
Purchasing documents for material group
Purchasing documents per vendor
Purchasing documents for material
Purchasing documents per document no.
RFQs per collective no.
Release:Purchase requisition
Collective release of purchase requisitions
Assign source of supply to requisitions
Assign and process purchase requisitions
Ordering:Assigned purchase requisitions
Automatic creation of purchase orders from requisitions
List display of purchase requisitions
List display of purchase requisitions
Maintain vendor evaluation
Calculate scores for semi automatic & automatic sub criteria
Evaluation Comparison
Ranking list of vendors
General evaluations
Analysis of purchase order values
Message output
Message output
Create physical inventory document
Change physical inventory document
Display physical inventory document
Enter inventory count
Change inventory count
Display inventory count
Post inventory difference
Post count and difference
Enter recount
List of inventory differences
Print physical inventory document
Physical inventory list
Selected data for physical inventory documents w/o special stock
Display vendor
Service entry sheet
Display changes
Extend material view(s)
Materials list
Close period for material master records
Price change
Debit/credit material
Revaluation with logistics invoice verification
Display inspection lot
Display usage decision
Inspection lot selection
Create quality cert receipt
Change quality certificate
Display quality certificate
Record results
Change results
Display results
Result printout
Display QM Info Record
QM Info Record Collective Processing
Create notification
Change notification
Display notification
Display inspection plan
Task list changes
Display master inspection characteristic version
Display material specification
Maintain Service Master
Display Line Items (Vendor)
Display Balances (Vendor)
Due Date Analysis for Open Items
List of Vendor Line Items
Print Subcontracting Challan
Country India Localization Menu
Down Payment Request - Header Data.
List of Vendors Purchasing.
Information System
Create Vendor (Centrally)
Change Vendor (Centrally).
Display Vendor (Centrally)
Vendor Account Changes.
Block / Unblock Vendor.
Flag for Deletion Vendor.
Change Account Group.
Create Vendor.
Change Vendor
Vendor Account Changes.
Block / Unblock Vendor.
Flag for Deletion Vendor.
Planned Vendor.
Planned Vendor A/C. Changes.
Display in future Vendor.
Create Info Record
Change Info Record.
Changes to Purchasing Info Record.
Flag Info Record for Deletion.
Change Document.
Invco. Stck/reqt. Analysis - Selection.
Purchase Register.
Converting SAP Script (OTF) or ABAP List Spool job to PDF.
Display Document.
Pick list
Message Output.
Release Purchase Requisition
Stck/Reqt Analysis Selection
Release Purchase Order
Release purchase order

OIA webservice for removing user role

Similar Messages

Maybe you are looking for