OIM 11g - Best Practices

Hello,
a customer of us, want to use one OIM as production and quality environment. From my point of view a big mistake. I recommened to build a separate environment.
Are there any best practices documentation from oracle, where is described to seperate the environments (development, test, quality, production,...)?
Thanks

An enterprise deployment guide discusses Oracle best practices blueprint based on proven Oracle high-availability technologies and recommendations for Oracle Fusion Middleware.
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2.1) - …

Similar Messages

  • RBAC with OIM/OIA - Best practice

    Just wondering what should be the RBAC architecture with OIM and OIA as per best practices when the number of applications is huge e.g. >1000.
    Normally, we create one or more OIM Access policies and corresponding user groups for automated provisioning of the user to target applications. And further integrate OIM with OIA to govern user access by aligning the OIA policies with the OIM Access policies.
    This is fine when the number of applications is manageable. But what if the number of applications rises to more that 1000 or 5000. What would be our approach to handle this.

    A fine topic that has been discussed many times over the years in this forum.
    It is also something I have spent far more time than what is actually healthy working on so there are a couple of articles on my blog about the subject:
    http://iamreflections.blogspot.com/2010/10/oim-vs-tim-basic-rbac.html
    http://iamreflections.blogspot.com/2010/09/rbac-vs-abac.html
    http://iamreflections.blogspot.com/2010/08/role-based-group-memberships-in-oim.html
    http://iamreflections.blogspot.com/2010/08/primary-limitation-of-oim-access.html
    The basic answer is that you have to build your own RBAC framework once things leave the very basic state.
    Hope this helps
    /Martin

  • Soa 11g best practices

    Is there some Oracle doc describing best practices for SOA Suite 11g
    Thanks - casey

    THANKS - looks like a great series of articles.
    Am also looking for a document that specifically address Best Practices for 11g SOA in the same vein as for 10g.
    Thanks - Casey

  • Obiee 11g : Best practice for filtering data allowed to user

    Hi gurus,
    I have a table of the allowed areas for each user.
    I want to show only the data facts associated with these allowed areas.
    For instance my user scott can see France and Italy data.
    I made a variable session. I put this session variable in a filter.
    It works ok but only one value (the first one i think) is taken in account (for instance, with my solution scott will see only france data).
    I need all the possible values.
    I tried with the row wise parameter of the variable session. But it doesn't work (error obiee).
    I've read things on internet about using stragg or valuelistof but neither worked.
    What would be the best practice to achieve this goal of filtering data with conditions by user stored in database ?
    Thanks in advance, Emmanuel

    Check this link
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/

  • JDev 11g: Best Practice Multi Field Validation / Reset in a Dialog Control

    I'm using JDev 11g and want to do the following (excuse my newbie learning curve):
    1. Ability for the user to have a "dialog" form that they can edit their user information such as name, password, email, etc.
    2. When user clicks OK want the system to validate that password fields are the same (there are two of them).
    3. When user clicks Cancel I want the form to reset and the dialog to close.
    Sounds easy right? However, I've seen several ways to implement and none of them seem straight forward and don't appear to work like I would want so instead spending the next day coding want to know if there's an easy solution.
    For # 2:
    The examples on the web use a phase listener for multi-form validation which when using a small dialog in a larger arena seems like overkill since the entire view will get my event right? Is there a similar thing for subform or subview?
    Another example uses a listener for value change, however that doesn't work to well when trying to validate two fields match.
    For # 3:
    A standard OK Cancel dialog does not auto reset a form within it (it leaves the text - even invalid text in the field). Adding my own button for reset doesn't close the form and adding a reset listener doesn't close the form either. Is there a simple way and I'm just overlooking it? Should I use the standard buttons and somehow assign the cancel to reset the form or define my own and somehow close the popup? There's not too much documentation I can find about using Javascript to modify objects such as closing a dialog.
    Anyone have the best approach that should be followed with less headache downstream and better portability to other forms with more complex validation? Any examples I missed that shows this working in a dialog?
    Thank you,
    Kris

    Hi,
    I don't understand #2, so ignoring it
    #1 You can set the immediate property on the two password fields. In a value change listener you compare the two provided values and if they match, you continue processing. Otherwise you set an error message and call response complete. Note that as much as we like to provide everything declarative, coding is something that we cannot neglect completely in a programming environment.
    #3 You can intercept the dialog close event and in this event determine which button was pressed. If it was the cancel button, get the current row from the underlying iterator and call refresh() passing one of the arguments you find when typing "Row." e.g DB refreshWithDBForget.
    Frank

  • OBIEE 11g best practice - when to use the new "presentation hierarchies"

    Hi, maybe a dumb question, but what are the rules of thumb for when to expose a presentation hierarchy to end users. Obviously this must be done when using a parent / child hierarchy, as there is no level info that would allow drilling the "10g" way. However, I'm not so sure what the bonuses / drawbacks are when using level based hierarchies.
    I have noticed that the SQL seems more complex and less performant when using the hierarchy. As an example, I have a simple dimension (business unit) that has a hierarchy with a total level, and 3 members in the detail level.
    If I create this as a 10g style report, I add business unit column, dollar amounts, and a table total (so I can see grand total amounts), the SQL launched looks like this:
    WITH
    SAWITH0 AS (select sum(1) as c1,
    sum(T45393.SPEND_AMOUNT) as c2,
    T45273.BUSINESS_UNIT_CODE as c3
    from
    DIM_BUSINESS_UNIT T45273,
    FACT_SPEND_ANALYTICS T45393
    where ( T45273.BUSINESS_UNIT_KEY = T45393.BUSINESS_UNIT_KEY )
    group by T45273.BUSINESS_UNIT_CODE)
    select distinct 0 as c1,
    D1.c3 as c2,
    D1.c2 as c3,
    D1.c1 as c4,
    0 as c5,
    0 as c6
    from
    SAWITH0 D1
    This is simple and efficient, and OBIEE "knows" the grand total can be calculated by simply summing the business unit totals together.
    But if I create this as an 11g style report using the presentation hierarchy, with all members selected (so I can get the detailed business units plus the grand total), the SQL is much less efficient, it actually fires two queries - one for the detail level, another for the total level:
    WITH
    SAWITH0 AS (select distinct sum(1) as c1,
    sum(T45393.SPEND_AMOUNT) as c2
    from
    FACT_SPEND_ANALYTICS T45393)
    select distinct 0 as c1,
    NULL as c2,
    'All Business Units' as c3,
    1 as c4,
    NULL as c5,
    D1.c2 as c6,
    D1.c1 as c7
    from
    SAWITH0 D1
    AND
    WITH
    SAWITH0 AS (select sum(1) as c1,
    sum(T45393.SPEND_AMOUNT) as c2,
    T45273.BUSINESS_UNIT_CODE as c3
    from
    DIM_BUSINESS_UNIT T45273,
    FACT_SPEND_ANALYTICS T45393
    where ( T45273.BUSINESS_UNIT_KEY = T45393.BUSINESS_UNIT_KEY )
    group by T45273.BUSINESS_UNIT_CODE)
    select distinct 1 as c1,
    D1.c3 as c2,
    'All Business Units' as c3,
    1 as c4,
    D1.c3 as c5,
    D1.c2 as c6,
    D1.c1 as c7
    from
    SAWITH0 D1
    Not only does this fire off two queries - but it doesn't use the existing cache for the "detail" level generated by the "non-hierarchy" query.
    So I'm trying to figure out pros and cons of exposing hierarchies for end users. I've come up with the following:
    Pros:
    - Users can click on the + and - signs to drill / collapse individual members while still keeping all other members on the report
    Cons:
    - Queries fired at all levels, doesn't seem like it's smart enough to figure out it doesn't need to send a level query to database if all children were already queried
    - In 10g if I want to expand all children (i.e. drill down all quarters to the month level) I could just click on the column header. Doesn't appear to be any way to do that using the hierarchical drills, I have to click each and every one to see all the months.
    Any insights would be appreciated!
    Thanks,
    Scott

    Hi, no, I haven't tried setting options such as "report based totals" - simply because I wouldn't want an option that requires users to tweak settings on each and every report they create to get stuff working efficiently.
    Thanks,
    Scott

  • OIM 10g: Best practice for updating OIM user status from target recon?

    We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
    I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

    Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

  • Problem in deploy BPM 11g best practices to weblogic

    Hi everybody,
    I do step by step BPM11g BestPractices instruction. when I want to deploy SalesProcesses to application server in select SOA severs step in deploy wizard there isn't any server that I select. I login to admin server console of weblogic and see that soa_server1 and bam_server1 state is SHUTDOWN I find two ways for start them
    1. from console that first must start node manager and then start them
    2. from command line --> startManagedWebLogic.cmd soa_server1
    I try two ways but both of them have problems. when I see log files I see below exception finally :
    *<Jul 10, 2011 10:15:20 AM GMT+03:30> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:*
    There are 1 nested errors:
    weblogic.management.ManagementException: Booting as admin server, but servername, soa_server1, does not match the admin server name, AdminServer
         at weblogic.management.provider.internal.RuntimeAccessService.start(RuntimeAccessService.java:67)
         at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
         at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
         at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:802)
         at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:489)
         at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
         at weblogic.Server.main(Server.java:67)
    *<Jul 10, 2011 10:15:20 AM GMT+03:30> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>*
    *<Jul 10, 2011 10:15:20 AM GMT+03:30> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>*
    *<Jul 10, 2011 10:15:20 AM GMT+03:30> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>*
    what should I do ?? please help me :-(
    Regards.

    try starting as : startManagedWebLogic.cmd <man server name> <Admin Server URL>
    e.g. startManagedWebLogic.cmd soa_server1 t3://localhost:7001

  • Best practices on enterprise and application roles in OIM and OAM 11g?

    Hi, all,
    I wonder if any of you can give me some advice on role design for OIM and OAM 11g. I'd like to have both enterprise roles, such as Accountant II, and application roles, such as App1_User, App1_Admin, etc. Ideally, the enterprise role would automatically give the user the appropriate application roles, but I can't figure out how to do that. We tried using OIM 11g's inheritance, but when the application role is inherited, OAM doesn't see it in OID/OVD and therefore doesn't think the user has the correct authorization to access the application. I thought about using role membership rules, but those seem to only allow you to use user attributes to control membership, which doesn't help at all in my situation.
    How is this situation best handled? Any advice much appreciated!
    Ariel Anderson
    Senior Business Analyst
    Zirous, Inc.

    Hi,
    I am assuming in clustered environment you are having two instances running.
    It must be an issue with a single server,,because the problem is intermittent.
    To see which server is causing problem....just perform the following steps:
    1) Stop server1 and keep running server2..and fire new registration request...
    2) stop server 2..and keep running server1.....and fire new registration request.
    Using above, atleast you can see which server is causing the problem...
    Regards,
    J
    Edited by: J_IDM on Mar 21, 2011 10:52 PM

  • Best Practice for using UML in JDeveloper 11g

    Hi,
    We are embarking upon a big program that involves development of a Webcenter 11g based Portal. We will be using JDeveloper for doing the development work. We are investigating whether we can use JDeveloper for doing the design work too. Towards that we would like to know if there are any best practices documented around using JDeveloper's UML capabilities in a Webcenter 11g Portal delivery activity that spans across several sprint teams and involves delivering an application that could involve several hundreds of java classes ? If so, can you please share the same / provide pointers to the same ?
    We are keen on using class diagrams and sequence diagrams for the design work.
    We will be using JDeveloper 11.1.1.5.0.
    Many thanks!
    Best Regards,
    Ramesh

    Check this to get an idea of UML support in JDeveloper:
    http://download.oracle.com/docs/cd/E18941_01/tutorials/jdtut_11r2_81/jdtut_11r2_81_1.html
    Thanks,
    Navaneeth

  • Best practice for install oracle 11g r2 on Windows Server 2008 r2

    Dear all,
    May I know what is the best practice for install oracle 11g r2 on windows server 2008 r2. Should I create a special account for windows for the oracle database installation? What permission should I grant to the folders where Oracle installed and the database related files located (datafiles, controlfiles, etc.)
    Just grant Full for Administrators and System and remove permissions for all others accounts?
    Also how should I configure windows firewall to allow client connect to the database.
    Thanks for your help.

    Hi Christian,
    Check this on MOS
    *RAC Assurance Support Team: RAC Starter Kit and Best Practices (Windows) [ID 811271.1]*
    https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=BULLETIN&id=811271.1
    DOC Modified: 14-DEC-2010
    Regards,
    Levi Pereira

  • Best practice for replicate the IDM (OIM 11.1.1.5.0) environment

    Dear,
    I need to replicate the IDM production to build the IDM test environment. I have the OIM 11.1.1.5.0 in production with lots of custom codes.
    I have two approaches:
    approach1:
    Manually deploy the code through Jdeveloper and export and import all the artifacts. Issue is this will require a lot of time and resolving dependencies.
    approach2:
    Take the OIM, MDS and SOA schemas export and Import the same into new IDM Test DB environment.
    could you please suggest me what is the best practice and if you have some pointers to achieve the same.
    Appreciate your help.
    Thanks,

    Follow your build document for the same steps you used to build production.
    You should know where all your code is. You can use the deployment manager to export your configurations. Export customized files from MDS. Just follow the process again, and you will have a clean instance not containing production data.
    It only takes a lot of time if your client is lacking documentation or if you re not familiar with all the parts of the environment. What's 2-3 hours compared to all the issues you will run into if you copy databases or import/export schemas?
    -Kevin

  • Best practice to modify OIM webApp.war in Weblogic (10g - 9102)

    I very generic question for OIM in Weblogic:
    If I'm doing any change(minor or major) in any of the JSP file in OIM xlWebApp.war, what is the best practice of moving it to production ?
    Thanks,

    Hi,
    Here the steps you should do:
    - unwar the xlWebApp.war file (through jar command)
    - Modify/add the jsp's.
    - War it again.
    - copy/replace that at XEL_HOME/webapp location.
    - if you had modified xml or properties file, copy that to DDTemplate/webapp
    - run patch_weblogic command.
    - restart server.
    You can also write a build script which will take OOTB xlWebApp.war and custom jsp's and will generate new xlWebApp.war.
    Once tested successfully in dev/QA env, you can check in code and new xlWebApp.war file in some subversion.
    In Production you can directly use this xlWebApp.war file and run patch command.
    Also look at this:
    Re: Help: OIM 10G Server With Weblogic
    Cheer$
    A..

  • Oracle 11g memory_target best practices

    Hi expert.
    I'll use memory_target in my oracle 11g enviroment. There is a best practices, or formula, for to choose my memory_target?
    There is a memory_target limit? (for example 128gb)
    Many thanks

    Thanks for the replies.
    I could like know if there are some criteria, or formula, to a correct memory_target set.
    I'm reading the file OracleOLTPonDellEqualLogicPS60x0.pdf
    >
    http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBQQFjAA&url=http%3A%2F%2Fwww.delltechcenter.com%2Fpage%2FSizing%2Band%2BBest%2BPractices%2Bfor%2BOracle%2B11g%2BOLTP%2Bon%2BEqualLogic&rct=j&q=OracleOLTPonDellEqualLogicPS60x0.pdf&ei=7av3TPP_J4yb4Ab_7pnzBg&usg=AFQjCNF9PfDrIP-VkYq_v3qPx03UAdkF9Q&sig2=pAF4A7E-S_FJkQ8jxsiWmw&cad=rja
    >
    that explain the best practices for an Oracle RAC 11g on Dell Server. About the Tuning Parameter I don't undestand very well what's the criteria for to choose the MEMORY_TARGET between 32,40 or 48GB
    Maybe choose what's the correct memory value for my server? I've an machine with X gb of RAM that I can allocate for an oracle istance. There is a fisical limit MEMORY_TARGET?
    Thanks for all suggest.
    Cheers,
    Lain

  • Best practice of 11G release 2 Grid & RAC installation on Solaris 10

    Hi Experts,
    Please share 11g Release 2 Grid infrastructure and RAC installation experiennce on Sun SPARC.
    Appreciate if you can provide documentation which provde complete information from server setup to database setup(other than oracle documentaion)
    Also please let me know which is the best storage option( NFS , ASM,...) and pros and cons
    Regards,
    Rasin M

    Hi,
    Appreciate if you can provide documentation which provde complete information from server setup to database setup(other than oracle documentaion)Check this in MOS:
    RAC Assurance Support Team: RAC Starter Kit and Best Practices (Solaris)
    https://support.oracle.com/CSP/main/article?cmd=show&id=811280.1&type=NOT
    Regards,
    Levi Pereira
    http://levipereira.wordpress.com

Maybe you are looking for

  • Unable to COMPLETE install of iPhoto 09 on Power PC G4 - specs OK

    I have a very old PowerPc G4 (512RAM), 1,25Ghz, OS X 10.5.8 which my kids use for their photos. I am unable to complete the install of iPhoto 09 from the iLife 09 update disc I purchased in the late 2000's. The disc works perfectly and I get as far a

  • New Iphone 5 Cannot connect to Itunes Store

    I have just got a new Iphone which is now just a week old. Since the beginning I haven't been able to download any apps due to an error message "Cannot connect to Itunes Store". I have been able to connect to the Itunes and App store on the Iphone bu

  • XML validation in 11g using DTD

    Hello I'm using a DTD, stored in a database table to validate client information XML files; the problem is that i have an element, lets say A, that has an atribuite Type, and this element have two sub-elements, B and C, so the XML is something like:

  • Incredibly strange file size discrepancy only appears in image files (jpg, gif, png)!

    I'm creating a bunch of banners for google ads, yahoo ads, ...etc in Photoshop on my Mac OS! The .gif files of these banners appear to TRIPLE in size when on the MAC (>150KB), but when transferred to windows; the real file size shows correctly! (<50K

  • Photo Sharing not showing all photos via Apple TV 3rd Gen

    Hi Have Apple TV, 3rd gen, latest update of the software. Running 10.8.5 on a mid 2009 MacBookPro. When I select a few smart albums from iPhoto 09 (v. 8.1.2) and then select those albums to share/stream to my Apple TV via iTunes (11.1.3) only a few o