OIM 11g: Create roles automatically

I would like to create roles in OIM based on a field value (I'm getting this value by connecting to a Database via a GTC).
Also, once created, the Role should be added to the Self-Assign Role template.
Ideally, this would be a Scheduled Task that runs periodically to create new roles as they are added.
Is this possible, and if so, what class should I be using? I've not used the OIM APIs as much so any suggestions would be great.

Found out that there is a RoleManager API that will allow me to do this.

Similar Messages

  • OIM 11g giving roles

    Hi all. I'm trying to customize the self-registration feature in such a way. In particular I need that after the self-registration, a user automatically get assigned to a specific role. By default OIM assign to all registered users "ALL USERS" role (not removable). I need, in addition to this role, that after the registration a user automatically get the role "MY_ROLE".
    How can I achieve this goal?
    Thank you in advance,
    Giuseppe.

    Thanks a lot P.K!!! This worked perfectly!!
    As for adding membership rules, I did it as follows: Go to the Web console of the OIM. Go to Administration. Then click on Search Roles. Here select the role which you wish to assign to the user by default who gets assigned in the organization which you checked for in the rule (*For Example: Organization Name == Xellerate Users.*). Here it is Xellerate Users but could be any new organization that you might have created. Then click on the Membership rules tab on the top in the role that you have opened now. In that click on Assign Rules. The window will show the rules that exist in the database. One of them will be the one which you created as per P.K's solution. Select that and click on Assign. Its done!! :D Now whenever a new user will be created in the organization you have checked for, he'll automatically get the role you selected by default along with the ALL USERS role. So if you have an access policy assigned to that role, you can even have auto provisioning to some ldap directory work for you like I did in my case :D :)

  • OIM 11g - Default role does not exists

    Hey,
    the default role IDENTITY ORGANIZATION ADMINISTRATORS does not exists in my OIM (11.1.1.5.4)
    I need this role to assign an user privileges to create and manage organization.
    Any idea?

    960944 wrote:
    Hey,
    the default role IDENTITY ORGANIZATION ADMINISTRATORS does not exists in my OIM (11.1.1.5.4)
    I need this role to assign an user privileges to create and manage organization.
    Any idea?The following roles were removed in 11.1.1.5.0:
    IDENTITY ORGANIZATION ADMINISTRATORS
    ACCESS POLICY ADMINISTRATORS
    IT RESOURCE ADMINISTRATORS
    GENERIC CONNECTOR ADMINISTRATORS
    REPORT ADMINISTRATORS
    Regards,
    Vladimir

  • OIM 11g Peoplesoft Roles provisioning issue

    Hi All,
    We have configured Peoplesoft Connector 9.1.1.6 to provision roles to Peoplesoft through access policy. We are not able to provision multiple roles into Peoplesoft. It just provisions first role to user in peoplesoft and errors when provisioning the other role. The role names are matching in peoplesoft and OIM, pulled into the lookup.
    Error on Server :
    Running CREATEUSER
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:54 PM EST> <Warning> <PSFTUM> <BEA-000000> <oracle.iam.connec
    tors.psft.usermgmt.integration.PSFTUMUserProvisionManager : createUser : Exclusi
    on List Attribute lookup not initialized>
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    Any pointers would be appreciated.
    Regards,
    Ashok

    Hi All,
    Any pointer.
    Regards,
    Ashok

  • OIM 11g create user with API - double resources

    Hello.
    We have a custom web client for creating a user in OIM. When we create a user with the OOTB web app (formerly xlWebApp), it creates the user and the Access Policies work correctly to give the user one of each resource.
    When we create the user with the API from our custom web app, it tries to assign 2 of each resource to the new user. Has anyone seen this behavior before? Thank you.

    Bump Thanks.

  • Restricting administrator tab to user created with default role OIM 11g R2

    Hi,
    I have a query, if we create a user in OIM 11g R2 without any admin role and then login to Self Service screen (Identity) with the newly created user, we can see the Administration Tab is visible to the user.
    Is this mean that by default user is having admin role assigned to him to do some of the admin activities.
    Please let me know how to control this behavior and not to show the Administration tab to the user until and unless he is having some admin roles assigned to him.
    Please help.

    You can hide Administration tab for normal users using EL's. By default users will get this tab when they login to identity console even though admin role is not assigned to them. But if you do any operation on any users, request will be raised accordingly.
    Check this link to configure EL's http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#autoId18

  • OIM 11g R2 - Creating a new role using API

    Hi,
    I am trying to create a new role in OIM 11g R2 using RoleManager API.The requirement is to provide "Role Owner" also while creating the role.May I know how to do that?.Thanks in advance.

                        HashMap <String, String> groupMap = new HashMap <String, String> ();
                        groupMap.put("Groups.Group Name", groupName);
                        groupMap.put("Groups.Role Description", "Just for testing");
                        long groupKey = -1L;
                        try {
                                groupKey = goi.createGroup(groupMap);
                                logger.info("RESULT: Group with group_key '" + groupKey
                                                + "' has been successfully created");
                        } catch (tcAPIException e) {
                                logger.info("Creating client...."+e);
                        } catch (tcDuplicateGroupException ex) {
                             return getGroupKey(goi, groupName);
                                //logger.info(""+ex.toString());
                        } catch (tcInvalidAttributeException er) {
                                logger.info(""+er.toString());
    I hope this really helps you,
    Thiago Leoncio.
    (Blog: thiagoleoncio)

  • Error creating a role from the process task adapter - OIM 11g R2 PS1

    I have a requirement to create an OIM role dynamically when a resource account is created. Also once the role is created, I need to assign that role to the user dynamically. Following code works perfectly fine if I replace the Platform with OIMClient and run it remotely. It fails when I run it from OIM:
    Exception:
    An exception occurred while performing the operation.
    java.lang.NullPointerException
    at oracle.iam.request.impl.RequestEngine.startOrchestrationFromPreProcess(RequestEngine.java:5516)
    at oracle.iam.request.impl.RequestEngine.triggerOperation(RequestEngine.java:5439)
    at oracle.iam.request.impl.RequestEngine.doOperation(RequestEngine.java:5154)
    at oracle.iam.impl.OIMServiceImpl.doOperation(OIMServiceImpl.java:43)
    at sun.reflect.GeneratedMethodAccessor6238.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at com.sun.proxy.$Proxy943.doOperation(Unknown Source)
    public static User searchUserByLogin(String login) {
            List<User> users = null;
            Set<String> retAttrs = new HashSet<String>();
            retAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
            SearchCriteria criteria;
            criteria = new SearchCriteria(UserManagerConstants.AttributeName.USER_LOGIN.getId(), login, SearchCriteria.Operator.EQUAL);
            try {
                UserManager userManager = Platform.getService(UserManager.class);
              users = userManager.search(criteria, retAttrs, null);
            } catch (AccessDeniedException ade) {
                // handle exception
            } catch (UserSearchException use) {
                // handle exception
            if (users.size() > 0) {
                return users.get(0);
            } else {
                return null;
        public static boolean grantRole(String usrLogin, String roleKey) throws oracle.iam.platform.authz.exception.AccessDeniedException, UserMembershipException, ValidationFailedException, RoleGrantException {
            RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);      
            adpLogger.debug("Entering grantRole(1): User - " + usrLogin + " Role - " + roleKey);
            Set userKeys = new HashSet();
            User user = searchUserByLogin(usrLogin);
            userKeys.add(user.getEntityId());
            if (!roleMgr.isRoleGranted(roleKey, user.getEntityId(), false)) {
                RoleManagerResult result = roleMgr.grantRole(roleKey, userKeys);
                adpLogger.debug("Role granted " + result.getStatus());
            } else {
                adpLogger.debug("Role is already granted");
            return true;
        public static String createOrUpdateRole(String usrLogin, String roleName) throws oracle.iam.platform.authz.exception.AccessDeniedException, RoleSearchException, ValidationFailedException, RoleAlreadyExistsException, RoleCreateException, RoleGrantException, UserMembershipException {
            adpLogger.debug("Entering createOrUpdateRole(1) Role " + roleName);
            RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);
            SearchCriteria criteria;
            criteria = new SearchCriteria(RoleManagerConstants.ROLE_NAME, roleName, SearchCriteria.Operator.EQUAL);
            Set<String> ret = new HashSet<String>();
            User user = searchUserByLogin(usrLogin);
            List<Role> roles = new ArrayList<Role>();
            roles = roleMgr.search(criteria, ret, null);
            String grpKey = "";
            if (roles.size() > 0) {
                adpLogger.debug("Role already exists. Role ID " + roles.get(0).getEntityId());
                grpKey = roles.get(0).getEntityId();
            } else {
                Role role = new Role(new HashMap());
                role.setName(roleName);
                RoleManagerResult result = roleMgr.create(role);
                adpLogger.debug("Role created with ID " + result.getEntityId());
                grpKey = result.getEntityId();
            return grpKey;
    It fails at             RoleManagerResult result = roleMgr.create(role); line in createOrUpdateRole() method.
    Has anyone ever run into this kind of issue?
    Thanks

    Can you please try after making organization for a particular role and user are same ?
    For new role creation publish the particular group to organization.
    Regards
    Shashank k

  • Steps to enable Automatic provisioning in OIM 11g

    Hi,
    I am trying to configure my OIM 11g to automatically provision the resource into OID.
    I am able to do the provisioning manually but as per my requirement, when I register the user details in OIM the record must be created in OID automatically.
    Can u please mention the steps I must follow for the same.
    Regards

    Hi Pk
    I Checked the task "System Validation" status for the Resource.It was Pending as told I selected Auto Save in the process definition of the resource in design console.
    Now my resource gets provisioned but only when I attach user to the Role created by me. By default user gets attached to the All Users Role.
    What configuration changes should i make so that the user on creation gets attached to custom Role created by me.
    Regards

  • OIM 11g R1 - Container for Roles

    Hi,
    is it possible to create container for roles?
    For Example:
    Container1: RoleA, RoleB, RoleC
    Container2: RoleV, RoleY, RoleZ
    The reason is, i want to create authorization policies, which allows the user to assign specials roles. The problem is, that a lot of roles will be added during the operation. This means, if a new role will be created, i have to edit the authorization policy
    The best way is, i assign a Role-Container to the authorization policy. If i create a new role, i add the role to the special container.
    Is this possible in OIM 11g R1?
    Edited by: 960944 on Apr 3, 2013 5:18 AM

    Yes, you can do that using authorization policy.
    Try this:
    Create a Role called 'X'
    Create a Authorization Policy of Role Management Entity Type called 'X Role Authz Policy' and under the Permission tab:
    Grant Modify Role Membership, Search for ROle, View Role Detail and View Role Membership
    Under Data Constraints: Add all the roles that a user can self assign except SYS ADMIN role.
    Under Assignemnt: Add Role 'X'
    Save and apply to test it.
    You can have a look at the default Role Management All Users Policy for reference.
    Regards,
    Sunny

  • Role management in OIM 11g.

    Hi All,
    I am working on OIM 11g PS1.
    In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
    For this the simplest way is to add the user to role 'Role Administrators'.
    Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
    The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
    Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
    The error that comes on GUI:
    "ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
    Error in Weblogic logs:
    "<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
    ons in phase INVOKE_APPLICATION 5
    javax.el.ELException: java.lang.NullPointerException
    at com.sun.el.parser.AstValue.invoke(Unknown Source)
    at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
    at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
    at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
    at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused By: java.lang.NullPointerException
    at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
    at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
    at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.sun.el.parser.AstValue.invoke(Unknown Source)
    at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
    Thanks,
    Sneha

    Hi,
    I found the resolution for this, so I thought I would share it here with everyone.
    I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
    To enable the view of role membership please follow the steps below:
    1. Login as XELSYSADM
    2. Goto Administration and search for the org which the users are assigned to
    3. Open the org details
    4. Click "Administrative Roles"
    5. Click "Assign"
    6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
    This will really solve the issue.
    Thanks,
    Sneha.

  • How to obtain Role name in OIM 11g using API's

    Hello,
    I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
    get deleted from AD.I have written postprocess event handler to achieve this.
    In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
    not able to get role name.
    Is there a way to get role name while deleting roles using API ?
    Thanks,
    Rahul Shah

    Hi Raghav,
    Following is my code :
    tcRODetails = orgOpInterface.getObjects(organizationKey);
    for(int i = 0;i < tcRODetails.getRowCount();i++){
    tcRODetails.goToRow(i);
    // resourceName=AD Group
    if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
    System.out.println("<<<FOUND>>>");
    processKey = tcRODetails.getLongValue("Process Instance.Key");
    provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
    tcProcessSet = oimFormUtility.getProcessFormData(processKey);
    for(int j=0;j<tcProcessSet.getRowCount();j++){
    tcProcessSet.goToRow(j);
    if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
    System.out.println("MATCH FOUND!!!!!");
    orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
    break;
    & i get following error :
    <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
    Thanks
    Rahul Shah

  • How to create Lookup field in user form in OIM 11g - Urgent

    Hi Experts,
    How to create Lookup field in User Form - OIM 11g.
    Pls. provide your support on priority.
    Regards
    Karan

    Thanks all for your suggestion.
    Our requirement, is we need to have a user defined field similar to how its there in "Organisation".
    For example we need to create an user defined field like "Service Holding" which holds different services say like Service 1, Service 2, Service 3 etc.
    Under each service there are multiple roles....
    Eg:
    Service 1 - Role 1, Role 2, Role 3
    Service 2 - Role 4, Role 5
    Service 3 - Role 6, Role 7, Role 8
    Is there a way to store multi-valued attribute in OIM UDF? If so, pls. guide us
    If its not possible we would need to create a Lookup field (something similar to Organization or Manager). User clicks on the button (lens button), which should invoke an API wherein he can select specific Roles and save in User. Eg. like Service 1 - Role 1#Service 2 # Role 5 and store in the backend database.
    Is this possible. Pls. guide.
    Regards,
    Karan

  • Create user from trsuted recon fails in oim 11g

    Hi,
    Create user functionality is failing in OIM 11g becasue i am missing one field mapping and that is Role. I dont know which attribute of trusted recon should be mapped to OIM Role field. What mapping am i missing? I am getting below error in logs:
    Caused by: oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [Role]
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1510)
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:265)
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
    at sun.reflect.GeneratedMethodAccessor2787.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
    [2013-12-27T06:04:46.066-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: b33006816923ec25:17564607:14333cadc4a:-8000-0000000000001f29,0] [APP: oim#11.1.2.0.0] The following exception occurred: {0}[[
    oracle.iam.reconciliation.exception.CreateException: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
    at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:98)
    at oracle.iam.reconciliation.impl.EntityTypeHandler.applyRule(EntityTypeHandler.java:76)
    at oracle.iam.reconciliation.impl.EntityTypeHandler.process(EntityTypeHandler.java:49)
    at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:176)
    Caused by: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
    at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278)

    Role is nothing but User Type(Full-Time Employee, Contractor...etc)

  • Provision a Resource Object to Organization automatically in OIM 11g

    Hi All,
    How to provision a resource Object to Organizations automatically in OIM 11g.
    Can we use Access Policy for this , if not , is there any other way to solve this.
    Regards
    Edited by: 903745 on 31 May, 2012 1:40 AM

    Are you referring to creating an resource object (e.g. group) on the Organization itself (as opposed to users in that Organization) ? If so this can be done from a post-process event handler on the Organization object.

Maybe you are looking for

  • Data getting added in DSO

    Hi , I am having DSO in which data is coming from cube .In transformation ( Cube --> DSO )  Rule Type EQ "Direct Assignment  & Aggregation EQ 'Overwite'  & there is no Start & End routine present . Cube Data Planning Area  Plant   Country Customer Gr

  • How to print a PDF file from Swing(JFC/swing)

    Hi, I am able to dislay a PDF file in Swing but how can I print it from there. I want to do it without using Acrobat reader.

  • How can I change my iCloud account on ipad

    Hi, I have account xxx setup on my ipad, which I now want to change to account YYY (different iCloud account). How can I do this without loosing any purchases? Cheers.

  • Duplicates on iphone only

    This is very weird!!  Recently synced both mine and husband iphones through iTunes and upgraded the software.  (iCloud was another matter altogether) but since the sync we find that several files are duplicated on the iphones only - not in the itunes

  • Installing batch 10.1.0.4.0

    Hi, I installed the batch 10.1.0.4.0 to my 10g db 10.1.0.2.0 at single server (no RAC) to make it as backup server for my running RAC db after installing the batch , it ask about RAC, I need to Install the batch to work right within single machine th