OIM 11g giving roles

Hi all. I'm trying to customize the self-registration feature in such a way. In particular I need that after the self-registration, a user automatically get assigned to a specific role. By default OIM assign to all registered users "ALL USERS" role (not removable). I need, in addition to this role, that after the registration a user automatically get the role "MY_ROLE".
How can I achieve this goal?
Thank you in advance,
Giuseppe.

Thanks a lot P.K!!! This worked perfectly!!
As for adding membership rules, I did it as follows: Go to the Web console of the OIM. Go to Administration. Then click on Search Roles. Here select the role which you wish to assign to the user by default who gets assigned in the organization which you checked for in the rule (*For Example: Organization Name == Xellerate Users.*). Here it is Xellerate Users but could be any new organization that you might have created. Then click on the Membership rules tab on the top in the role that you have opened now. In that click on Assign Rules. The window will show the rules that exist in the database. One of them will be the one which you created as per P.K's solution. Select that and click on Assign. Its done!! :D Now whenever a new user will be created in the organization you have checked for, he'll automatically get the role you selected by default along with the ALL USERS role. So if you have an access policy assigned to that role, you can even have auto provisioning to some ldap directory work for you like I did in my case :D :)

Similar Messages

  • OIM 11g Peoplesoft Roles provisioning issue

    Hi All,
    We have configured Peoplesoft Connector 9.1.1.6 to provision roles to Peoplesoft through access policy. We are not able to provision multiple roles into Peoplesoft. It just provisions first role to user in peoplesoft and errors when provisioning the other role. The role names are matching in peoplesoft and OIM, pulled into the lookup.
    Error on Server :
    Running CREATEUSER
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:54 PM EST> <Warning> <PSFTUM> <BEA-000000> <oracle.iam.connec
    tors.psft.usermgmt.integration.PSFTUMUserProvisionManager : createUser : Exclusi
    on List Attribute lookup not initialized>
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    Any pointers would be appreciated.
    Regards,
    Ashok

    Hi All,
    Any pointer.
    Regards,
    Ashok

  • OIM 11g - Default role does not exists

    Hey,
    the default role IDENTITY ORGANIZATION ADMINISTRATORS does not exists in my OIM (11.1.1.5.4)
    I need this role to assign an user privileges to create and manage organization.
    Any idea?

    960944 wrote:
    Hey,
    the default role IDENTITY ORGANIZATION ADMINISTRATORS does not exists in my OIM (11.1.1.5.4)
    I need this role to assign an user privileges to create and manage organization.
    Any idea?The following roles were removed in 11.1.1.5.0:
    IDENTITY ORGANIZATION ADMINISTRATORS
    ACCESS POLICY ADMINISTRATORS
    IT RESOURCE ADMINISTRATORS
    GENERIC CONNECTOR ADMINISTRATORS
    REPORT ADMINISTRATORS
    Regards,
    Vladimir

  • OIM 11g: Create roles automatically

    I would like to create roles in OIM based on a field value (I'm getting this value by connecting to a Database via a GTC).
    Also, once created, the Role should be added to the Self-Assign Role template.
    Ideally, this would be a Scheduled Task that runs periodically to create new roles as they are added.
    Is this possible, and if so, what class should I be using? I've not used the OIM APIs as much so any suggestions would be great.

    Found out that there is a RoleManager API that will allow me to do this.

  • OIM 11g R1 - Container for Roles

    Hi,
    is it possible to create container for roles?
    For Example:
    Container1: RoleA, RoleB, RoleC
    Container2: RoleV, RoleY, RoleZ
    The reason is, i want to create authorization policies, which allows the user to assign specials roles. The problem is, that a lot of roles will be added during the operation. This means, if a new role will be created, i have to edit the authorization policy
    The best way is, i assign a Role-Container to the authorization policy. If i create a new role, i add the role to the special container.
    Is this possible in OIM 11g R1?
    Edited by: 960944 on Apr 3, 2013 5:18 AM

    Yes, you can do that using authorization policy.
    Try this:
    Create a Role called 'X'
    Create a Authorization Policy of Role Management Entity Type called 'X Role Authz Policy' and under the Permission tab:
    Grant Modify Role Membership, Search for ROle, View Role Detail and View Role Membership
    Under Data Constraints: Add all the roles that a user can self assign except SYS ADMIN role.
    Under Assignemnt: Add Role 'X'
    Save and apply to test it.
    You can have a look at the default Role Management All Users Policy for reference.
    Regards,
    Sunny

  • Role management in OIM 11g.

    Hi All,
    I am working on OIM 11g PS1.
    In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
    For this the simplest way is to add the user to role 'Role Administrators'.
    Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
    The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
    Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
    The error that comes on GUI:
    "ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
    Error in Weblogic logs:
    "<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
    ons in phase INVOKE_APPLICATION 5
    javax.el.ELException: java.lang.NullPointerException
    at com.sun.el.parser.AstValue.invoke(Unknown Source)
    at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
    at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
    at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
    at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused By: java.lang.NullPointerException
    at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
    at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
    at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.sun.el.parser.AstValue.invoke(Unknown Source)
    at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
    Thanks,
    Sneha

    Hi,
    I found the resolution for this, so I thought I would share it here with everyone.
    I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
    To enable the view of role membership please follow the steps below:
    1. Login as XELSYSADM
    2. Goto Administration and search for the org which the users are assigned to
    3. Open the org details
    4. Click "Administrative Roles"
    5. Click "Assign"
    6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
    This will really solve the issue.
    Thanks,
    Sneha.

  • How to obtain Role name in OIM 11g using API's

    Hello,
    I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
    get deleted from AD.I have written postprocess event handler to achieve this.
    In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
    not able to get role name.
    Is there a way to get role name while deleting roles using API ?
    Thanks,
    Rahul Shah

    Hi Raghav,
    Following is my code :
    tcRODetails = orgOpInterface.getObjects(organizationKey);
    for(int i = 0;i < tcRODetails.getRowCount();i++){
    tcRODetails.goToRow(i);
    // resourceName=AD Group
    if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
    System.out.println("<<<FOUND>>>");
    processKey = tcRODetails.getLongValue("Process Instance.Key");
    provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
    tcProcessSet = oimFormUtility.getProcessFormData(processKey);
    for(int j=0;j<tcProcessSet.getRowCount();j++){
    tcProcessSet.goToRow(j);
    if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
    System.out.println("MATCH FOUND!!!!!");
    orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
    break;
    & i get following error :
    <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
    Thanks
    Rahul Shah

  • Regarding Authorization policy and Roles in OIM 11g

    Hi,
    In OIM 11g Admin interface, is there a way to find out what all authorization polices, a role has been assigned to ?.
    I am asking this because, if you search for a user, you will know what all roles he is a member of, and similarly if you search for a role, you will know who all users are members of that role.
    Similarly, if you search for a Authorization policy, you will know what are roles are assigned to this policy. But if I search for a role, I am not able to find what all authorization policies has been assigned to this role.
    Looking forward to hearing from you,
    Many thanks in advance

    I understand your concern. But, this feature has not been available
    --nayan                                                                                                                                                                                   

  • OIM 11g support for Temporary roles with expiration date

    Dear All,
    Is there a support provided for temporary roles in OIM 11g?
    If not, what is the recommendation as for implementation?
    Kind regards
    Maria Adair

    I'm also interested if someone has any recommendation as for how to implement such a feature. Anyone has any ideas?

  • OIM 11g-configure SoD so that it works for direct provisioning of the roles

    Dear All,
    page 23-3 of Developer's Guide (OIM 11g) provides information regarding configuration of the SoD for Direct provisioning of the resources. How to configure SoD so that it works for direct provisioning of the roles?
    Thank you for your time
    Maria

    Rajiv,
    I did not find the documentation regarding this. But I hoped I will.
    In my project we assign roles directlly, not resources.
    I suspect the integration with Role Manager is required in this case. SoD module in OIA should be used then.
    Maria

  • OIM 11g Roles/Groups

    Dear All,
    I noticed that 11g version has the ability for end-user to request Roles. What is the difference between Role and Group in OIM 11g?

    In 11g the new definition of an OIM Group = Role.
    -Kevin

  • Oim 11g r2: data access restriction using roles instead of organisations

    can i implement data access restriction using roles instead of organisations in oim 11g r2?

    in my use case a particular user can be member of more than one organisation. as far as i know oim does not suoport this use case using organisation, so i decide to use roles to represent my "organizations", but now i loose all the data access restrictions (scope).

  • Restricting administrator tab to user created with default role OIM 11g R2

    Hi,
    I have a query, if we create a user in OIM 11g R2 without any admin role and then login to Self Service screen (Identity) with the newly created user, we can see the Administration Tab is visible to the user.
    Is this mean that by default user is having admin role assigned to him to do some of the admin activities.
    Please let me know how to control this behavior and not to show the Administration tab to the user until and unless he is having some admin roles assigned to him.
    Please help.

    You can hide Administration tab for normal users using EL's. By default users will get this tab when they login to identity console even though admin role is not assigned to them. But if you do any operation on any users, request will be raised accordingly.
    Check this link to configure EL's http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#autoId18

  • OIM 11g R2 - Creating a new role using API

    Hi,
    I am trying to create a new role in OIM 11g R2 using RoleManager API.The requirement is to provide "Role Owner" also while creating the role.May I know how to do that?.Thanks in advance.

                        HashMap <String, String> groupMap = new HashMap <String, String> ();
                        groupMap.put("Groups.Group Name", groupName);
                        groupMap.put("Groups.Role Description", "Just for testing");
                        long groupKey = -1L;
                        try {
                                groupKey = goi.createGroup(groupMap);
                                logger.info("RESULT: Group with group_key '" + groupKey
                                                + "' has been successfully created");
                        } catch (tcAPIException e) {
                                logger.info("Creating client...."+e);
                        } catch (tcDuplicateGroupException ex) {
                             return getGroupKey(goi, groupName);
                                //logger.info(""+ex.toString());
                        } catch (tcInvalidAttributeException er) {
                                logger.info(""+er.toString());
    I hope this really helps you,
    Thiago Leoncio.
    (Blog: thiagoleoncio)

  • OIM 11g r2 ps2. Setting end date for role requests

    Hi,
    reviewing the new features document on oim 11g r2 ps2: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oim-11gr2-whats-new-1709505.pdf
    it says "For example, in a request that involves multiple entitlements, the requester might be required to specify the start date and end date for each of the entitlements requested. OIM enables requesters to provide such information during request that can be carried all the way to approval and provisioning processes. OIM also provides an out-of-the-box scheduled task for entitlement grant and revoke based on the start and end dates specified"
    I've been searching on the documentation and doing tests on a virtual environment before a poc to a customer and can not find how to use that feature.
    Is it an OotB feature or it needs codification and extra configuration?
    Any tips on how to achieve this?
    Thanks in advance!

    Doc links:
    http://docs.oracle.com/cd/E40329_01/admin.1112/e27149/appinstance.htm#OMADM5296
    http://docs.oracle.com/cd/E40329_01/admin.1112/e27149/scheduler.htm#OMADM743, tasks "Sunrise of Accounts and entitlements" and "Sunset of Accounts and entitlements".
    Oracle Support Document 1951854.1 (Sunrise And Sunset Of Entitlements) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1951854.1
    Joost

Maybe you are looking for