OIM 11g R1 - Container for Roles

Similar Messages

• OIM 11gR1 : Parallel approval for role assignment.

  Hi,
  I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
  When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.
  Also, Is it possible to assign a Role instead of the users in the custom attributes ?
  Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".
  Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
  Thanks,
  Meni,

  Bikash Bagaria wrote:
  Meni wrote:
  Hi,
  I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
  When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.Try modifying the dataset. But I think there was an issue which someone reported here which said that you cannot add additional attributes to the role dataset. Logically it makes sense because there is no custom attribute for role in OIM so dataset should not allow it either.
  I've noticed that the design console allows adding custom attributes to roles.
  This can be done via Administration --> User Defined Field Definitions --> UGP (Table name).
  Once a field is added, you'll need to choose "Properties" and add a "Visible Field = true" prop to the attribute chosen.
  This will add a custom attributes section where your attributes will be shown.
  Question is how you can add a "search users" lookup instead of plain string for this custom attribute,
  and how those attributes will find their ways into the BPEL composite where business decisions based on those attributes may be taken (assign task per this attribute for an example).
  Also, Is it possible to assign a Role instead of the users in the custom attributes ?
  Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".You can create request for multiple roles in a single request and in your approval process you need to dynamically set the human task assignee based on the role selected. You also need to attach the approval process to orchestration level so that it generates a separate child request for each role selected.
  I'm not sure I understand how the proposed approach helps avoid the decoupling of users to role admins attribute.
  The intention was to have two roles, "Role_A" and "Role_A_Approver" where people that belong to "Role_A_Approver" will be assigned workflow tasks whenever Role_A is to be granted to end-users.
  Currently, each role has a "Role Admin" attribute, this attribute however holds a user and not a container of users (role)..
  Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
  All about requests
  Thanks,
  Meni,-Bikash

• OIM 11g - Mail Notification for multiple resources

  User will be provisioned to 5 target system through access policies.So instead of sending 5 different mail notifications to the manager on the Create User task about the account creation, is it possible to send one consolidated mail about the provisioned resources in OIM 11g.

  Hi,
  How abt for the following requirement for sending single mail for multiple resources provisioned.
  We have 3 Access Policies which is defined as follows.
  1) Policy 1 -> R1,R2,R3 Resources
  2) Policy 2 -> R3,R5 Resources
  3) Policy 3 -> R1,R4 Resources
  In such a case we will not be able to put dependencies on Resources and adding a task for sending email.

• Use OIM 11g UI directly for password resets

  1. What is the best practice in using OIM for password resets? Two options that i have usually heard of are writing a custom app or UI and use OIM APIs for password resets. The other is use OIM UI directly.
  Are there any other options.
  2. Of the two options mentioned above, are there any concerns if we want to expose the OIM UI password reset link to internet- example, post the OIM UI link across the company's website which is available to everybody?
  Regards,
  Anand

  People,
  Any help will be really appreciated. I am looking for some suggestions in this regards. Thanks
  Anand

• OIM 11g - Approval workflows for disabled user accounts

  Hi,
  We have a scenario wherein a user will be created in OIM with a future start date resulting in a Disabled Untill Start Date user status. Once the user is created, we should let anyone submit a New Hire form for the user and the submitted form needs to be approved by the Manager. Once the Manager approves the form, the target accounts should get created with disabled status. These accounts should get enabled on the start date.
  As submission of New Hire Form is not a straightforward process, we came up with the following design.
  A dummy resource object corresponding to the New Hire Form will be created and can be requested for a newly hired person by anyone who has OIM access. An approval workflow will be configured for the New Hire Form Resource object and provisioning of target accounts will be based on Manager's approval for this resource object.
  However the challenge that we see with this design is, it wasn't possible to place a request for New Hire Form dummy resource object for a disabled user. But the requirement is to complete the New Hire Form submission process befor the user becomes active.
  How can these workflows be invoked for a disbaled user? Is there any other way to implement this requirement?
  Any kind of help/guidance is greatly appreciated.
  Thanks and Regards
  Deepa

  911709 wrote:
  If I create a dummy resource, called "Group Membership" for example, and use this to show the groups that are available in AD, how can I have the request be routed to different approvers? For example, group cn=HR Users,cn=Users,dc=company,dc=com needs to be routed to HR for approval. Group cn=IT,cn=Users,dc=company,dc=com needs to be routed to IT for approval. How can I change the approvers dynamically?
  Re: Spawning multiple approval tasks in parallel in OIM11g SOA Composite
  You can have dynamic task assignment in BPEL; where you defne a variable in the task assignment and update the variable with the approver group name before triggering the task assignment task. Check BPEL docs for same.
  If every group needs a different approver, and there are 5000 groups, can I make 5000 resources and use the built-in routing of approvals? Or, use the dummy resource approach and handle the management of the approvals in some other way.Just make one resource with one field attached to it which takes in the group name and handle approval in SOA by reading a lookup which has AD group to Approval Group mapping.
  >
  Thank you.-Bikash
  Edited by: Bikash Bagaria on Feb 18, 2012 1:00 AM

• OIM 11g R2: Insufficent Privileges after Enable Database Vault

  Hi,
  i am trying to implement database vault on oim 11g r2 database for a customer proof of concept, but after enable database vault i am got the following error
  oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-7130125 : Search token caused Oracle text DRG issue, DB exception is :ORA-20000: Oracle Text error:
  DRG-50857: oracle error in drdmdcnt
  ORA-01031: insufficient privileges
  ORA-06512: at "CTXSYS.DRVUTL", line 14
  ORA-06512: at "CTXSYS.DRVXMD", line 140
  ORA-06512: at line 1
  this error occurs when i run Catalog Synchronization Job and i when try to search items in catalog
  i guess that database vault blocked the ctxapp role granted to oim database owner, but i am not sure how to fix it. Do i have to create a database realm for oim database user?

  As I continue to forage around looking for an answer, I came across the following statement in a document on Metalink: "The home where you plan to install ODV must already have OLS installed at the same patch level as the database.". Is this correct? I have never seen this in any Database Vault documentation.
  (https://metalink.oracle.com/metalink/plsql/f?p=200:27:4287075139009922213::::p27_id,p27_show_header,p27_show_help:714182.992,1,1)

• Reconcile user groups to OIM (11g)

  I would appreciate it if someone may let me know how to reconcile the organization and leadership structure information from an Oracle DB based identity vault into OIM (11g) to create organizational roles, for example, into the user group and user group membership tables, i.e. the UGP and USG table series. Many thanks.

  yesy, I have defines correct search value but its again and again throwing error. I change the search values too. But its not working.

• OIM 11g support for Temporary roles with expiration date

  Dear All,
  Is there a support provided for temporary roles in OIM 11g?
  If not, what is the recommendation as for implementation?
  Kind regards
  Maria Adair

  I'm also interested if someone has any recommendation as for how to implement such a feature. Anyone has any ideas?

• OIM 11g-configure SoD so that it works for direct provisioning of the roles

  Dear All,
  page 23-3 of Developer's Guide (OIM 11g) provides information regarding configuration of the SoD for Direct provisioning of the resources. How to configure SoD so that it works for direct provisioning of the roles?
  Thank you for your time
  Maria

  Rajiv,
  I did not find the documentation regarding this. But I hoped I will.
  In my project we assign roles directlly, not resources.
  I suspect the integration with Role Manager is required in this case. SoD module in OIA should be used then.
  Maria

• OIM 11g: Issue while evaluating rule for Role Membership

  Hello All,
  I have configured few General Rules using 2 of our User Defined Fields, these general rules are used to determine role membership.
  What we observed that once "Identity Status" attribute is set to "Disabled" for OIM User Profile then OIM stops evaluating these configured General Rules for Role Membership.
  Env Details:
  Product Version: Oracle Identity Manager 11.1.1.5.0
  App Server: WebLogic Server Version: 10.3.5.0
  OS: Red Hat Enterprise Linux Server release 5.5
  Database: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64 bit
  Please let me know if any of you have encounter this issue and if there is any workaround available for it.
  Thanks,
  Shyam

  Re: OIM11g: Resource not revoked if the Identity Status is DISABLED
  XL.EvaluateMembershipForInactiveUser
  Workaround:
  You can make you of Event Handler and assign that group with APIs.

• OIM 11g r2 ps2. Setting end date for role requests

  Hi,
  reviewing the new features document on oim 11g r2 ps2: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oim-11gr2-whats-new-1709505.pdf
  it says "For example, in a request that involves multiple entitlements, the requester might be required to specify the start date and end date for each of the entitlements requested. OIM enables requesters to provide such information during request that can be carried all the way to approval and provisioning processes. OIM also provides an out-of-the-box scheduled task for entitlement grant and revoke based on the start and end dates specified"
  I've been searching on the documentation and doing tests on a virtual environment before a poc to a customer and can not find how to use that feature.
  Is it an OotB feature or it needs codification and extra configuration?
  Any tips on how to achieve this?
  Thanks in advance!

  Doc links:
  http://docs.oracle.com/cd/E40329_01/admin.1112/e27149/appinstance.htm#OMADM5296
  http://docs.oracle.com/cd/E40329_01/admin.1112/e27149/scheduler.htm#OMADM743, tasks "Sunrise of Accounts and entitlements" and "Sunset of Accounts and entitlements".
  Oracle Support Document 1951854.1 (Sunrise And Sunset Of Entitlements) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1951854.1
  Joost

• Requesting to remove roles for the direct report's in OIM 11g R2

  Is it possible to have the manager log into OIM and request to remove roles for one of his/her direct reports? You can only add roles from the catalog interface.
  Thanks

  Search the user
  Go to the Roles Tab
  Select the Role
  "Remove Role" link will get enabled
  Click that link
  Submit
  Request ID will be generated
  For SELF REQUEST:
  Go to My Access Form
  And do the same thing

• OIM 11g R2 Available Roles For Organizations Is Empty After XML Import

  Hi,
  When we exported Organizations in OIM via Deployment Manager and imported them back, available roles on Organizations are gone.
  To be exact; Hierarchical role assignments are gone, which are done using "include-sub-orgs" check while putting organizations to Roles.
  To understand the problem,
  We took a single organization, exported it, changed only organization name in the XML and imported it back. The results are the same.
  We included every possible dependency in the xml to see if this was the issue, apparently it wasn't.
  Furthermore,
  On the Role screens' Available Organization's tab, when we check the "include sub orgs" box, it works fine on manually added organizations. They are shown on Available Roles for the Organizations.
  But this doesn't work on imported organizations.
  Is there a trick to this in R2?
  How can we export-import the organizations and still see the available roles?
  Thanks,
  Erdogdu

  Hi All
  Any updates please . Can any one just update whether creating a custom attribute on User Profile adds the attribute in the list of attributes for membership rules for roles .
  Thanks
  Darshan

• Assistance required for deploying a validation handler in OIM 11g

  Hi All,
  I wanted to deploy a validation handler in OIM 11g so that I can check that the telephone number that is entered by the user has length of ten and all of them are digits.
  I created a new eclipse workspace called TelephoneValidationHandler on the OIM Host machine. I created a new Java project in the workspace with the name TelephoneValidationHandler. I created a class called TelephoneValidationHandler in this project. Put in the following code in this java file -
  /* TelephoneValidationHandler.java */
  package com.custom;
  import java.io.Serializable;
  import java.util.HashMap;
  import oracle.iam.platform.kernel.ValidationException;
  import oracle.iam.platform.kernel.ValidationFailedException;
  import oracle.iam.platform.kernel.spi.ValidationHandler;
  import oracle.iam.platform.kernel.vo.BulkOrchestration;
  import oracle.iam.platform.kernel.vo.Orchestration;
  public class TelephoneValidationHandler implements ValidationHandler{
            @Override
            public void initialize(HashMap<String, String> arg0) {
            // TODO initialization
            System.out.println("***********************************************************************************");
            System.out.println("************************** Init validate event handler ****************************");
            System.out.println("***********************************************************************************");
            @Override
            public void validate(long processId, long eventId, Orchestration orchestration)
            throws ValidationException, ValidationFailedException {
            System.out.println("************************** Beginning of validation *************************");
            HashMap<String, Serializable> parameters = orchestration.getParameters();
            String telephone = (String) parameters.get("Telephone Number");     
            //String regex="[0-9]{10}";
                 if (telephone.length()==10)
                      for(int i=0; i<10; i++)
                           if (Character.isDigit(telephone.charAt(i))){
                                continue;
                           else
                                throw new ValidationFailedException();
                      System.out.println("****************** Validated *********************");
            else
                 System.out.println("*************EXCEPTION OCCURRED*******************");
            throw new ValidationFailedException();
            System.out.println("************************** End of validation *************************");
            @Override
            public void validate(long processId, long eventId, BulkOrchestration arg2)
                      throws ValidationException, ValidationFailedException {
            // TODO - N/A
                 System.out.println("************************** INSIDE BULK VALIDATE ***************************");
  I included the files in reference libraries as - right click on the project, click on Build Path -> Configure Build Path -> Add External JARs. In this I selected the jars that were needed to compile the code successfully and i selected them from the place where they exist in the OIM host for eg. C:\Oracle\Middleware\server\platform\iam-platform-kernel.jar path for iam-platform-kernel.jar.
  Now i created a jar file out of this compiled project by right clicking on the project name and clicking Export -> Java -> JAR File. Selected the .classpath and .project files to export as well. Selected first option 1. Export generated class files and resources option. Other three existing options apart from this one which i selected were: 2. Export all output folders for checked projects. 3. Export Java source files and resources 4. Export refactorings for checked projects. So with the 1st option selected, I clicked next and then selected Generate New Manifest file in the final screen and clicked on Finish. Exported this by the name TelephoneValidationHandler.jar to desktop. If I open this jar by changing extension to zip, I see the following folder structure inside it :
  com -> custom -> TelephoneValidationHandler.class
  META-INF -> MANIFEST.INF
  .classpath
  .project
  I created a folder called lib and placed this jar file inside this lib folder. Then outside this lib folder, i placed the plugin.xml file created for this as follows:
  plugin.xml ->
  <?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.platform.kernel.spi.ValidationHandler">
  <plugin class="com.custom.TelephoneValidationHandler" version="1.0" name="TelephoneValidationHandler">
  </plugin>
  </plugins>
  </oimplugins>
  Now I selected the lib folder and plugin.xml and created a new zip file by the name TelephoneValidationHandler.zip which will be used for plugin registration. The zip folder directly inside it has the structure - plugin.xml file and lib folder having the jar file inside it.
  lib -> TelephoneValidationHandler.jar
  plugin.xml
  Now I went to the directory C:\Oracle\Middleware\server\plugin_utility and opened the ant.properties file in that and put in the values as:
  ant.properties ->
  # The installation directory for WLS
  wls.home=C:\\Oracle\\Middleware\\wlserver_10.3
  # The home directory for OIM. In case of shiphome its same as install directory
  oim.home=C:\\Oracle\\Middleware\\Oracle_IDM1\\server
  #login file name with path.
  login.config=C:\\Oracle\\Middleware\\Oracle_IDM1\\server\\config\\authwl.conf
  Now I opened a cmd prompt, traversed to C:\Oracle\Middleware\server\plugin_utility directory and typed in "ant -f pluginregistration.xml register" and executed this command.
  It asked for oim userid - xelsysadm, oim password: Password, server url: t3://oimhost:14000, name of plugin file with path: C:\\temp\\TelephoneValidationHandler.zip
  I got these errors in the redirector.out file in C:\Oracle\Middleware\server\plugin_utility :
  Error in registering the plugin. null
  Error occured during the use of plugin registering utility.
  And this is the detailed description in the redirector.err in C:\Oracle\Middleware\server\plugin_utility :
  Jul 17, 2012 6:05:58 PM PluginUtility main
  SEVERE: Exception occured {0}
  java.lang.NullPointerException
       at java.util.regex.Matcher.getTextLength(Matcher.java:1140)
       at java.util.regex.Matcher.reset(Matcher.java:291)
       at java.util.regex.Matcher.<init>(Matcher.java:211)
       at java.util.regex.Pattern.matcher(Pattern.java:888)
       at weblogic.utils.classloaders.FilteringClassLoader.matchesClassFilterList(FilteringClassLoader.java:213)
       at weblogic.utils.classloaders.FilteringClassLoader.findClass(FilteringClassLoader.java:97)
       at weblogic.utils.classloaders.FilteringClassLoader.loadClass(FilteringClassLoader.java:86)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:246)
       at oracle.iam.platform.pluginframework.PluginReader.validateInstance(PluginReader.java:303)
       at oracle.iam.platform.pluginframework.PluginReader.validatePluginsFromFile(PluginReader.java:363)
       at oracle.iam.platform.pluginframework.PluginReader.readPluginsFromZIP(PluginReader.java:147)
       at oracle.iam.platform.pluginframework.PluginReader.readPlugins(PluginReader.java:66)
       at oracle.iam.platform.pluginframework.PluginManagerImpl.registerPlugin(PluginManagerImpl.java:74)
       at oracle.iam.platformservice.impl.PlatformServiceImpl.registerPlugin(PlatformServiceImpl.java:129)
       at oracle.iam.platformservice.api.PlatformServiceEJB.registerPluginx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy528.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Jul 17, 2012 6:05:58 PM PluginUtility main
  SEVERE: Exception occured {0}
  java.lang.NullPointerException
       at java.util.regex.Matcher.getTextLength(Matcher.java:1140)
       at java.util.regex.Matcher.reset(Matcher.java:291)
       at java.util.regex.Matcher.<init>(Matcher.java:211)
       at java.util.regex.Pattern.matcher(Pattern.java:888)
       at weblogic.utils.classloaders.FilteringClassLoader.matchesClassFilterList(FilteringClassLoader.java:213)
       at weblogic.utils.classloaders.FilteringClassLoader.findClass(FilteringClassLoader.java:97)
       at weblogic.utils.classloaders.FilteringClassLoader.loadClass(FilteringClassLoader.java:86)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:246)
       at oracle.iam.platform.pluginframework.PluginReader.validateInstance(PluginReader.java:303)
       at oracle.iam.platform.pluginframework.PluginReader.validatePluginsFromFile(PluginReader.java:363)
       at oracle.iam.platform.pluginframework.PluginReader.readPluginsFromZIP(PluginReader.java:147)
       at oracle.iam.platform.pluginframework.PluginReader.readPlugins(PluginReader.java:66)
       at oracle.iam.platform.pluginframework.PluginManagerImpl.registerPlugin(PluginManagerImpl.java:74)
       at oracle.iam.platformservice.impl.PlatformServiceImpl.registerPlugin(PlatformServiceImpl.java:129)
       at oracle.iam.platformservice.api.PlatformServiceEJB.registerPluginx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy528.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Exception in thread "Main Thread" java.lang.NullPointerException
       at java.util.regex.Matcher.getTextLength(Matcher.java:1140)
       at java.util.regex.Matcher.reset(Matcher.java:291)
       at java.util.regex.Matcher.<init>(Matcher.java:211)
       at java.util.regex.Pattern.matcher(Pattern.java:888)
       at weblogic.utils.classloaders.FilteringClassLoader.matchesClassFilterList(FilteringClassLoader.java:213)
       at weblogic.utils.classloaders.FilteringClassLoader.findClass(FilteringClassLoader.java:97)
       at weblogic.utils.classloaders.FilteringClassLoader.loadClass(FilteringClassLoader.java:86)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:246)
       at oracle.iam.platform.pluginframework.PluginReader.validateInstance(PluginReader.java:303)
       at oracle.iam.platform.pluginframework.PluginReader.validatePluginsFromFile(PluginReader.java:363)
       at oracle.iam.platform.pluginframework.PluginReader.readPluginsFromZIP(PluginReader.java:147)
       at oracle.iam.platform.pluginframework.PluginReader.readPlugins(PluginReader.java:66)
       at oracle.iam.platform.pluginframework.PluginManagerImpl.registerPlugin(PluginManagerImpl.java:74)
       at oracle.iam.platformservice.impl.PlatformServiceImpl.registerPlugin(PlatformServiceImpl.java:129)
       at oracle.iam.platformservice.api.PlatformServiceEJB.registerPluginx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy528.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl.registerPluginx(Unknown Source)
       at oracle.iam.platformservice.api.PlatformService_ott20t_PlatformServiceRemoteImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  But in the end of this run it still does show - BUILD SUCCESSFUL message but it obviously doesn't work properly because after this registration is done, I go to the MDS through command prompt and import the new EventHandlers.xml which I create as shown below:
  EventHandlers.xml ->
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <validation-handler class="com.custom.TelephoneValidationHandler" name="TelephoneValidationHandler" entity-type="User" operation="ANY" order="1002" />
  </eventhandlers>
  This import of EventHandlers.xml is done to the path - /metadata/user/custom
  But after all this, whenever I try creating a new user, I don't even get to see the create user page. Instead I get a NullPointer exception thrown at me.
  Can someone please go through these above steps and tell me if there is any particular step I might be doing wrong??? Maybe the ant.properties is not set properly or maybe the ValidationHandler java code is not implemented properly. However as far as I see I think these steps are correct. I have checked with other posts in this category and followed them. However this error still exists. Please help me.
  Thanks,
  $id
  Edited by: $id on Jul 17, 2012 6:36 PM

  Hey You were right. I changed the plugin.xml file so that the plugin xml tag changed to <plugin pluginclass="..." ..> and now when I ran the ant utility to register the plugin, it did not give any errors. Instead I got a message saying Plugin registered successfully. Also then I went to the dev_oim schema and in that the plugins table and checked it. This time the plugin entry was present in the database in this table.
  Now I imported the EventHandlers.xml file using MDS utility as follows:
  Placed the EventHandlers.xml file in C:/temp/metadata/user/custom/EventHandlers.xml
  The EventHandlers.xml file is as mentioned earlier as follows:
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <validation-handler class="com.custom.TelephoneValidationHandler" name="TelephoneValidationHandler" entity-type="User" operation="ANY" order="1002"/>
  </eventhandlers>
  Now I changed the weblogic.properties file under C:/Oracle/Middleware/Oracle_IDM1/server/bin file to have the entry as follows:
  metadata_from_loc=C:\ \tempThen went to the cmd prompt and navigated to this same folder. Then executed the command: weblogicImportMetadata.bat. It asked the user name : weblogic, password: password and then the url: t3://oimhost:7001
  There were no errors after this executed. I only got End of Import Metadata Script as the message.
  I then executed the "PurgeCache all" command while in the same directory.
  And gave the oimusername: xelsysadm, oimpassword: password and the oim server url: t3://oimhost:14000.
  I got the message :
  PurgeCache Login Success...
  Purging the cache categories:[all] is successful
  After this I logged in to the OIM console and tried to create a user and provided proper telephone number in the field. But when i clicked on Save after giving in these details, I got the following error on the OIM console:
  A system error occurred.
  When i go the oim server logs i see the following lines in it whenever I click on save for a new user:
  [2012-07-18T11:15:22.799+05:30] [oim_server1] [NOTIFICATION] [IAM-0080013] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [APP: oim#11.1.1.3.0] Kernel executing default validation with process id, event id, entity and operation 1,796.0.User.CREATE
  [2012-07-18T11:15:23.111+05:30] [oim_server1] [NOTIFICATION] [IAM-3050013] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm][APP: oim#11.1.1.3.0] Searching for users with the specified criteria.
  [2012-07-18T11:15:23.688+05:30] [oim_server1] [WARNING] [IAM-0080002] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm][APP: oim#11.1.1.3.0] Orchestration validation failed on the event handler - Event handler TelephoneValidationHandler implemented using class/plug-in com.custom.TelephoneValidationHandler could not be loaded.
  [2012-07-18T11:15:23.938+05:30] [oim_server1] [ERROR] [IAM-3050029] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm][APP: oim#11.1.1.3.0] The user cannot be created due to validation errors.[[
  oracle.iam.platform.kernel.ValidationFailedException: Event handler TelephoneValidationHandler implemented using class/plug-in com.custom.TelephoneValidationHandler could not be loaded.
  After this error occurred I logged into the database and queried the database with following queries:
  SELECT * FROM dev_oim.orchprocess ORDER BY ID DESC; -> Got the latest entry of process id for operation CREATE and stage as validation-handler but the status of this entry was FAILED.
  Then executed another query as follows to get the event details for the latest process id i got from above query results:
  select * from dev_oim.orchevents WHERE processid=1797 ORDER BY orchorder;The output of this query was:
  "ID"     "NAME"     "STATUS"     "PROCESSID"     "STAGE"     "ORCHORDER"     "RETRY" "CONTEXTID"     "RESULT"
  "7544"     "CreateUserValidationHandler"     "COMPLETED"     "1797"     "validation-handler"     "1"     "0"     "0"     "(BLOB)"
  "7543"     "TelephoneValidationHandler"     "FAILED"     "1797"     "validation-handler"     "2"     "0"     "0"     "(BLOB)"
  I already have pasted my java code initially above. Please guide me if anything wrong in the code or with the EventHandlers.xml file. After importing, I checked again by exporting the EventHandlers.xml file from the location where I had imported it and it did exist in that path.
  Thanks,
  $id
  Edited by: $id on Jul 18, 2012 11:25 AM
  Edited by: $id on Jul 18, 2012 11:34 AM

• Role management in OIM 11g.

  Hi All,
  I am working on OIM 11g PS1.
  In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
  For this the simplest way is to add the user to role 'Role Administrators'.
  Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
  The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
  Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
  The error that comes on GUI:
  "ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
  Error in Weblogic logs:
  "<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
  ons in phase INVOKE_APPLICATION 5
  javax.el.ELException: java.lang.NullPointerException
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
  at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
  at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
  at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused By: java.lang.NullPointerException
  at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  Thanks,
  Sneha

  Hi,
  I found the resolution for this, so I thought I would share it here with everyone.
  I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
  To enable the view of role membership please follow the steps below:
  1. Login as XELSYSADM
  2. Goto Administration and search for the org which the users are assigned to
  3. Open the org details
  4. Click "Administrative Roles"
  5. Click "Assign"
  6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
  This will really solve the issue.
  Thanks,
  Sneha.