OIM 11g R2 Membership rules and roles
All,
I have noticed that the NOT operator is not available while creating the membership rules in roles.
Is there any work around for this?
I am planning to write a post process event handler to add the roles if I can't find any other way around this.
You can add elements but that would be difficult to manage. Suppose you have 100 departments and you want exclude Department 1000 then it would be difficult to add Department 1 to Department 999 in your rule.
As of now you can go ahead with your Event handler.
I opened an ER with Oracle long back.
Similar Messages
-
How to use rules and roles in workflow?
Hi experts,
I am a beginner in workflow. Could any one tell me how to use rules and roles in workflow ?
Can u pls tell me the steps to follow?
and more over what are all the <b>important things</b> we have to learn in workflow module ??
I shall be thankful to u.
Thanks
umaHi
Workflow automates the steps and activities in a business process according to predefined procedures and rules.
Workflow presents information and documents to the appropriate knowledge worker or agent (another entity such as a program) to make a decision or perform an activity.
Workflow tracks each and every step in the process flow and maintains an ongoing status.
Workflow also collects and reports all of the metrics associated with the execution and completion of the process.
Check the below links u will get lot of info..
http://www.sap-press.com/product.cfm?account=&product=H950
Workflow
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/a5/172437130e0d09e10000009b38f839/frameset.htm
For examples on WorkFlow...check the below link..
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
Go through the following links on FORK :
http://help.sap.com/saphelp_nw04/helpdata/en/24/e2283f2bbad036e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/8d/25f1e7454311d189430000e829fbbd/frameset.htm
http://help.sap.com/saphelp_46c/helpdata/en/c5/e4a930453d11d189430000e829fbbd/content.htm
http://www.insightcp.com/res_23.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMSTART/BCBMTWFMSTART.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMPM/BCBMTWFMPM.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
For more reference on workflow: http://****************/Tutorials/Workflow/Workflow.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/04/9277a346f311d189470000e829fbbd/frameset.htm
Check these links.
http://www.sapgenie.com/workflow/index.htm
/people/ginger.gatling/blog/2005/12/01/link-workflow-business-objects-to-your-collaboration-tasks
http://help.sap.com/saphelp_nw04/helpdata/en/92/bc26a6ec2b11d2b4b5006094b9ea0d/content.htm
http://help.sap.com/saphelp_bw33/helpdata/en/92/bc26a6ec2b11d2b4b5006094b9ea0d/content.htm
http://help.sap.com/saphelp_bw31/helpdata/en/8d/25f94b454311d189430000e829fbbd/content.htm
http://www.sap-press.com/product.cfm?account=&product=H950
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
Workflow
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/a5/172437130e0d09e10000009b38f839/frameset.htm
For examples on WorkFlow...check the below link..
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/a5/172437130e0d09e10000009b38f839/frameset.htm
For examples on WorkFlow...check the below link..
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
Workflow tutorials with step-by-step and with screenshots are available at http://www.****************/Tutorials/Workflow/Workflow.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/42/c14a9b55103116e10000000a1553f7/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/c5/e4a930453d11d189430000e829fbbd/frameset.htm
http://www.sapgenie.com/workflow/
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.sap-basis-abap.com/wf/sap-business-workflow.htm
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2857887
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2855919
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2735228
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMSTART/BCBMTWFMSTART.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMPM/BCBMTWFMPM.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
Debug a workflow.
This has a step by step procedure :
http://fuller.mit.edu/workflow/debugging.pdf
www.erpgenie.com/sap/workflow/debugging.htm
http://www.erpgenie.com/workflow/debugging.htm?2b5de440
Workflow tutorials with step-by-step and with screenshots are available at
http://www.****************/Tutorials/Workflow/Workflow.htm
http://www.sapgenie.com/workflow/
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
http://www.sap-basis-abap.com/wf/sap-business-workflow.htm
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2857887
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2855919
https://forums.sdn.sap.com/click.jspa?searchID=791580&messageID=2735228
http://www.sapbrain.com/TUTORIALS/TECHNICAL/WORKFLOW_tutorial.html
Regarding Work Flow
work flow scenarios.
1. applying for a leave.
2. approval process.
3. material creation process.
4. mainly work flow is for notification purpose.
chk this links
http://help.sap.com/saphelp_erp2005/helpdata/en/fb/135962457311d189440000e829fbbd/frameset.htm
http://help.sap.com/saphelp_erp2005/helpdata/en/c5/e4a930453d11d189430000e829fbbd/frameset.htm
Workflow
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/a5/172437130e0d09e10000009b38f839/frameset.htm
For examples on WorkFlow...check the below link..
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
http://www.erpgenie.com/workflow/index.htm
http://www.sap-basis-abap.com/wf/sap-business-workflow.htm
http://www.insightcp.com/res_23.htm
A good tutorial
http://www.thespot4sap.com/articles/Invoice_Verification_Automation_Using_SAP_Workflow.asp
http://www.sap-basis-abap.com/wf/sap-business-workflow.htm
/people/alan.rickayzen/blog
/people/jocelyn.dart/blog/2006/06/19/why-use-abap-oo-with-workflow
a good book
http://www.sap-press.com/product.cfm?account=&product=H950
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.sap-press.com/downloads/h950_preview.pdf
Check the following PDF
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMSTART/BCBMTWFMSTART.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMPM/BCBMTWFMPM.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
also seach the workflow forum: SAP Business Workflow
Regards
Anji -
OIM 11g R2 - Creating a new role using API
Hi,
I am trying to create a new role in OIM 11g R2 using RoleManager API.The requirement is to provide "Role Owner" also while creating the role.May I know how to do that?.Thanks in advance.HashMap <String, String> groupMap = new HashMap <String, String> ();
groupMap.put("Groups.Group Name", groupName);
groupMap.put("Groups.Role Description", "Just for testing");
long groupKey = -1L;
try {
groupKey = goi.createGroup(groupMap);
logger.info("RESULT: Group with group_key '" + groupKey
+ "' has been successfully created");
} catch (tcAPIException e) {
logger.info("Creating client...."+e);
} catch (tcDuplicateGroupException ex) {
return getGroupKey(goi, groupName);
//logger.info(""+ex.toString());
} catch (tcInvalidAttributeException er) {
logger.info(""+er.toString());
I hope this really helps you,
Thiago Leoncio.
(Blog: thiagoleoncio) -
OIM 11g-How to restrict the role administrator from seeing "other" roles
Dear All,
How to restrict Administrator from seeing roles he is not suppose to administer?
My administrator is suppose to assign only Role A. When he logs in He can see every single role. How to correct it so that he can see only Role A?
Thank you for your time
MariaModify "All User Role Management Policy"
-
OIM 11g R2 Available Roles For Organizations Is Empty After XML Import
Hi,
When we exported Organizations in OIM via Deployment Manager and imported them back, available roles on Organizations are gone.
To be exact; Hierarchical role assignments are gone, which are done using "include-sub-orgs" check while putting organizations to Roles.
To understand the problem,
We took a single organization, exported it, changed only organization name in the XML and imported it back. The results are the same.
We included every possible dependency in the xml to see if this was the issue, apparently it wasn't.
Furthermore,
On the Role screens' Available Organization's tab, when we check the "include sub orgs" box, it works fine on manually added organizations. They are shown on Available Roles for the Organizations.
But this doesn't work on imported organizations.
Is there a trick to this in R2?
How can we export-import the organizations and still see the available roles?
Thanks,
ErdogduHi All
Any updates please . Can any one just update whether creating a custom attribute on User Profile adds the attribute in the list of attributes for membership rules for roles .
Thanks
Darshan -
Restricting administrator tab to user created with default role OIM 11g R2
Hi,
I have a query, if we create a user in OIM 11g R2 without any admin role and then login to Self Service screen (Identity) with the newly created user, we can see the Administration Tab is visible to the user.
Is this mean that by default user is having admin role assigned to him to do some of the admin activities.
Please let me know how to control this behavior and not to show the Administration tab to the user until and unless he is having some admin roles assigned to him.
Please help.You can hide Administration tab for normal users using EL's. By default users will get this tab when they login to identity console even though admin role is not assigned to them. But if you do any operation on any users, request will be raised accordingly.
Check this link to configure EL's http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#autoId18 -
OIM synchronization organize information and role information
How to use the OIM to synchronization organize information and role information from the Oracle database?
thanks!Can you explain little bit about your use case ?
-
SOAP API integration problem with OIM 11g R1
Hi,
We're facing a problem when we are attempting to provision for a third party Web Service application in OIM 11g R1.
During development and test running in an IDE environment, JDeveloper, the soap wsdl requests are triggered and a response is received successfully. However, when we shift the work and integrate it with OIM using design console, there seems to be an error indicating an invalid wsdl location. We have used the super class Exception, in try-catch block for handling of the exceptions. Please see the log message.
Xl Home Dir :/oracle/Middleware/Oracle_IDM1/server
Running CREATEUSERTASK
Target Class = org.identityconnectors.Provisioning.QuickShareUserProvisioning
URL : XXXXX
User ID : XXXX
Password : XXXX
ERROR: Invalid wsdl location robi/XXXX_saved_wsdl.wsdl
When we simply run the jar file from the command line, it gives us, java.lang.NoClassDefFoundError: javax/xml/rpc/Service
[oracle@idmlab JavaTasks]$ java -jar archive1.jar
URL : XXXXX
User ID : XXXX
Password : XXXX
Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/rpc/Service
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at org.identityconnectors.Provisioning.QuickShareUserProvisioning.createUser(QuickShareUserProvisioning.java:41)
at org.identityconnectors.Provisioning.QuickShareUserProvisioning.main(QuickShareUserProvisioning.java:215)
Caused by: java.lang.ClassNotFoundException: javax.xml.rpc.Service
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
... 14 more
Any help or suggestion, appreciated!
Thanks
Tamim KhanHi Kevin,
Thanks a lot for the response. But, when i deployed the composite SAR in to the server from Jdeveloper, i checked the option to "Overwrite any existing composite with same revision ID". SO, i used the same revision ID (Say 1.0), will this also need to be disabled?
Thanks,
Srini -
OIM 11G, DSML integration failing with null pointer exception
Hi,
we are facing the similar probelm while sending a request from TIBCO BW to OIM 11G (Which is weblogic)
The below request from TIBCO is not working and thowing a NULL POINTER EXCEPTION
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<ns:OIMUser xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns="http://xmlns.oracle.com/OIM/provisioning" xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/">
<ns:OIMUserId>xelsysadm</ns:OIMUserId>
<ns:OIMUserPassword>Welcome123</ns:OIMUserPassword>
</ns:OIMUser>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns0:processRequest xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://xmlns.oracle.com/OIM/provisioning">
<sOAPElement xmlns="">
<ns:modifyRequest xmlns:ns="urn:oasis:names:tc:SPML:2:0" xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" returnData="data">
<ns:psoID ID="Users:21"/>
<ns:modification name="Users.User ID" operation="add">
<ns:value>Richard1</ns:value>
</ns:modification>
</ns:modifyRequest>
</sOAPElement>
</ns0:processRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
But if we change the <sOAPElement xmlns=""> to <sOAPElement> (removing the empty namespace) we can able to fire this soap.
Could you please let me know are there any patch, workaround for this issue.
Thanks
MadhuI don't think OIM 11g supports DSML profile and may be that's the reason you are getting NPE.
See: http://docs.oracle.com/cd/E14571_01/doc.1111/e14309/spmlapi.htm#CHDCBJAI
It states:
"SPML has two profiles: the XSD profile and the DSML profile. This release of Oracle Identity Manager makes use of the XSD profile." -
OIM 11g R2 - Developing ManagedBean
Hi all,
I'm very very newbie about ADF.
I'm trying to develop a ManagedBean to show components on OIM web interface conditionally. I found this doc http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#BABFFACA and I followed the tutorial.
My requirement is exactly the one explained in chapter "*30.10.5.1 Showing Components Conditionally*" (http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#BABFAEIE), but I have a problem: at steps 2 and 3, when I try to use FacesUtils class methods "+partialRender+" and "+getListBindingValue+" I get and error. It seems that the auto imported class oracle.iam.ui.platform.utils.FacesUtils does not have these methods.
I try to look for other jars on OIM server containing the class FacesUtils, but without success.
I searched on the web and I found this doc http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/facesutils.htm talking about FacesUtils class in OIM 11g R2 (my version) and in the code snippet provided I can find the methods mentioned above.
To workaround the problem, I created a class FacesUtils in my project (copying the java code snippet provided in the last document) and use it in my ManagedBean, but which is the right solution? I mean where can I find the library containing the correct FacesUtils class?
Thanks in advance,
DanieleHi guys,
sorry for the wrong information....There isn't any jar named ADFSpyke.jar in the original oracle.iam.ui.custom-dev-starter-pack.war.
In mine it was there because a colleague create it without tell me.
Sorry again for the mistake.
P.S. Anyway if you need the FacesUtils class, you can create it copying it from here http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/facesutils.htm (as mentioned in my first post)
To workaround the problem, I created a class FacesUtils in my project (copying the java code snippet provided in the last document) and use it in my
ManagedBean, but which is the right solution? I mean where can I find the library containing the correct FacesUtils class?Bye
Daniele -
OIM 11g: Issue while evaluating rule for Role Membership
Hello All,
I have configured few General Rules using 2 of our User Defined Fields, these general rules are used to determine role membership.
What we observed that once "Identity Status" attribute is set to "Disabled" for OIM User Profile then OIM stops evaluating these configured General Rules for Role Membership.
Env Details:
Product Version: Oracle Identity Manager 11.1.1.5.0
App Server: WebLogic Server Version: 10.3.5.0
OS: Red Hat Enterprise Linux Server release 5.5
Database: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64 bit
Please let me know if any of you have encounter this issue and if there is any workaround available for it.
Thanks,
ShyamRe: OIM11g: Resource not revoked if the Identity Status is DISABLED
XL.EvaluateMembershipForInactiveUser
Workaround:
You can make you of Event Handler and assign that group with APIs. -
Rule based Role membership in OIA is not pushing to OIM
Hi All,
Rule based Role membership in OIA is not pushing to OIM due to error as
00:01:38,055 DEBUG [DBIAMSolution] Group Role container for JDE.JDE_BHRUSRTT found...
00:01:38,144 ERROR [DBIAMSolution] Error Occured while adding users to role
Thor.API.Exceptions.tcAPIException: Error occurred while find User information: USER_NOT_FOUND
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcGroupOperationsIntf_13pobh_tcGroupOperationsIntfRemoteImpl_1035_WLStub.getAllMemberUsersx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy396.getAllMemberUsersx(Unknown Source)
at Thor.API.Operations.tcGroupOperationsIntfDelegate.getAllMemberUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Meth
Any one can help will be appreciate...
Thanks
Bikas
Edited by: Bikas Mandal on Mar 27, 2013 6:15 AMTry these steps and let me know what you see:
Login to OIA > Administration > Configuration > Workflows
Select Role membership create workflow
And check if you have added OIM provisioning server in the Step5 of the workflow.
Cheers,
Vamsi. -
Regarding Authorization policy and Roles in OIM 11g
Hi,
In OIM 11g Admin interface, is there a way to find out what all authorization polices, a role has been assigned to ?.
I am asking this because, if you search for a user, you will know what all roles he is a member of, and similarly if you search for a role, you will know who all users are members of that role.
Similarly, if you search for a Authorization policy, you will know what are roles are assigned to this policy. But if I search for a role, I am not able to find what all authorization policies has been assigned to this role.
Looking forward to hearing from you,
Many thanks in advanceI understand your concern. But, this feature has not been available
--nayan -
Role management in OIM 11g.
Hi All,
I am working on OIM 11g PS1.
In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
For this the simplest way is to add the user to role 'Role Administrators'.
Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
The error that comes on GUI:
"ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
Error in Weblogic logs:
"<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
ons in phase INVOKE_APPLICATION 5
javax.el.ELException: java.lang.NullPointerException
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: java.lang.NullPointerException
at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
Thanks,
SnehaHi,
I found the resolution for this, so I thought I would share it here with everyone.
I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
To enable the view of role membership please follow the steps below:
1. Login as XELSYSADM
2. Goto Administration and search for the org which the users are assigned to
3. Open the org details
4. Click "Administrative Roles"
5. Click "Assign"
6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
This will really solve the issue.
Thanks,
Sneha. -
i want to create a membership rule that would encapsulate my business logic but not auto-assign a role to a user. basically, looking to execute the rule via the OIM apis and have it provide back a boolean response.
is this possible?
thanksDon't think so, why not have the business logic put into the java client itself. There are multiple ways there to make it generic and configurable at java end. If you are on 11g then probably try using the Business Rules feature of BPM which comes shipped with BPEL in 11G. You can have java clients for Oracle Business Rules and that would plug into OIMs framework too.
-Bikash
Maybe you are looking for
-
How to save a JPG in 256 colors?
I'm using Photoshop CS2. 1. How to save a JPG in 256 colors? 2. Is there a way to see an image properties? -- I want to know if that image is in 256 color or not...
-
Where to buy a ADC to VGA adaptor
Im looking for one to pick up at a store. Does anyone know who might carry a ADC to VGA adaptor?
-
Changing computer that syncs apple tv w/out having to delete all media
I just bought a new computer and want to use the new computer to sync without having to erase and recopy everything on the apple tv, which would take days given the amount of media I have. All of the media that I have on itunes and sync with my Apple
-
I have migrated an 8i database to 10g 10.2.0.3. I am getting a compile error on a procedure which is now INVALID referencing a package which compiles ok and is VALID. The compile error I get on the procedure is: PLS-00386: type mismatch found at 'PIO
-
How do you move folders of pictures (not in other versions of PSE) to PSE 8. I am able to convert catalogs, however I don't know how to simply import all the pictures I have in folders to PSE. Thank you so much for any help. Una