OIM - Autoprovisioning (Access policy/User grp)

Hi Guys
I have configured auto provisioning in OIM via access policies and user groups.
Is there some way that when I remove a user from a group, he should not get deprovisioned from the corresponding resources.
I know this looks wierd but I have this requirement. Please let me know how this can be implemented. Final object is to achieve auto-provisioning but disable auto-deprovisioning.
Thanks

There is a setting in the AP that makes the AP not revoke the resource when the AP no longer applies. It is called "Revoke If No Longer Applies"
http://download.oracle.com/docs/cd/E10391_01/doc.910/e10360/accesspolicies.htm
Best regards
/Martin

Similar Messages

  • OIm 11g: Access policy issue

    Hi All
    We are using OIm 11.1.1.5.0, Weblogic 10.3.5 and Oracle DB EE 11.2.0.2
    We have defined role "CommonUsers" and assigned access policies with "AD and Exchange" resources. Exchange is dependent resource on AD. Then We have excuted PSFT feed file to load users into OIm and will assign the role to Users based on conditions performed by custom adapters, Here "CommonUsers" role is getting assigned to users, but both resources are not assigned to the users. For some of the users "AD" assigned but not Exchnage, and some of the users both resources are not assigned. Few of the users both resources assigned.
    Can you please suggest, why OIM is not assigning the two resources to users, with the role assignment? And why its performing in that way?
    Thanks.

    I have done 4 users reconciled, role was assigned to them(4 users) but for 2 users, oim did not intiate Resource Provisioing. When I manually assign role to any user, some times its not intialting Resoirce Provisioning task. There is no log information for this situation.
    Thanks.

  • [OIM 9.1.0.2] Access Policy being evaluated to an OIM user disabled.

    Hi Gurus,
    I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
    Any tip on what I should take a look?
    Thanks in advance.

    Hi all,
    I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
    I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
    Thanks a lot.

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • How to Apply a Newly Created Access Policy on Existing Users in OIM????????

    How to Apply a Newly Created Access Policy on Existing Users in OIM?
    When the rule is getting failed the user is getting removed from the group but resource is not getting revoked. This is happening only for the old uses..for the users which i created now it working fine..i mean its resource is getting revoked.
    (Retrofit access policy" is checked on the Access Policyand Revoke if not longer applied is checked.)
    For the old users i see the POl_Key is null, for new users i see a value '10'. So i updated the pol_key for old users same as it got generated for new users '10'.
    i even updated the form version too but still revoke doesn't work.
    I cant go for the below approach..
    In order to apply a newly created Access Policy on existing users, one has to make sure that:
    1) "Retrofit access policy" is checked on the Access Policy.
    2) Then run the "Set User Provisioned Date" Schedule task to apply the Access Policy on the existing users in OIM.
    Note: After 9.1.0.1 BP03 the access policy execution has been moved to a new scheduled task "Evaluate User Policies" as mentioned inDocument 839368.1 :How to Use Access Policies to Provision with Groups.
    Is there any other approach i can try.. if you have any idea please reply me asap
    Thanks..

    Thanks for the reply kevin..
    We decided to try the Schedule task (Set User Provisioned Date).
    But i see one problem here after seeing this post in metalik --> Can Access Policies Manage The Life-cycle Of Users Created via Reconciliation? [ID 1136540.1]
    According to this post Access Policies framework does not manage users who are obtained either through trusted reconciliation or target reconciliation.
    Is there any custom way to achieve this??
    How does the access policy framework revoke resource work? (revoke if no longer applies)??
    Edited by: IDMuser19 on Jun 21, 2011 11:43 PM

  • Help Required With Access Policy Trigger On Enable User In Oim 11gR2

    My scenario is:
    We have a created a access policy for the user.
    Scenario1:
    As soon as the role is added to user, the account is provisioned.  -Working
    Scenario 2:
    As the user is disabled, the account gets revoked-Working
    Scenario 3:
    As the user is enabled, the new instance of the account should get provisioned.(It was earlier working in 11G r1)
    "Evaluate User Policies " is running every ten minutes.Manually also triggered it. but the account doesn't get provisioned after the user is enabled.
    Any inputs?
    Please help

    Your Scenario 2:
    As the user is disabled, the account gets revoked-Working ----> ITS WRONG if you are using OOTB feature of OIM
    -> When the user gets disabled, the accounts should get disabled. The result which u are getting above is not OOTB. Have you made any customization to any logic?
    Just for your info, there is one system property which is used to enable disabled resources when the user is enabled:
    http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#OMADM884
    Enable disabled resource instances when a user is enabled
    If the value is TRUE, then the disabled resource instances are enabled when a user is enabled.
    XL.EnableDisabledResources
    TRUE

  • OIM 11g R2 - AD provisioning based on Role and Access Policy

    Hi, for Active Direcotry integration i used some prepopulation plugin for populationg resource form (based on http://fusionsecurity.blogspot.sk/2013/01/populating-request-attributes-in-oim.html).
    It's work fine - requested account was fully provisioned.
    Can i use this plugins for Role based provisioning?
    I try to create access policy and associated role but when attached the role to the user and run Evaluate User Policies Job, account can't be provisioned.
    In diagnostic.log i found.....
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Immediate consequences are returned with event - InitiatePolicyEvaluationAndProvisioning
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Next Waiting child process is ..........6380 sync = false
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] First Waiting child process is ..........6380
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel executing default validation with process id, event id, entity and operation 6,380.0.Resource.ACCESS_POLICY_BASED_PROVISION
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel completed the child orchestration - 6380.6379
    [oracle.iam.platform.kernel.dao] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Inserting records for orchestration cleanup
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Completed orchestration with action result - 113

    Hi, all
    I try to fill Access policy Process Form. Account request was created and provisioned when field AD Server and Organization Name was filled in, but pre-population plugin doesn't fired
    The question is.... How can i use pre-population plugin for populating request dataset used with request generated by access policy....
    Is it possible to use plugins for requests generated based on access policy?
    a.

  • Access Policy is not getting trigggered after creation of user through GTC

    Hi,
    I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
    If anybody have any idea how to resolve this, please help me in this regards.
    Regards,
    Avijit

    Hi ,
    its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
    do post your results.......
    Regards.

  • PF attribute modification in Access Policy for existing users.

    Hi Guys,
    I have an access policy for provisioning a resource. Suppose if I make some changes for the process form attribute value inside the access policy,How can I have the same attribute value reflected in the process form of users who are already provisioned by the access policy?
    Direct database update wont be a good idea here as I am having multiple access policies for the same resource. Is there any table which is having the relation between provisioned resource and curresponding access policy if at all I have to go for a custom scheduled task?
    Thanks,

    Does this solution also supposed to work in OIM 11g? I Tried it but data on the main form does not get reflected on the process form of existing users. For child data it does work.
    Edited by: bsteen on Aug 5, 2011 5:21 AM

  • OIM 11g AD Connector Access Policy Based Provisioning Issue

    Hi,
    I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    Running ISADAM
    Target Class = java.lang.String
    Running GETUSESSL
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attribute
    Running Set User Expiration Date
    Running ISADAM
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETPWDEXPIRESATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set Pwd Expires Attribute False
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running SETADDN
    [2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
    [2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
    [2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
    [2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
    [2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
    Database srever is running.
    Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
         at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
    Please, Help.
    Edited by: user13830503 on 19/7/2012 6:39

    2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    Make sure the lookup table exists and is spelled correctly in your process task.

  • Unable to automatically provision users in AD via Access Policy

    Hello,
    I can connect to AD and provision a user manually to AD via OIM. Goes through just fine. However, if I use an Access Policy to do the same thing, it's stuck in the 'Provisioning' stage. All values are the same in the form.
    Any suggestions on why it works manually but not automatically? I have all values including AD server filled in my form. Is there additional configuration in the Access Policy that I'm missing?

    All fields are prepopulated.
    How do I enable autosave? It's doing the same thing with eDirectory too.
    If I go 'Edit' the task I see all values prepopulated. But they're not getting pushed out to the resource. So if I click 'View' all fields are blank.

  • OIM iPlanet Resource revoked using access policy

    Hi,
    I had created a group and access policy based upon which i tried to provisioned a iplanet resource to a user.
    For this I had created a UDF(say type with value C) and created a rule based on which user is assigned to group say business and also iPlanet resource is provisioned to user
    As I Edit the profile and clear UDF. User is removed from group and also iPlanet resource is revoked.(In Access Policy revoked if no longer applied)
    I am able to do this task Successfully But If iPlanet resource is already allocated to user and I update the UDF(value C) user is assigned to group and iplanet is already assigned to user(muliple resource UNTICK). and now if i again Updated the UDF(mean clear it) user is removed from the group but iPlanet resource is not revoked from the user......
    Can somebody tell me why it is happening??? wheather its a bug in OIM or I am missing something...
    Thanks
    Anil

    If I understand your requirement correctly, when you change the value in process form edit from C to other, iPlanet resource is getting revoked.
    But when you change the the same value from user profile edit, the iplanet is not getting revoked right?
    As per my knowledge I can say, when you update the value for UDF in user profile, you can use triggers USR.TRIGGERS which will update the process form. In this case your process form will gets updated by default.
    This in turn triggers access policy and revokes the resource.
    Hope this helps you

  • OIM Access Policy OU Updates

    All,
    I am wondering if any you have encountered an issue in OIM where a user’s OU in AD does not change when a new access policy applies to the user with a new OU (the old access policy is no longer valid). I have noticed that child form attributes (groups) are updated with the values from the new access policy, but parent form values such as OU, are not updated.
    The access policies currently do have retrofit selected.
    I also have tried running the “Evaluate User Policies” task with no luck.
    If you have any insight as to how we might resolve or workaround this issue, it would be appreciated.
    Thanks,
    -Derek

    What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
    Deborah

  • OIM access policy not evaluating a boolean

    I have a test for a boolean in Access Policy
    booleanvariable == true
    but it does not evaluate
    I tried booleanvariable == 1
    and this does not work either.
    If I have a string field instead of a boolean, then it works
    stringvariable == TRUE
    this works.
    Is there something wrong with booleans in Access Policy?

    I'm currently using Boolean with access policies, though maybe a little different.
    In the OIM Design Console, I've created a rule (Resource Management -> Rule Designer) named TestRule
    Add Element:
    - Attribute: booleanvariable
    - Operation: ==
    - Attribute Value: 1
    I have groups that mirror access policies, so let's say that we've also created a group (User Groups->Create via OIM AU Console - Web)
    - Under 'Membership Rules' in the dropdown box for group details, assign the rule you just created
    - Then under 'Access Policies' add the policy you created under Access Policies -> Manage
    Then when a user is in OIM with booleanvariable checked, the Access Policy is applied to that user.

  • Create Access Policy with OIM API: can't fill child form

    Hi!
    I'm having a problem with creating OIM Access Policy with API. I'm doing the following:
    1. Create a new access policy via AccessPolicyIntf
    2. Add a resource object which will be provisioned to all users who are within policy scope
    3. Get Resource Object (Parent) Form Definition via FormDefinitionIntf
    4. Add data to parent form (AccessPolicyIntf setFormData(FormDefinitionKey))
    5. Now I want to add data to the child form, for that purpose I need to know child form definition key, but I can' get one, because there's no method like 'getChildFormDefinitionKey' in FormDefinitionIntf interface.
    Please, help me to get child form definition key, knowing parent form definition key and version

    See if this code helps:
    public String addChildTableValue(long userKey, String group, String objectName, String fieldName tcDataProvider ioDatabase) {
    log.debug("addChildTableValue() Parameter Variables passed are:" +
    "userKey=[" + userKey + "]" +
    "group=[" + group + "]" +
    "fieldName=[" + fieldName + "]" +
    "objectName=[" + objectName + "]");
    try{
    tcUserOperationsIntf userIntf = (tcUserOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcUserOperationsIntf");
    tcFormInstanceOperationsIntf formIntf = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
    boolean roleExists = false;
    //Result set of all Object for user
    tcResultSet obResultSet = userIntf.getObjects(userKey);
    if (obResultSet.isEmpty()){
    log.error("User has no provisioned objects");
    return "NO_OBJECTS_EXIST";
    }else{
    for (int ii=0; ii<obResultSet.getRowCount(); ii++){
    obResultSet.goToRow(ii);
    if ((obResultSet.getStringValue("Objects.Name").equals(objectName)) &&
    (!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Revoked")) &&
    !(obResultSet.getStringValue("Objects.Object Status.Status").equals("Provisioning")))){
    log.debug("Resource object found: " + objectName);
    //Process Instance Key of the object
    long plProcessInstanceKey = obResultSet.getLongValue("Process Instance.Key");
    log.debug("Process instance key: " + plProcessInstanceKey);
    //Process Key for the parent for
    long plParentFormDefinitionKey = obResultSet.getLongValue("Process.Process Definition.Process Form Key");
    log.debug("Parent form definition key: " + plParentFormDefinitionKey);
    //Form version of the parent form
    int pnParentFormVersion = formIntf.getProcessFormVersion(plProcessInstanceKey);
    log.debug("Parent form version: " + pnParentFormVersion);
    //Result set of Child Form information
    tcResultSet childFormResultSet = formIntf.getChildFormDefinition(plParentFormDefinitionKey, pnParentFormVersion);
    //Child form definition key
    long plChildFormDefinitionKey = childFormResultSet.getLongValue("Structure Utility.Child Tables.Child Key");
    String plChildTableName = childFormResultSet.getStringValue("Structure Utility.Table Name");
    log.debug("Child form definition key: " + plChildFormDefinitionKey);
    log.debug("Child table name: " + plChildTableName);
    tcResultSet childFormData = formIntf.getProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey);
    if (!(childFormData.isEmpty())){
    log.debug("Searching child table current values");
    for (int iii=0; iii<childFormData.getRowCount();iii++){
    childFormData.goToRow(iii);
    String fieldValue = childFormData.getStringValue(fieldName);
    log.debug("Child table entry: " + iii + " | value: " + fieldValue);
    if (fieldValue.equals(group)){
    roleExists = true;
    log.debug("Value already exists in child table");
    return "DUPLICATE_VALUE";
    log.debug("Value not found in child table");
    if (!roleExists){
    Hashtable childFormHash = new Hashtable();
    childFormHash.put(fieldName, group);
    formIntf.addProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey, childFormHash);
    log.debug("Value successfully added to table");
    return "VALUE_ADDED";
    log.debug("Provisioned resource " + objectName + " object not found");
    return "OBJECT_NOT_FOUND";
    catch(Exception ex){
    ex.printStackTrace();
    return "ERROR";

Maybe you are looking for

  • How do i sync my iphone with itunes on windows 8?

    I have Windows 8 and I cannot sync my iphone 5 to my itunes. When I open Itunes, I go to File > Devices > but i cannot select the Sync options. I don't know why. I am thinking it is because i am using Windows 8. however I have checked my updates, and

  • Abap-hr : error in retrieving employee's family dependent details

    Hi all,         while retreiving family dependent details of employee of subtype de01 its throwing up a dump        <REMOVED BY MODERATOR> *& Report  ZABAP_HR                                                    * REPORT  ZABAP_HR                      

  • Sending Photos From My IPHONE to My Email

    im Trying to Send Photo's From My IPHONE 5s to My Yahoo Email So I Can Use it . But for thwe Past two Days they Have Not Shown up in My Email. This is the First time this has Happen with an IPHONE. What Should I Do

  • NVL function

    Hello: I have a problem with the query below. It works fine in PL/SQL. but run throgh VB6.0. I will get the following error. ORA-01858 a non-numeric character found where a digit was expected The query is as follows: SELECT grower.regcomp_id, grower.

  • How does the delta works for changes made to Sales Document

    Hi Experts, How does delta for 2LIS_11_VAITM for the changes made to Sales Order Header..... Example: If a sales order had 10 line items any changes at the item level are captured by 2LIS_11_VAITM Could you please update me on how the changes made at