OIM - Conceptual question

Hi All
I have some confusion about parent table and child table w.r.t to resource provisioning. Say for example, if I am using the AD connector, then I will have a main parent table for AD RO and a child table for AD Groups. When I try to provision a user, I populate the parent table data on the process form and then select a particular group and attach it to parent table, a user gets provisioned to AD with that group. This will trigger two process tasks as below:
1. Create AD user
2. Add to AD group
I want to know that how OIM knows when it has to call the second task and whether it has to call the 2nd task or not. Where in OIM can I see this linkage.
Is it something like if there is a row populated in child table, it automatically calls the second task. Is there any way, I can see this linkage or is it internal to OIM.
Please let me know if anyone has idea about this.

I guess you have already answered your question ..,
If you see your process task Add user to group and look up for some thing like Child table and trigger type (down left corner) . When ever you add a child data from web app , A row would be inserted in the child table and this task has a mapping that when ever a insert opertion happens in this child table , invoke me . So its invoked .
Create user task is called as its the only non conditional task in the process definition . All non conditional task would be invoked

Similar Messages

  • OAM / OIM - Conceptual question

    Hi all,
    I'm trying to understand the overlap between OAM and OIM in terms of identity management. I'm going through the OAM manuals and it talks about OAM's Identity System in a way that very closely resembles a lot of what OIM does, ie. user management, groups, delegated admin, self admin, etc...
    I'm trying to understand how these two fit together. I know OIM does a lot more in terms of provisioning to other resources... is OAM considered a resources that OIM provisions to? If you have OIM and OAM, it seems that there's now 2 repositories of user data....
    Can someone explain (or point me to a doc that does) the relationship(s) between OIM and OAM, how they fit together, which drives the other, etc...?
    Thanks very much

    OAM's Identity System is web based self service tool for users to edit their information for their identity records. Forgot Password Service will help the users to reset their passwords. Oracle Access Manager's main functionality is the Single Sign On feature and to offer AU and AZ services. Also OAM's Identity System helps you to create/manage/delegate LDAP Dynamic Groups and Organizations. Remember, OAM will not be able to provision users with LDAP Accounts. You need to create LDAP Accounts and then you can manage the users via OAM Identity System. You can also create users from OAM Identity System but no one creates users from OAM Identity System in a corporate environment. OAM Identity System is designed to provision the Access Administrators with capability of creating/managing/delegating the tasks of Dynamic LDAP Groups which are in turn used in AZ rules for Access Policies. AFAIK, creating users and organizations from OAM - Identity System is not recommended. My recommendation for using the OAM Identity System is to limit the usage to LDAP Dynamic Group Creation. As a Access Administrator it will be very convincing to create the groups without contacting the LDAP Teams.
    On the other hand, OIM can synchronize with Corporate HR systems/AD/LDAP and other authoritative identity sources and pull the records to OIM. Based on the business roles, OIM can automatically provision the users with all required resources with appropriate access rights. OIM also offers Forgot Password and Password Reset services which are recommended for usage in a corporate environment. Also I don't think you can create LDAP Dynamic Groups and Organizations in an authoritative LDAP via OIM.
    Coming to the integration part, OAM can protect OIM and offer Single Sign On to OIM Services. OIM can provision users to OAM but not straight forwards as there is no connector provided for OAM OOTB. If you have both OIM and OAM still you have a single identity (user) store. Both OAM and OIM will talk to the single user store for synchronization. For OIM, you will have a user account in OIM System apart from the user directory but for OAM you will use the account from the user directory to access Identity and Access Services.

  • PI conceptual question

    Good afternoon:
    We are currenlty moving into SOA and we'd like to use Netweaver as our ESB but I have a conceptual question right now:
    - If my applications consume the web services provided or registered in the Services Registry, will I be using the Process Integrator implicitly??
    We want to register web services and use the web services registered in the Services Registry of Netweaver, but licensing for the PI es really expensive...
    Thanks for any hints...

    >  If my applications consume the web services provided or registered in the Services Registry, will I be using the Process Integrator implicitly??
    Yes, To consume or host webservice we can use PI middleware. PI supports also service registry to register your webservice for others.
    >> We want to register web services and use the web services registered in the Services Registry of Netweaver, but licensing for the PI es really expensive...
    PI 7.3 has plenty of cool features and it is claimed as SOA Middleware. Comparitively PI licensing cost is better than competitors too.

  • Conceptual questions with document management and Apex:

    Hello Everyone,
    I have reviewed or participated in thread discussions focusing primarily on subject matters concerning text editors, spellcheckers and document printing. The reason for this is due to our client requesting the creation of a basic centralized document management system that will enable users to create, edit and print technical documents in a database centric web-based environment. The caveat is that the client would like the same basic functionality that users get from MS Word. I know about FCKeditor or TinyMCE and their associated spellcheckers. What concerns me is that I have not found a possible plug-in to handle tracking changes, no one wants to re-read a large multiple page document again when all they would rather do is just view the changes. I know there are possible database schemas that might facilitate this type of functionality; I am just hoping it is more of a plug-in function.
    So with all that being said my dilemma is how to approach the design of such an application using Apex, if that is possible. Some questions I have are:
    1. Do design the application where you have a text field that contains the entire document, which could be as many as 25 or more pages?
    2. Or do you break down the document in to multiple text fields and then assimilate them in to a single multi page document when printing?
    3. Would you store the document data using XML under condition 1, 2, both or not at all?
    4. What types of data tables might exist, such as tables for document templates, work-in-process and final documents or something else?
    I know there are a lot of other concepts/questions to consider and a large part of the design approach would be based on client requirements. My goal here is to gather different basic conceptual approaches, from forum members, in order to help facilitate a starting point for the project.
    By the way I have seen on the Apex Latest Forum Poll, for quite sometime, where Document Management is an application that people would like to see developed. Can anyone from the Apex-team tell me if it is in the works and if so, when?
    Thanks, in advance, for any suggestions.

    Hey Chet,
    Thanks for the response; actually I had visited the sample package apps. site awhile back and did not realize more had been added. My problem is that I use Apex 2.1 and not 2.2, so unless there is a way to load the package apps. to the Oracle hosted site, I won't be able to review there design. It would be nice if Oracle tied these package apps. to their demonstration applications sample downloads function in Apex.
    As for storing each line of the document in a single record, this was thought of as an initial approach. A concern by the team was how to program the logic to identify specific changed text in say a 5 sentence paragraph and how large the table would become if recording it line by line.
    It is still a good approach to consider and we appreciate the input.

  • Question on OIM security questions

    I am currently using tcUnauthenticatedOperationsIntf.getChallengeValuesForUser() to obtain questions for a user that is not logged in.
    There is another requirement where need to find the same information for a user that is logged in.
    tcUnauthenticatedOperationsIntf.getChallengeValuesForUser() does not work for a user that is logged in - I get a user invalid exception.
    I could use ChallengeResponseService.getChallengesForLoggedInUser() ; However, I do NOT have the user's password handy at this point, am way past the login page.
    All I need to find out really is if the questions for the user have been set or not. If there is anther way of finding this information out, like an OIM flag or something that I can query using the API, that would be great.
    Appreciate all the help I can get.
    Thank you.

    We also tried unauthenticatedSelfService.getChallengeQuestions() and had no luck with it. We get a user invlid exception for this one too:
    Caused by: oracle.iam.selfservice.exception.UserAccountInvalidException: User account is invalid
    at oracle.iam.selfservice.uself.uselfmgmt.impl.UnauthenticatedSelfServiceImpl.getChallengeQuestions(UnauthenticatedSelfServiceImpl.java:108)
    at oracle.iam.selfservice.uself.uselfmgmt.api.UnauthenticatedSelfServiceEJB.getChallengeQuestionsx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    Other options we tried (None of them worked):
    ChallengeResponseService.getChallengesForLoggedInUser - can't use this, it needs password.
    ChallengeResponseService.getChallengesForUser - didn't work, same exception: user invalid
    ChallengeResponseService.getChallenges - didn't work: javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>
    AuthenticatedSelfService.getChallengeValuesForSelf() and AuthenticatedSelfService.getUserDefinedChallengeQuestions(java.lang.String userName) : None of them worked either - I presume they would work if we had the password but we don't.
    Again, the objective here is to use the api and find out if the questions & answers for a user have been set. Constraints are that we are logged in, but we don't have the password.

  • OIM-Challenge Questions

    In OIM,
    there are 5 secuirty Questions.
    1.I want that users cant enter same answer for all questions? How it can be done any idea?
    2. Can I force users to answer all 5 questions instead of 3 ?

    1. you can enter the same answers, but it is not possible to force all answers to be the same
    2. system configuration PCQ_NO_OF_QUES

  • OIM DB question

    It is a simple question, but I am not able to figure this out.
    I installed Oracle Database 11g Express Edition and when I used RCU, it gave an error saying JVM missing and I found in the forums that we should uncheck the OIM option, but I am installing the DB for OIM.
    So I tried to install Standard
    Can I use Standard Edition One, I had issues configuring this one - not a DB expert.
    Any suggestions? I did look at the DB requirements, but could not find if I can use Express Edition or not.

    Looks like XE is not supported.
    RCU DB Requirements

  • OIM challenge question complete customisation

    I have two requirements.
    1. My requirement is that instead of 3 Challenge questions for Forgot password feature in OIM, I need a text field which will ask for email id of the user. As soon as user gives the emailid and clicks on submit,the emailid should be validated with the userid provided and his lost password should be retrieved and mailed to his email id.
    2. Instead of 3 Challenge questions for Forgot password feature in OIM, I need a text field which will ask for email id of the user. As soon as user gives the emailid and clicks on submit,the emailid should be validated with the userid provided. Then a new password should be set for that userid and a mail should be triggered with that new set password.
    Please let me know which one of the above is possible and how to implement it??

    If you talk about customization then you can implement both cases but I can't give you estimation like how much time will it take to implement.
    2nd way will be easier than this.
    If we think OOTB, if you go to lookup and make the question : Enter your email address
    You can set Users' Email address as the answer for this question (May ways - sch task).
    So whenever user want the new password then he will be asked a question "Enter your Email Address"
    He has to provide email address and it will be authenticated against OIM and you can just create an entity adapter which will send the email to user with new password. No UI customization. Just little bit coding.
    Even you don't need email. So no need to create entity adapter. So just go to Desogn console and do sm changes in System Configuration for questions like no of questions from 3 to 1 and do changes in lookup.

  • Important conceptual question about Application Module, Maximum Pool Size

    Hello everyone,
    We have a critical question about the Application Module default settings (taking the DB connections from a DataSource)
    I know that on the Web it is generally suggested that each request must end with either a commit or rollback when executing PL/SQL blocks "directly" on the DB without the framework BC/ViewObject/Entity service intervention.
    Now, for some reasons, we started to develop our applications with thinking that each Web Session would reference exactly one DB session (opened by any instance taken from the AM pool) for the whole duration of the session, so that the changes made by each Web session to its DB session would never interfere with the changes made by "other" Web Sessions to "other" DB sessions .
    In other words, because of that convincement we often implemented sort of "transactions" that open and close (with either commit or rollback) each DB session not in/after a single HTTP request, but during many HTTP Requests.
    As a concrete example think of this scenario:
    1. the user presses the "Insert" button. An HTTP request is fired. The action listener is executed and ends up with inserting rows in a table via a PL SQL block (not via the ViewObjects API).
    2. no commit or rollback after the above PL/SQL block is done yet.
    3. finally the user presses a "Commit" or "Rollback" button, firing the call to the appropriate AM methos.
    Those three requests consist of what I called "transaction".
    From the documentation it's clear that there is no guarantee that the couple AM istance + DB session is the same during all the requests.
    This means that, during step 2, it's possible that another user might reference the same "pending" AM/DbSession for his needs and "steal" somehow the work done via PL/SQL after step 1. (This happens because sessions taken by the pool are always rolled back by default.)
    Now my question is:
    Suppose we set the "Maximum Pool Size" parameter to very a great number (always inferior to the maximum number of concurrent users):
    Is there any guarantee that all the requests will be isolated in that case?
    I hope the problem is clear.
    Let me know if you want more details.

    Thanks for the answers.
    If I am right, from all your answers about resource avaiability, this means that even supposing the framework is able to always give us the same AM instance back from the AM pool (by following the session-affinity criterias), there is, however, no "connection affinity" with the connections from the DataSource. This means that the "same AM instance" might take the "a new DB connection", if necessary, from the connection pool of the DataSource. If that happens, that could give us the same problems as taking "a new AM instance" (that is, not following session-affinity) from the beginning, since each time an a new connection is taken (either via a new AM instance or via the same AM instance plus a new DB connection), the corresponding DB session is rolle back by default, clearing all the pending transactions we might have performed before with direct PL/SQL calls bypassing the AM services during the life cycle of our application, so that the new HTTP request will have a clean DB session to start to work with.

  • Urgent: OIM 10g question

    I am trying to understand if there is any way we can control the interval for USR_KEY generation. I see that the key is incremented by non-uniform interval in my OIM setup. In one of the environments, the USR_KEY is generated at an interval of 20.
    Can anyone explain this process of generation of USR_KEY.

    I use SQL Developer to view all the objects. You will want to restart your App server and Database if you make a change because these are values put into memory. You need to change the cache size.

  • ALE Configuration Conceptual Questions

    Hi Experts,
    I need some help regarding the ALE configurations.
    1. I know that we specify the RFC dest in the port and then specify the port in partner profile. What exactly is the significance of a port in case of outbound Scenario? we could have directly specified the RFC destination in the partner profile.
    2. When we create the TCP/IP RFC destination it creates a TRFC Connection. However in the special options tab we have the option select QRFC version? What is the use of that?
    3. Why does the port created is of TRFC for ALE? Is it that the RFC connection is of TCP/IP so we need a TRFC port?
    4. Why do we need to create TCP/IP rfc destination for ALE, why not HTTP RFC destination?
    5. Is distribution model is mandatory for all the ALE scenarios? If not then when its mandatory?
    6. While creating process code we have option process with/without ALE service. What does that exactly means?
    Moderator message: please search for available information/documentation, do not ask interview-type questions.
    Edited by: Thomas Zloch on Apr 19, 2011 7:01 PM


  • CTM planning related conceptual questions

    In an attempt to understand the CTM functionality for master planning I have the following  questions
    1.In real implementation where is the safety stock planning done by the standard methods and the where are the service levels considered.
    2.when is the lot for lot/fixed lot/reorder point and by periods?
    3.when is the planning mode strategy like the replan all orders or orders with fix pegging used. is it based on the replenishment lead times of the products?
    4.when is the delete only the un firmed orders used?
    I understand that it is industry specific but an explanation with reference to the industry would be helpful. idea is to understand the business logic behind this configuration.

    typically service level based Safety Stock planning would be used in situations where replenishment leadtimes are variables. there could be SLAs with the supplier as well. standard Safety stock planning would be used under relatively static conditions of leadtimes. One would use days' of cover in situation where net requirements could be varying a lot with time. One could also use quantity based static Safety stock quantity, in situations where the product has high volume net requirements. One could use time-phased quantity safety stock/days' of supply where conditions are dynamic throughout the year in terms of demand and supply.
    Regenerative planning is to do planning from scratch by getting rid of all unconfirmed and confirmed planned orders/requisitions. Non regenrative planning would be doing incremental supply planning based on increased/decreased demand.
    Lot for lot will be used when the planned order quantities do not have any size restrictions. so they may go from a certain min lot size to a max lot size. So there is just one planned order to meet the demand. In fixed lot size, there are possibilities of multiple planned orders of same size to meet the demand. Reorder point method will mean that planned orders get created when stock and scheduled receipts fall short of an expected level of projected stock.

  • Hi some conceptual questions

    hi all
    i am new in this forum and a pl/sql developer and some knowledges of storage structure of oracle.Now i want to learn dba portion including backup etc..
    my questions are--
    1.what is nomount and mount state of a database.
    2.what is rman why we use it though we can recover database through some scripts.
    3.what is archivelog mode
    4.cold backup and hot backup
    5.how recovery is done when control file is lost ora database crashes
    pls help me

    So simple Questions you asked
    you are telling you are new to PL/dev and asking core Administration part.
    If you want to know all these please go through admin/recovery books.
    don't ask these Questions before self search and reading

  • Primavera - Conceptual Questions

    I am planning the environment and deployment strategy for Primavera EPPM and have the following questions:
    1. Coming from a Siebel CRM background, there is a concept of customisation (application code) and reference data. Does the same exist for Primavera?
    2. What is the process around pushing the configuration or code updated against an instance of Primavera EPPM from the development environment to another environment (such as testing environment)?
    Any response is appreciated or even pointing to the correct documentation. I have already glanced over Primavera P6 Documentation Centre.

    Hey Chet,
    Thanks for the response; actually I had visited the sample package apps. site awhile back and did not realize more had been added. My problem is that I use Apex 2.1 and not 2.2, so unless there is a way to load the package apps. to the Oracle hosted site, I won't be able to review there design. It would be nice if Oracle tied these package apps. to their demonstration applications sample downloads function in Apex.
    As for storing each line of the document in a single record, this was thought of as an initial approach. A concern by the team was how to program the logic to identify specific changed text in say a 5 sentence paragraph and how large the table would become if recording it line by line.
    It is still a good approach to consider and we appreciate the input.

  • Conceptual questions

    hello experts,
    since i am new to MDM, there are a few doubts i would like to clear
    these apply to particular scenarios
    1) I have two different R/3 systems
    two records are present, one in each system
    in the real world, both these refer to the same data
    they are merged in MDM - some attributes are changed in both the records
    now, what happens on syndication ?
    eg: if the names were different originally, what gets reflected back ?
    2) I have one R/3 system
    it has two different records which are similar in the real world
    these records are matched and merged in MDM
    what happens on syndication ?
    will there be one record or two and what will be the key field of this record(s) ?
    3) I have one R/3 system
    suppose i send 100 MATMAS IDocs to MDM via XI
    a. suppose I create 20 more matmas records, can i only send these 20 at a later point of time, if so, how do i choose these 20 ?
    b. suppose I change some of the original 100 records in R/3 before MDM syndicates them back, will there be inconsistency when i syndicate those old records back ? If not, how does SAP avoid it ?

    When you are trying to merge two records from systems A and B, there is every chance that some attributes in the record from A will differ from those in the record from B. In such a case the concept of the "System of Record" (SOR) will come into play. Your data governance process might be set up such that attribute F1 from system A is always correct (A is the SOR for F1) and attribute F2 from system B is always correct (B is the SOR for F2). So, when you are merging your records from the two systems the value of F1 in the record from A will "survive" and the value of F2 in the record from B will "survive" in the merged record. In the situation that you have described in 3b, your governance process may be set up such that R/3 is the SOR for classification data and MDM is the SOR for everything else. In such a case, if  there is any change to classification data in R/3, your process should be set up so as to overwrite any changes to the classification data in MDM with the R/3 data. If there is any change to any other type of data in R/3 then you don't bring that over to MDM. You can setup XI to do a lot of this activity.
    To cut a long story short, the easiest way to handle such cases is through an airtight governance process where you identify what the SOR for every attribute is and then don't let that attribute be overwritten if it is from the SOR.
    Regarding #1, I am not very sure I understand the question. If MDM is simply being used for consolidation of your master data records, then your transactional data is still in the R/3 systems and you are not deleting any master data from those. Are you asking about things like changes to a "bill to" address in MDM and that change being syndicated?

Maybe you are looking for