OIM: Help Required --Assigning proxy user
Hi OIM Experts,
I have a requirement where, a user have to select another user in the organization as the proxy user.
But when I try to search for other users in the organization, the search result is null. Because of this, I cannot assign a proxy user other than manager??
Why is this happening. Are there any permissions to be granted ?? What are the limitations for this ??
Thanks in advance
See the posts of this thread Re: Approval reassignment to non-admin user in OIM? I think you can get more informations about the users listed when you search for...
Renato.
Similar Messages
-
Help required for the users report requirement
Hello,
User requirement is to get the report as follows
Period planned order Production order Backlog
Feb2008 15 3 18
March2008 4 11 15
Backlog is the formula for planned order & production order.
My problem is that, In the cube the data for planned order is the char value 'X' or a blank.
It has to count the total of planned order for the entire month of feb,& print the value counting the number of 'X',here as shown as 15.
Planned order, Production order are in rows & are chracteristics.
Is thr any solution to count master data which has a char value(X).
I have tried using the formula variable.I had created the new formula.Then using the data functions as count(Formula variable),using the replacment path.But it did not work
Help me out to find the total for the char value of the master data.
Help would be rewarded!Hello,
For BACKEND:
1) Create a normal KF say counter and include it in the cube.
2) Now you can populate the value for this KF via end routine in transformation.
3) You need to check whether the value for planned order is X. If yes then update KF with value 1.
4) I hope you can take care of this routine part. Once this is done the data in the cube might look in below manner:
Month Planned-Order Counter
Feb 2007 | X | 1
Feb 2007 | X | 1
Feb 2007 | | 0
Feb 2007 | X | 1
Feb 2007 | | 0
Mar 2007 | | 0
Mar 2007 | X | 1
Mar 2007 | | 0
Mar 2007 | | 0
Mar 2007 | X | 1
Now in the report if you include month and counter the report will look like
Month Counter
Feb 2007 | 3
Mar 2007 | 2
If you see the counter is getting aggregated to give you the sum against the value of planned order as X against month.
I think this should work.
If this dosent work let me know i will let you the alternate solution for frontend. but for that too you need to make the above backend changes.
So do the backend changes and try to use counter KF for showing planned orders and i think it should work fine.
Regds,
Shashank -
Help required with oracle user management
My requirement is to hide the developer toolbar that shows at the bottom of all the pages in the application. This happens when I log into the application as an administrator or a developer. When I try logging in as an end user, who does not have developer or administrator privileges, I get a message saying that " Access denied by application security check". This problem does not depend on whether I use apex security or database security for my application, in both the cases, as soon as I login to the worksapce with a user account, this message is displayed. Please help me out. Any sort of help will be appreciated.
Message was edited by:
shantanuHi Shantanu
When you log in to the workspace, the URL will end with something like: /pls/htmldb/f?p=4550 (it may also end with /pls/htmldb/htmldb_login)
To log in to your application, you need to change the final number to the number of your application. For example, if your application is number 105, then change the end of the URL to: /pls/htmldb/f?p=105.
Your application should have a login page (typically, Page 101) which should be loaded as soon as the user tries to get to your application.
Regards
Andy -
Help required in ISA user management
Hi! Gurus..........
I have created an BP in the role contact person and for this BP I have created an internet user , the internet user is created and the role is also asigned to it...............now the issue is when I am going to the transaction BP the address in displayed for this BP as well as in transaction SU01, but when I am going to ISA user management its not showing the address for this BP created..............
Please provide ur valuable inputs so that i can proceed futher...I am really new to this so please try to understand the question..I found this in a thread written by Gerhard Djuracek from SAP, perhaps it will help you:
We distinguish 3 categories of addresses.
Addresscategory 1, address for organisations
Addresscategory 2, address for persons
Addresscategory 3, address on a relationship.
The address on a relationship is built of an address from an organisation. But it's not the whole address from that specific organisation, it's only, let's call it the postal part. Things like street, city, postal code and so on. The name part is taken from the person, which is involved in that relationship.
So we have here a mixture of Addresscategory 1 and Addresscategory 2. The communication data, we have only 3 communication categories on a
relationship, phone, fax and E-Mail address, is not taken from the organisation or the person's address. The communication data used on a relationship, is that one, which you can maintain in the section address data after having assigned an address to the relationship.
Any changes on any comm data of the organisation, will have no effect on the comm data of the relationship. Only changes on the address of the organisation, which will effect those fields, we called above the postal part of an address, will be taken into account for the address on the relationship.
In CRM, the contact person is a business partner of type person and can have many addresses of type 2, but only the standard address is
exchanged with the home address in the R/3 system. If you create a relationship of category 'contact person', you can have an address of type 3 for every address of the customer, but only the standard address of type 3 is exchanged with the contact person's address of type 3 in R/3.
The concept of the business address does not exist in CRM. If a contact person is working for different customers, you create different relationships of category 'contact person' instead of creating a business address.
Hope this information is helpful.
Regards, Gerhard -
Help required on finding User Exit in LM02 or in program RLMOB001
Hi,
I want to put 2 buttons in LM02 standard screen. is there any exit available do this in LM02 or in Program RLMOB001?. or is there any other way to achieve this?
Your help will be appreciated.
Thanks,
Sree.check which one suits for you: there is a program which searches are the available user exits and gives you a list.. use that.. check my wiki's
EXIT_SAPLLMOB_002 MWMRF701
EXIT_SAPLLMOB_003 MWMRF702
EXIT_SAPLLMOB_004 MWMRF703
EXIT_SAPLLMOB_005 MWMRF704
EXIT_SAPLLMOB_006 MWMRF705
EXIT_SAPLLMOB_008 MWMRF760
EXIT_SAPLLMOB_009 MWMRF761
EXIT_SAPLLMOB_010 MWMRF762
EXIT_SAPLLMOB_011 MWMRF763
EXIT_SAPLLMOB_012 MWMRF764
EXIT_SAPLLMOB_013 MWMRF765
EXIT_SAPLLMOB_014 MWMRF766
EXIT_SAPLLMOB_015 MWMRF767
EXIT_SAPLLMOB_016 MWMRF768
EXIT_SAPLLMOB_017 MWMRF769
EXIT_SAPLLMOB_018 MWMRF170
EXIT_SAPLLMOB_019 MWMRF700
EXIT_SAPLLMOB_030 MWMRF105
EXIT_SAPLLMOB_034 MWMRF634
EXIT_SAPLLMOB_035 MWMRF105
EXIT_SAPLLMOB_036 MWMRF634
EXIT_SAPLLMOB_040 MWMRF106
EXIT_SAPLLMOB_045 MWMRF106
EXIT_SAPLLMOB_050 MWMRF107
EXIT_SAPLLMOB_052 MWMRF633
EXIT_SAPLLMOB_054 MWMRF633
EXIT_SAPLLMOB_060 MWMRF107
EXIT_SAPLLMOB_062 MWMRF650 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0650)
EXIT_SAPLLMOB_064 MWMRF650 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0650)
EXIT_SAPLLMOB_070 MWMRF108 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0108)
EXIT_SAPLLMOB_072 MWMRF632 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0632)
EXIT_SAPLLMOB_074 MWMRF632 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0632)
EXIT_SAPLLMOB_075 MWMRF108 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0108)
EXIT_SAPLLMOB_077 MWMRFUP Customer defined general purpose pushbutton called from scr.
EXIT_SAPLLMOB_080 MWMRF412 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0412)
EXIT_SAPLLMOB_082 MWMRF631 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0631)
EXIT_SAPLLMOB_084 MWMRF631 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0631)
EXIT_SAPLLMOB_085 MWMRF412 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0412)
EXIT_SAPLLMOB_090 MWMRF630 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0630)
EXIT_SAPLLMOB_095 MWMRF630 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0630)
EXIT_SAPLLMOB_100 MWMRF151 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0151)
EXIT_SAPLLMOB_110 MWMRF152 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0152)
EXIT_SAPLLMOB_120 MWMRF153 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0153)
EXIT_SAPLLMOB_130 MWMRF202 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0202)
EXIT_SAPLLMOB_140 MWMRF203 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0203)
EXIT_SAPLLMOB_150 MWMRF204 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0204)
EXIT_SAPLLMOB_160 MWMRF205 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0205)
EXIT_SAPLLMOB_170 MWMRF212 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0212)
EXIT_SAPLLMOB_180 MWMRF213 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0213)
EXIT_SAPLLMOB_190 MWMRF221 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0221)
EXIT_SAPLLMOB_210 MWMRF302 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0302)
EXIT_SAPLLMOB_220 MWMRF303 ENHANCEMENT FOR USER SCREENS (LOGICAL SCREEN 0303) -
Help required in OIM - user proxy
Hi,
I have set up an approval workflow for provisioning users into OID.
Here I am trying to delegate the approval task to another user in the absence of the approver.
For this, I have defined the proxy user for the approver.
But, once the request has been raised for approval, it is still with the approver, its not reflecting under pending actions for the proxy user.
Am I missing something ??
Any help is appreciated...
Thanks in advance.The proxy concept in OIM is not entirely well implemented or well defined and in many cases it turns out that you have to supplement with custom functionality and/or replace it entirely.
The easiest way to implement your desired functionality is likely to write a scheduled task that moves the approval between the approvers as needed.
Best regards
/Martin -
[OIM] Proxy User with groups
Dear people,
I have a scenario where there is a resource with an approval workflow, with 2 steps: in the first the Manager of the requester is the one who must approve. In the second step, a group is assigned as the one who has to make the approve.
I give a proxy to the Manager and another proxy to one of the group members.
When the workflow reaches the Manager approval step, it is automatically assigned to the proxy (what I expected).
The problem arises when the workflow reaches the group approval step, the assignment is still made to the user that is member of the group, not to his proxy user. Is this an OIM limitation? Some workaround?
Thanks!Hi,
when we assign the task to a group then if the proxy user is the part of that particular group then he has that task automatically why to duplicate the task and if proxy user is not the memeber of the group then he is not authorize to have that task because he is not the member of that group. As user set him as proxy user for him not for group.
I hope this answer your query....
Regards
Alabhya Goel -
Help Pls: how to assign a user form to a non active sync resource adapter
I need to implement a non active sync resource adapter, such as oracle database or RACF. When a user is assigned a resource by IdM, an account is created on that resource. I want to transform some attributes during the creation, such as pre-padding the accountId with a letter and zeros. My questions are:
1) I think attribute transformation should be accomplished by user form. is it correct? How do I assign the user form to the non active sync resource?
2) What workflow/userform should I change to accomplish that?
Thanks a lot.A cleaner option would be to
1. Create a custom form, which could be derived from the Tabbed User Form.
2. Create a delegated admin, with account administrator capabilities at the minimum, and required controlled organization, and assign the above form to this delegated admin -- this is on the same page.
3. Use this form to create IDs on the specific resource.
Now in this custom form you could have the logic on how to create the ID in the specific resource. In fact you could have different logic for different resource. Check the tech deployment guide for the exact syntax, but the field might be:
account[Res_Name].identity
Note that this setting would override the 'Identity Template' setting as defined in the RA configuration.
And BTW, it would really help if you readup the 'Forms' section in the guide.
Regards,
Suveer Chainani -
Created By User added to Assigned To User when Assigned To User is empty
I have a requirement to build a runbook activity that will assign the Assigned To User to match the Created By User when the Assigned To User field is empty. However, I am having difficulty pulling both the Assigned To User and the Created By User and keeping
them on the same data bus to do my update after comparing my Assigned To field.
Here is the runbook how I have it currently configured.
High Level Flow
Get RBA
Get CR
Get Users
Pull the Created By and Assigned To users
Determine if Assigned To user is Empty
If Assigned To user is not empty then end
If Assigned To user is empty then Update CR to have Created By User = Assigned To User then end
My problem lies in trying to keep both the Assigned To and Created By users on the same data bus so I can have the Create Relationship activity make the assignment. If I put them in sequential order or wrap around the Created By user with the Assigned To
user, it has issues pulling the Assigned To user. Here is my attempt of keeping the users on the same databus but this fails when trying to pull the 'Assigned To' user - it makes them the 'Created By' user.
Any help will be appreciated.If the Assigned To User is blank then it will not be returned from the get relationship activity since it does not technical exist. What you can do is flatten the data coming from the Get AD Users activity. Then put a filter on the link to only include
if the Relationship Class does not contain Assigned To User. This will make it so your runbook will only continue if an Assigned To User is not present. Then you can add a second Get Relationship this time to return the value for the Created By user. Again
you will create a link filter, but have it only include Created By User. Then you can use the data returned from that to set the Assigned To User.
Matthew Dowst |
Blog | Twitter -
Hi,
We have configured our APP with a datasource but have a problem...
A lot of our database packages / triggers make use of the explicit 'user' which means that although our app is authenticating
as "tester" (against an LDAP V3 Repository - OID) , our triggers update with the underlying data source connection ('bto') rather than our authenticated user.
In 10.1.3.3 we had to use a custom proxy authentication class, which only worked with 1 app deployed in a container and required JDBC credentials
Does anyone know of any way to do this in 11g in a better fashion?
Any help is appreciated
ThanksIn 10.1.3, the way to use a Database Proxy User was to override the prepareSession() method of your application module to do something like this:
protected void prepareSession(Session session) {
Statement st = null;
try {
st = getDBTransaction().createPreparedStatement("rollback",0);
OracleConnection oConn = (OracleConnection)st.getConnection();
Properties props = new Properties();
props.put("PROXY_USER_NAME", ___ActualUserName___ );
oConn.openProxySession(OracleConnection.PROXYTYPE_USER_NAME,props);
catch (SQLException s) {
// ignore
finally {
if (st != null) {
try {
st.close();
catch (SQLException s) { /* ignore */ }
super.prepareSession(session);
} -
Using Proxy User Authentication in Sql Developer
Hi!
Is it possible to use proxy user authentication in SQL Developer? I'm thinking that if I'm clever enough, I can craft a custom jdbc URL that will allow my users to proxy authenticate into my Oracle 10gR2 database while using SQL Developer.
Unfortunately, I'm not feeling all that clever. ;)
Can anybody help me out here? Is it even in the realm of possibility?
Thanks!
Kevin Ferlazzo
DBA
VA Department of Juvenile JusticeI found the possibility that proxy authentication of both accounts can be enforced:
SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
Regards,
Martin -
NWA: Restart of a server process requires a specific user
Hi all,
we use SAP Netweaver AS Java 2004s 7.0 (Java Stack only).
Since the installation of SPS10 (prior we had SPS8) restarting a Java server node
by means of the web interface NWA (netweaver administration) requires a OS user
and a OS password.
What is meant by OS user.? I interpreted it with an Operation System user and tried with <SID>adm user but it doesn't work
Any help is really appreciated
Regards KarinHi Karin,
To assign rights to a user you can use this path:
Control Panel -> Computer Management -> User -> Member of
Here you can add the Administrator role to the user.
I would suggest you assign the administrator rights to all the SAP based user.
Also i suggest to try you windows logon username and password.
Hope this works!!!
Regards,
Prashil -
EP Role assignment to User.
Hi,
I have recently installed EP. When i assigned a New role Created (role i created) to a new User, The Contents assigned to that role is not getting displayed. But, when i also assign a super admin role to the user, the content of new role is getting displayed along with the content of super admin role.
Infact, when i assign content administration role to the user, it is not geting displayed when i log in as a new user to which it is assigned. however, when i assign the super admin role to the user, the contents of content admin role is getting displayed.
Is there any Post EP Installation setting required to solve this issue.
Please help me in solving this issue?Hello Shabir,
Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
This will solve ur problem.
Regards
Deb
[Reward points for helpful answers] -
Please tell me your idea about my manner of using proxy user
Hello
Please say to me your idea about my manner of using proxy user , I don't know that my method is right , doesn't it has security weakness ?
Let me to say what I wanna do :
I want my application users authenticated by database , therefore in my database (Oracle database) I create a user for every application user for example if I have 10 application user I create 10 user in the database for them and I grant necessary privileges to them
Now I create a proxy user and grant to my users connect through the proxy user
for example
alter user user1 grant connect through user_proxy with role role1 authentication required;
alter user user2 grant connect through user_proxy with role role1 authentication required;
alter user user10 grant connect through user_proxy with role role1 authentication required;
And now in Weblogic I create a DataSource that connect to the database by that proxy user
My client Application (It's a stand alone application) obtain the DataSource from Weblogic and then get from operator its user name and password and then create a proxy session
in below I've written the application's code
Hashtable env = new Hashtable();
env.put( Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory" );
env.put(Context.PROVIDER_URL, "t3://127.0.0.1:7001");
try{
Context context=new InitialContext( env );
ds=(javax.sql.DataSource) context.lookup ("OracleConnection2");
conn=(OracleConnection) ds.getConnection();
java.util.Properties prop = new java.util.Properties();
String username=getUserNameFromOperator(); //Operator enter user1
String password =getPasswordFromOperator(); //Operator enter its password
prop.put(OracleConnection.PROXY_USER_NAME, username);
prop.put(OracleConnection.PROXY_USER_PASSWORD,password);
conn.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, prop);
stmt= conn.createStatement();
rs=stmt.executeQuery("select SYS_CONTEXT('USERENV','PROXY_USER') ||'--->' || user from dual");
My anxiety is that this section
String username=getUserNameFromOperator(); //Operator enter user1
String password =getPasswordFromOperator(); //Operator enter its password
prop.put(OracleConnection.PROXY_USER_NAME, username);
prop.put(OracleConnection.PROXY_USER_PASSWORD,password);
operator enter a real database username and password
don't you think it cause security weakness ?
do you have better suggestion for me ?
thank youGmail offers POP, which means you can use Mail.app like a regular ISP account. If you need an invite to GMail email me at the address on http://Gnarlodious.com/
Once yiou have a Gmail address you need to enable POP (which includes SMTP). There is a help link on the GMail page that allows you to enable POP and other features.
Once that is turned on, you need to set up the Mail.app for downloading your mail (and uploading). There are excellent instruction pages on Gmail, which I believe someone else gave you. -
CUP 5.3 sp7.1 - 049:Role assignment to user not executed completely
Hello Experts,
Message received in audit information:
049:Role assignment to user not executed completely
Can anyone help me with why I am receiving this message?
=[],id=6129,reqNo=201000139,actionDate=Tue Oct 19 10:40:27 EDT 2010,action=ROLE_PROVISIONING_FAILED,userId=U03776,path=,stage=,actionValue=PR4-300,description=049:Role assignment to user U10025 not executedHi,
Check that the connector that you have created is working fine and also the user ID that you are using in the backend system is within the valditiy date and all the required authorizations.
Use remote login and ensure that the user can login with out any issues and has all the required authorizations.
Rgds,
Raghu
Maybe you are looking for
-
Family sharing with apple ID not primary iCloud ID
hi! before family sharing existed, we set up a new apple id in iTunes (a gmail address) for my children to share so they could have the same purchases on their iPads. they also had their own unique apple id's for mail, contacts, etc. now that we're t
-
I wish to wipe my data of my mac, all my games,music,pictures all that, and make it all factory settings how do i go about this???
-
i bought a refurbished imac g4 flat panel. it is supposed to have an os but it only comes up with a question mark. I put leopard in and it tells me it cannot load on this compuert. system is 800mhz and 60g hd and 768ram. i have tried to do a fix th
-
App Store Quits Unexpectedly...
I'm running OS X 10.6.8 (I know..its really old) and couldn't get App Store to launch even after installing Mac OS X 10.6.8 Update Combo. I've been trying to upgrade but this has been an issue for a long while. Application Specific Information: abort
-
When copying to NAS, "..an unexpected error occurred (error code -51)"
I'm using Mac OSX 10.6.8 on a macbook pro, copying files to a media NAS server via wifi (n), which I've done countless times before, for about 2 years. In this last week or so, whenever I copy a file, be it 15 MB or 1.5 GB to the NAS, I've consistent