OIM Reports for BIP Role Membership
The OIM BP04 Reports for BIP, the Role Membership report description states:
"This report will display membership details of all the roles. The report will not show indirect memberships. Security model is not implemented in this report."
Looks like the data model deliberately excluded indirect roles (or child tabled roles) from the Lookup.DBUM.Oracle.Roles (same for the Privileges Reports).
Can anyone guide me through editing the Role Membership data model to INCLUDE the roles from the lookup table?
I believe the Lookup.DBUM.Oracle.Roles have to get associated to the users recon'd from the DBUM Trusted Recon from the DBA_Users table first.
Thanks for looking.
The BP04 OIM roles reports targets OIM roles, not oracle or ad roles.
To achieve those views, custom BIP reports that query the respective OIM tables where the AD and Oracle data exist are required.
Thanks for looking.
Similar Messages
-
Health Report for existing role in support and upgrade documentation
Hi Experts,
I am looking for create a report or using existing report/FM (if any) which will show new objects been thrown for a role with there SAP suggested values when we use PFCG expert mode merge option. I think this will be very helpful for support person to health check for roles and during upgrade in step 2C documentation people can save a hell lot of time. I do not have ABAP knowledge. Can anyone help me on this?
Regards,
Arpan PaikHi Julius,
I have been to that wiki before and one by you as well (regarding upgrade steps). For current upgrade I have also noticed that SU25 step2B is not only left with customer related changes only. Where USOBT_C/USOBX_C has same values as of USOBT/USOBX there update to customer table automatically happened in step2A. So 2B left with very less changes where customer prefer the standard way!!!
What I am looking for is actual authorization change delta. Step2C gives us only list of roles get affected. I am lookimg for what change actually can happen to a single piece of role due to upgrade.
I have followed below method.
1. Join table USOBT_CD and USOBT_C to see actual proposal for changed transaction and corresponding auth object. Here I had to perform few excel work to remove data repetation
2. Then take old data for roles from AGR_1251
3. Put together above 2 data and after proper sorting by object manually remove the data which SAP does by expert mode merge function.
Can this step be automated by some ABAP code? or function module?
Otto wrote :
If I start/ when I start and still remember this thread, I will update it
Please do so and thanks for sharing thoughts.
Regards,
Arpan Paik -
OIM Reports for Organisation Level
Hi
We have configured out of the box OIM reports, and we have multiple organisations with org level admins to manger their organization.
We observe that reports allowed to these admins can see all users in OIM (with users of other organisation). Wanted to know how do we configure reports such that only org level reports are generated (I.e. Org level admins can only see reports under his portfolio/organization)
This is urgent requirement; appreciate if any one can help. Thanks in advance.The reports use PL/SQL code so they would not leverage the standard API. It is very possible that implementing organization filtering simply was missed.
The easiest way to solve this is to simply create custom reports. Not very hard once you know have to do it but requires a little bit of initial learning effort.
Do you have any resources that have created custom reports or at least someone that knows how to code PL/SQL?
Best regards
/Martin -
Nesting of Rules for Auto Group (Role) Membership Rules in OIM 11gR2
Does anyone know how to nest rules for auto group (role) membership in OIM 11gR2. The General rules in Design Console are no longer used for auto group membership and the rules that can be configured in the Role properties cannot be nested as far as I can see.
Any info is appreciated.
Thanks!My mistake... this is possible in the web ui.
-
OIM 11g: Issue while evaluating rule for Role Membership
Hello All,
I have configured few General Rules using 2 of our User Defined Fields, these general rules are used to determine role membership.
What we observed that once "Identity Status" attribute is set to "Disabled" for OIM User Profile then OIM stops evaluating these configured General Rules for Role Membership.
Env Details:
Product Version: Oracle Identity Manager 11.1.1.5.0
App Server: WebLogic Server Version: 10.3.5.0
OS: Red Hat Enterprise Linux Server release 5.5
Database: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64 bit
Please let me know if any of you have encounter this issue and if there is any workaround available for it.
Thanks,
ShyamRe: OIM11g: Resource not revoked if the Identity Status is DISABLED
XL.EvaluateMembershipForInactiveUser
Workaround:
You can make you of Event Handler and assign that group with APIs. -
Rule based Role membership in OIA is not pushing to OIM
Hi All,
Rule based Role membership in OIA is not pushing to OIM due to error as
00:01:38,055 DEBUG [DBIAMSolution] Group Role container for JDE.JDE_BHRUSRTT found...
00:01:38,144 ERROR [DBIAMSolution] Error Occured while adding users to role
Thor.API.Exceptions.tcAPIException: Error occurred while find User information: USER_NOT_FOUND
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcGroupOperationsIntf_13pobh_tcGroupOperationsIntfRemoteImpl_1035_WLStub.getAllMemberUsersx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy396.getAllMemberUsersx(Unknown Source)
at Thor.API.Operations.tcGroupOperationsIntfDelegate.getAllMemberUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Meth
Any one can help will be appreciate...
Thanks
Bikas
Edited by: Bikas Mandal on Mar 27, 2013 6:15 AMTry these steps and let me know what you see:
Login to OIA > Administration > Configuration > Workflows
Select Role membership create workflow
And check if you have added OIM provisioning server in the Step5 of the workflow.
Cheers,
Vamsi. -
OIM 11g DBAT connector - trusted reconciliation for user roles
Hi,
We have a database table containing a bunch of user records, and a table with a foreign key that contains all the associations user-group. We would like to do trusted reconciliation from those two tables into OIM. I already did that for target reconciliation but now I am having a look at the DBAT connector docs, and I have found this:
"Child Table/View Names
If you want to use the connector for trusted source reconciliation, then do not enter a
value. If you want to use the connector for target resource reconciliation and if user data is
spread across parent and child tables, then enter a comma-separated list of child table
names."
Does this mean that role membership trusted reconciliation is not supported by the DBAT connector?
thanks in advanceDBAT connector does not support trusted source with child data.
But that does not mean you cannot configure user table as trusted source.
What is it that you want to do with child table ? -
How to take a report for the assigned transaction and activity in a role
Hi Colleagues,
I want to take a report for the assigned transaction with activity for all roles, which are assigned to the users,
Transaction list for a role i can able to take it from SUIM but not able to take the ACTVT for the role.
Please suggest how to take this information.
BR,
JaiHi Jaikumar from the post :
I think you have reached the state of finding the USER to ROLE relationship
Take the output to an excel,
COPY just the roles column exactly in order do not rearrange , use AGR_1251 like other experts have mentioned
insert the roles copied from you buffer and execute, the output will have multiple entries for each role take the output to an EXCEL again , make it unique and match the outputs between both the EXCELS.
It will be a little tricky to do this, but I think you are proficient in MS EXCEL.
This is one of the ways to do , there are many other ways to do it. -
Error in BI publisher report for OIM
Hi all!
Can u help me?
I know that this error is quite common, but I`ve tried out all the soultions and still can`t get the result.
I`ve installed BI publisher and attached OIM reports there. All the reports work properly except those, which have date properties. For example, Account Activity in Resource. All of them return ora-08143 error ("not a valid month").
Let me explain situation more clear.
There are two fields using date in the report creation menu.
Date Range From:
Date Range To;
They automatically get value like "12/06/2011 05:05:05" using their default values ({$SYSDATE()$}).
But if I use these values, I get an error.
I`ve found two ways of solving a problem: 1.) Changing the date to something like "12/Jan/2011" manually (note, that by default month stands first, and to solve the problem I should write it second and NOT in digits). 2.) Changing the date mask in report properties to dd/MMM/yyyy.
But it`s not the best way to solve the problem. In this case I should change these properties everythere. Or user should (and this is bad :) ). I`m sure, that these reports should work without such modifications, so, error borns on my side.
What I`ve done:
1.) I tried to change nls_date_format, nls_language, nls_territory, timestamp_format in database session to different formats.
2.) I`ve tried to manage all the changes that I`ve told about above.
3.) I`ve tried to change UI language and report locales (if it`s important, I use russian language and russian report locale). xlf files are all ok.
What shall I do to fix this error?
My db is: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
My BI publisher is: 10.1.3.4 (may be everything is bad because of version, but it doesn`t seem to be so, because every report except date reports work nice).
Thank u very muck and looking forward for hearing from u.Dewan.Rajiv wrote:
I don know what issue you are facing due to language.
Have you tried with changing the query of the report ?Yes, I have.
By the way, I`ve discovered, that the error appears in line:
AND myvariablewithdate BETWEEN :p_date_DateFromRange AND :p_date_DateToRange
If I comment such a lines in the query, everthing works OK.
But as you understand, that`s not the point :(
Even if i put to data forms information from sql database (just copy timestamp data), the error continues to appear.
If i make something like that in sqldeveloper, everything is ok:
select upa_resource.upa_res_eff_from_date from upa_resource where upa_res_eff_from_date between (select sysdate - 30 from dual) and (select sysdate from dual)
this statement returns right values.
So, the problem is somethere in such a chain:
- select sysdate from dual (it`s ok)
- put sysdate to form (does it make any type of convert?)
- take variable (former sysdate) from form. -
How to have separate template for each role in OIM
Hi,
We have multiple roles on a multiple AS400 boxes. In OIM we need a separate template for each role that has to be popped up during provisioning. How do we achieve this in OIM?
Pls help me with the solution.
Edited by: user8963056 on May 23, 2010 7:47 PM
Edited by: user8963056 on May 24, 2010 9:47 AMThanks for the reply
for the second question; we need on the basis of role these forrms will have different informations.
the AS/400 guys wants the below steps to be done on OIM side
They want to make sure below plan works with OIM plan.
1.Per System, create templates per role.
2.Update the AS400 User Request form to include a section for each system. Add templates for each role to each system’s section.
3.Provide ITSA with a menu option to create profiles by selecting the template they wish to copy.
4.Create backend programs to automate additional 400 tasks required per role.
a.Create directory entry
b.Add to Privilege Manager
c.Add to Menu System
d.Add to third party software
e.Other as required.
If we automate the above on the 400, in OIM , we would need to create the same templates. -
SAP Security Report for single and composite roles
Hi
I have a requirement to create a cutomize report in SAP Security.
I have to display Composite roles,corresponding single roles,the tcodes assigned to those single roles and the description of t- codes. The selection screen has composite roles,single role and T-code which are optional.User can enter selection in any of the selection critreria.How should I go on this?If user gives only composite roles on the selection for e.g 'TEST'. for this role I get suppose 3 child roles 'TEST1' 'TEST2' 'TEST3' from table AGR_AGRS.Now to get the tcodes i go to table 'AR_1251' and I get the tcodes.
But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.for e.g, 'TEST' 'SAP1' 'SAP2' etc..Now if go to get the tcodes for this single role in AGR_1251,I will ceatainly get the tcodes for eg MM01,FB01,etc.But then how would I know whether MM01 belongs to composite role 'TEST' SAP1' or SAP2' for the single role 'TEST2'.
Please advise.
Thanks
Edited by: Julius Bussche on Aug 13, 2009 4:52 PM
Subject title improvedI though of seperate selection options for singles and composites, but you also said:
> But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.
My suggestion would be to build better single roles, but that is just me...
Cheers,
Julius -
OIM 11g support for Temporary roles with expiration date
Dear All,
Is there a support provided for temporary roles in OIM 11g?
If not, what is the recommendation as for implementation?
Kind regards
Maria AdairI'm also interested if someone has any recommendation as for how to implement such a feature. Anyone has any ideas?
-
Dear all
Please let me know how to get a report for the users created with the roles. I want the users created , roles assigned and the time stamp
I tried a lot but could'nt get the solution for this.
thanks and regards
RajaFound the solution finally. Custom report with "*attribute changed contains role"*
And action =create, bulkcreate, provision
Thanks and regards -
Report for transaction - Maintain Object - Roles - user Id ( Authorisation)
Hi
I want to generate a report for the following:
for a transaction
for a check/ maintain object name ( Ist column)
what are the roles ( iind column)
and
what are the user id for each roles.. (iiird column)
and
start up (yes / No) (ivth column)
Please advise.
Since, I need to do this report generation for more than 30 transactions, any immediate reply would be of great help.
Thanks in advance.
ParthaHi
Try SUIM T-code and see if any of the report works
Thanks -
Custom Error Report for Truested Recon in OIM 11.1.1.5
Hi,
We are planning to have a custom scheduled task to generate csv report for failed recon events. We have some 4 trusted recons (2 custom + 2 GTC) in our environement. Does a DB query would be sufficient to meet our requirement. If yes please suggest the tables that we need to consider. Please suggest whether it is a good practise and has any one implemented such before ?
We cannot go far any tool like BI publisher now so any means of generating report through custom code would be helpful.
Thanks,
DKThe RECON_EVENTS and OBJ table will be sufficient to know which resource object the recon event was for, and the status of the recon event.
-Kevin
Maybe you are looking for
-
Error in report bursting/distribution
I develop a group report for distribution. I use XML file to save report output as pdf into a particular location. Files save with column name exist in group. Its working fine, but some time i face a problem that report save with different name and t
-
How do I link to an Adobe Connect webinar recording?
What is the correct procedure for linking to a recorded Adobe Connect webinar from within Captivate 6? We have a URL to the webinar we did but it does not work using the video link tools in Captivate 6.
-
I can't make/receive calls on days old iPhone 4. Just says Call Failed.
Same thing is happening with my girlfriend's 3Gs. The person being called hears half a ring then phone cuts out. I have all bars but when call fails bars all drop for a moment, then return. I've reset network settings and everything else. What the **
-
Hi, Please provide me details what information do i need to gather from Client to implement AP and AR. Points will be assigned. Thank you
-
In order that my wife can use the computer to manage her Building Society Internet Account she has to input her account no. and obviously her personal details. However, whenever I enter the Building Society screen and try to remove my personal acccou