OIM resource granularity question

Similar Messages

• OIM Resource Bundles

  Hi
  We tried to put HTML tags inside the OIM resource bundles to customize the Self Registration Confirmation page but the page displayed with the HTML tags and didn't show the translated HTML tags.
  How can we embed HTML tags in the resources properties files for OIM and make it working properly ?
  Thanks

  If you want to have default values, I would suggest using ResourceBundles and just sending in a Locale with the variant of the company. That way if your application ever needs to be localized it won't take much to change it. Your properties files would be named baseName_languageCode_CountryCode_Variant.properties.
  It has been a great advantage for the program that I am developing.

• How to get users provisioned / enabled with all OIM Resources.

  Looking for help on java / sql query on how to get all the users in OIM (9102 BP 13) provisioned/enabled status only,
  with all OIM Resources available in System.
  Edited by: 907571 on Apr 18, 2012 4:12 AM

  select usr.usr_login, usr.usr_status, obj.obj_name, ost.ost_status, act.act_name
  from oiu, usr, ost, obj, usg, act
  where oiu.usr_key=usr.usr_key
  and oiu.ost_key=ost.ost_key
  and ost.obj_key=obj.obj_key
  and usr.act_key=act.act_key
  --and obj.obj_name in ('Resource Name')
  --and usr.usr_status = 'Active'
  and ost.ost_status in ('Enabled','Provisioned')
  -Kevin

• OIM: AD Forest - question about IT Resource

  I want to do a trusted reconciliation with multiple domains within the same forest (parent and child domains). The 9.1 version of the conector documentation mentions using the Lookup.AD.Domains lookup group along with GCADITResource, but I'm confused about this GACADITResource.
  When I run my AD Trusted Recon task, am I supposed to give it this GCADITResource or the regular, ADITResource?
  Also confused about wether or not I need multiple copies of the ITResource, one for each domain.
  If someone could clarify this, I'd really appreciate it.
  Thanks very much
  Alex

  I just need to perform trusted recon against all the domains in the forest. I'm not provisioning to AD anything. I only need a few basic attributes, first, last, distinguishedName. Not even doing passwords, as OIM will be protected by OAM.
  When I configure the GCADITResource, do I specify the server name as ANY DC in the parent domain, or specifically the Global Catalog (not even sure if that is a dedicated server).
  I clarified my own question from above, the answer being that you DO have to specify the new GCADITResource as the IT Resource in all Scheduled Tasks if you want to use cross domain functionality. Now I'm just confused as to what server is specified. The documentation says:
  "While specifying values for the other parameters, ensure that the values are specific to the parent domain credentials." so I'm guessing I put the hostname of the parent domain DC but with the Global Catalog ports, ie 3269 (non ssl)
  Has anyone done this before?
  Alex

• OIM AD provisioning question

  OIM Champions, I have a question about auto-provisioning to AD in 3 different domains.
  We have a requirement to provision to one of the 3 domains based on the location attribute in user profile. All 3 domains are in same AD forest. From design / implementation simplicity and customer perspective, which is a better approach:
  1) Have 3 AD resources for each domain and provision to the domain based on the location via, access policy and groups.
  2) Have one AD resource, and implement some logic to provision to appropriate domain based on location attribute. Can this be done out-of-the-box (or with minimum customization) in AD 9101 connector?
  Do let know your thoughts.
  Thanks.

  The out of the box provisioning adapter does not support multi domain provisioing. You would have to build a custom connector to support this.
  In general option 1 is the lower effort solution. I have done it a number of times over the past few years and it generally works well (the approach is tested right now in this thread: How to create multiple AD instances
  Option two can sometimes fit better with your requirements and can therefor sometimes be of interest.
  It all depends on how your customer views AD access. If the existance of multiple domains is business driven then in general option one aligns closer with your business reqs. If the multiple domains is due to legacy (another company was integrated into your customer and the other company came with it's own Ad domain) then option two might be worth considering.
  Good luck
  /Martin

• OIM.. challenge questions one at a time

  Hello,
  I have a requirement in OIM wherein when a user logs, the challenge questions needs to be posted one a time, rather than all the questions. I could not find any hint from system properties or in tables of OIM. Wanted to know if this do-able and if yes, what parameters need to be set?
  Any help is appreciated.
  Thank you..

  Does that mean, I have to write a custom code for this feature??

• Station Globals resource related question( how much it allocates / optimal size of it in system)

  Hi, 
  I have some questions StationGlobal’s oriented:
  1. Does the variables of type StationGlobal allocate equals amount of memory without reference to type?
     For example: Number/String/Boolean/Object Reference allocates equals resources:Number=String=Boolean=Object Reference=’X’ bytes)
     Or Number=’X’ bytes, String=’Y’ bytes, Boolean=’Z’ bytes?
  2. Does it make the difference if I have 10 or 100 or 1000 StationGlobals variables allocated in my system regards  - resources of my system and
      how the quantity of it influences(or not influences) to performance of system/Test execution?
  Those questions are important, because we want to know how the quantity/type of StationGlobal’s lvariables influence to overall throughput/performance of
  System (e.g. Test running).
  Thank you & Best Regards
  *I use LabVIEW 8.X & TestStand 3.5/4.0.1 versions only

  Not so strange IMHO. You might be making a mental analogy to C data structures where nothing is abstracted and you know exactly what is happening to each byte.
  However, TestStand variables are black box objects with a lot more functionality than plain C data structures. Like most such objects you create via almost any object oriented API, their exact memory usage is NOT documented.
  One reason memory usage is not documented is that we need to be free to change the implementation if necessary, which would not be possible if we make guarantees about exact memory usage. Another reason it is not documented is because in most practical cases, it is not important, and we don't want to mislead people into worrying about it.
  If you are allocating data structures of such vastness that it actually does matter, then the task manager is an appropriate and easy tool to use to view the approximate magnitude of memory used by the objects you create. This applies to most objects from most APIs, not just TestStand variables.

• OIM 11gR2 Architecture question

  Hello,
  We're setting up our development environment for OIM 11gR2 and wanted to confirm the concept of configuring a virtual IP for two application servers (each app server containing SOA and OIM).  This virtual IP would be setup on a hardware load balancer and referenced by two webtier servers in a DMZ like network.  The load balancer would straddle the DMZ and the more protected network with the two app servers.  The VIP would be referenced in moduleconf files on the Webtier servers.
  Is this supported?  Have others done something like this?
  Thanks for any input.
  Ariel

  Ariel,
     As I understood your concern is not only , if it works or not, so trying to help you: To answer your 'supported' question, please raise a SR into metalink with your CSI # . This will allow you to have a very good and direct answer on your doubt.
  I hope this helps,
  Thiago Leoncio.

• OIM resource permission configuration

  Hello,
  We are required to configure a user groups that should be able to modify user profile and resource A while restricting modifications on resource B.
  If a member of this group makes a modification to the user attribute that would trigger access policy and subsequently changes child table in resource B, OIM fails to update the user since the user has no pinsert ermission for resource B (Error evaluating access policy)..
  Is there a solution for this problem?
  Thanks

  Access policies are mostly for provisioning, you're talking about delegated administration where the delegated admin is allowed to manage resource A but not resource B. This requires customization in both 9.1 and 11g. In 11g there's an authorization policy concept that can be used along with organizations but it's still not a good fit for what you're trying to do. Anyway you can implement this by checking the user's permissions against your own (custom) authorization model. Search the forum, this has come up before.

• Resource Utilization Question

  Hi, Please let me know if the following scenario is a possibility.
  We currently maintain our capacity utilization at 90% for any resource and the same number is carried over to APO (SCM 5.0) with CIF. The requrement we have is to set this utilization to 100% for the rolling current date+3 months and 90% outside the 3 month horizon. I know that the dates can be specified explicity in R/3 but I don't know if the rolling 3 month is possible. Please let me know if this can be achieved via config or master data setting in APO.
  Thanks in advance.

  Phaneendra,
  To maintain the capacity utilization (Variable) time based. You can use the interval planning in ECC and then you can CIF this intervals to APO. Before you setup the intervals you need to perform one CIF customization activity in CFC9. Using the external capacit. Check(X) this field in ECC.
  Step 1:  In CR01when you are creating the work center under the capacity tab and you maintain the capacity category (Machine/Labor). Then Click on Capacity header.
  Step 2: In capacity header you maintain the interval. Before this you select the Active version (1) under Available capacity.
  Step 3: Click on intervals, there you can maintain the from date and to date. Define the number of intervals you requrie.
  Step 4. Click on intervals+Shift there you can call the defined intervals and maintain the capacity utilization what you require for business. Also you can add intervals in this screen by clicking on insert intervals.
  Step 5: After you are done you need to click on APO resource (this step is very important),which you can see top right corner under capacity header. Here under header data for APO resource you select the type of resource multimixed/single mixed (SNP) or mulitactivity/single activity (PPDS). In the same screen you need to maintian the factory calendar and active version under the available capacity.
  After you are done with all the steps now you can CIF the resource as external resource to SNP. The intervals you maintained in ECC is visible in capacity profile in SNP resource transaction. This how you maintain the time based capacity utilization. It is bit tricky while maintaining all the fields. Do let me know if you have any questions.
  Regards
  KRN

• Resource Bundling question.

  Hi,
  I have a message in my resource bundle say:
  static final Object[] messages_ =
  { T2zosMessageKeys.MYDETAILS_,
  " My name is = {0} and my age is "{1}"},
  My question is when I invoke this message in my resource bundle , how do I supply the parameters to the arguments {0} and {1}?

  Well, if that's your resource file, I would say you need some sort of method to search and replace those parameters in the string.

• OIM Java Compatibility Question

  Hi
  We have OIM 9.1.0.2 BP07 deployed in Weblogic 10.3.0 in test env. Our java version is JDK 1.6.0_10. All our adapters are compiled in this version. We are using this version of java since 1 year.
  Now we are moving to production, and we are not able to get exact java version which we used in test env in internet. My question is if I install java which is certified by weblogic 10.3(i.e 1.6.0_05) then will I face any issues in OIM? is it mandatory to use exact version of java from one env to another?
  Thanks

  Does not make any difference with sub versions. The version compatibility comes into picture at a higher level like JDK 1.5 or JDK 1.6.
  Consider the connector development team, they develop connectors on JDK 1.6 (could be any sub version) and when a customer uses that OOTB connector, they can use any of those sub-versions within JDK 1.6.
  Also the fact that if its your custom adapters then you should be aware that what all java functions you are using and I assume it would be the basic ones, so the version difference should not bring in any issues. If its OOTB connector then see the certification matrix as well.

• [OIM] Resources search takes more than 10 minutes

  Hi everyone,
  I have several resources (more than 6,000), and I have the following problem:
  1) I go to Request -> Resources
  2) select a user.
  3) in the notification screen, I left the send notification checked and click on next.
  After the last next, the resources screen should appear. It takes more than 10 minutes. I am uploading more resources and I see that as I add more, the time of searching the resources increases linearly with the ammount of resources.
  Is there a way of putting some filter for this search so it takes less time, or I have to make a custom app for requesting resources?
  Thanks!

  I think the application does too much validations in these kind of searches. I noticed that until 9.1.0, the Organization lookup in the Users -> Create User showed all possible results, but in 9.1.0.2 you will see that it shows nothing, you have to enter a search filter so organizations appears. Perhaps it's the solution to these problems, that all sarches show nothing at the first time and then you filter the results.
  I opened the war, but the code for searching appears to be generic to all search pages, so I think it's very dangerous to change the OIM core.

• Resource Manager question

  Hi,
  In 10g , Automatically Assigning Resource Consumer Groups to Sessions done by using the following package:
  DBMS_RESOURCE_MANAGER.set_consumer_group_mapping (
  attribute IN VARCHAR2,
  value IN VARCHAR2,
  consumer_group IN VARCHAR2 DEFAULT NULL)
  For example:
  DBMS_RESOURCE_MANAGER.set_consumer_group_mapping (
  attribute => DBMS_RESOURCE_MANAGER.module_name,
  value => 'TOAD',
  consumer_group => 'TOOLS_GROUP');
  In case that i have few version of the same tool such as: TOAD 9.5.0.31 , TOAD 8.1 and so on (found under module_name column in v$session)
  than i have to attache each UNIQUE module to the procedure :DBMS_RESOURCE_MANAGER.set_consumer_group_mapping
  Is there an option to pass entry like %TOAD% ?
  Thanks

  Is there an option to pass entry like %TOAD% ?
  Nope, I don't think so, couldn't find anything like that in the docs.
  Aman....

• Resource Mangement question(s)

  Hello,
  I'm running Oracle 11.2.0.2 (on Solaris 10).
  I'm reading an Oracle whitepaper on Resource Management and hoping someone has experience with this subject.
  Re: http://www.oracle.com/technetwork/database/performance/resource-manager-twp-133705.pdf
  I have gone through the steps in this paper in attempt to set two different users (actually these are main user accounts that are shared) to two separate consumer groups, but I'm a little lost how to assign them to those groups.
  So, here are the steps I've done:
  =======================
  SQL> alter system set resource_limit=true scope=both;
  System altered.
  SQL> alter system set resource_manager_plan = 'DEFAULT_PLAN' sid='*';
  System altered.
  SQL> exec dbms_resource_manager.create_pending_area();
  PL/SQL procedure successfully completed.
  SQL> BEGIN dbms_resource_manager.set_consumer_group_mapping(attribute => dbms_resource_manager.service_name,value => 'REMEDYT',consumer_group =>'INTERACTIVE_GROUP'); END;
  PL/SQL procedure successfully completed.
  SQL> exec dbms_resource_manager_privs.grant_switch_consumer_group(grantee_name => 'ARADMIN',consumer_group => 'INTERACTIVE_GROUP',grant_option => FALSE);
  PL/SQL procedure successfully completed.
  SQL> exec dbms_resource_manager_privs.grant_switch_consumer_group(grantee_name => 'ARRDONLY',consumer_group => 'DSS_GROUP',grant_option => FALSE);
  PL/SQL procedure successfully completed.
  SQL> exec dbms_resource_manager_privs.grant_switch_consumer_group(grantee_name => 'public',consumer_group => 'DSS_GROUP',grant_option => FALSE);
  PL/SQL procedure successfully completed.So basically I'm allowing the main application which uses schema ARADMIN to use the "INTERACTIVE_GROUP", and the schema ARRDONLY (or any other user) to use the "DSS_GROUP".
  But, this seems to only "allow" these users to switch to these groups, rather than assign them to these groups.
  Also, how do I see (or adjust) what allocation of resources are given to these groups respectively by default.
  These are all Oracle default groups.
  I'm a little lost on this one whereas in the past I've just considered to use profiles for managing resources, but this is different, (and perhaps better for what I'm wanting to accomplish). What I'm wanting to accomplish, is exactly as noted in this whitepaper:
  You can also use Resource Manager to explicitly allocate CPU resources to the multiple
  workloads or applications that are sharing the database. For example, you can prioritize
  “sys” over regular users and OLTP transactions over reports and batch jobs

  ji li wrote:
  But, this seems to only "allow" these users to switch to these groups, rather than assign them to these groups.In your case DBMS_RESOURCE_MANAGER.SET_CONSUMER_GROUP_MAPPING will assign user session to the right group based on the service name used by the client to establish a connection because you have used :
  dbms_resource_manager.service_name
  Also, how do I see (or adjust) what allocation of resources are given to these groups respectively by default.You need either to create a simple plan using CREATE_SIMPLE_PLAN http://docs.oracle.com/cd/E11882_01/server.112/e25494/dbrm004.htm
  or a complex plan using differents steps described in http://docs.oracle.com/cd/E11882_01/server.112/e25494/dbrm005.htm.
  You can query following dictionary views for resource manager allocated resources:
  DBA_RSRC_CONSUMER_GROUPS
  DBA_RSRC_IO_CALIBRATE
  DBA_RSRC_PLAN_DIRECTIVES
  Edited by: P. Forstmann on 15 févr. 2013 21:20