OIM synchronization organize information and role information

How to use the OIM to synchronization organize information and role information from the Oracle database?
thanks!

Can you explain little bit about your use case ?

Similar Messages

  • Problem about Organization Unit and Role in BPM

    Hi,
    I am developing BPM project which have some roles and will be deployed for many organization. In JDev, I want to assign users to each role and organization and when the project is deployed to WorkSpace, each user in specify org can only manipulate with his task (other user can not visible). I tried configure in Jdev and WorkSpace but it is working incorrecttly
    I used BPM, Jdev 11g.
    Some body help ?
    Thanks.

    Hi
    1. When you add new Roles, Users to Roles etc from JDev and Deploy it, ONLY for the first time deployment, all these information is added to the Workspace and you can see it in Admin tab of workspace. You should see them in one of the tables of soainfra like BPM_CUBE_ROLE like that. The point is, after first deployment, when you add more users to the same Role, they will not be reflected in Workspace. I guess this was Designed intentionally to avoid overwriting of users with every redeployment. The only way to add more Users or Edit Users for Each Role is from the bpm/workspace application with adminstrator Role.
    This makes sense also. Beacause when we develop any BPM Application, all we consider is the Roles names called as Studio Roles (or Swimlanes etc). They are just dummy and virutal Roles. We add all Tasks for each Role. Thats it. Then you Deploy them. And only in Workpace, we map these dummy studio Roles to the real Users from the Security Providers of that SOA/BPM Domain like from default seucrity provider or any external configured AD LDAP etc.
    Unless there is a very strong reason, I would not recommend to add Users/Groups etc to the Studio Roles in the JDeveloper itself. Worst case, after you deploy it, if you see any discrepencies, just delete the Roles from workspace admin. Redeploy your bpm app and it will create the new Roles.
    Thanks
    Ravi Jegga

  • OIM 11gR2 - Expression Language and Roles

    I assume this question is pretty easy for all you developers out there.
    I have already found in the forums the answer if you want to hide the Administration tab on the left hand side of the screen from everyone other than the system administrators:
    Set the visible property EL to either
    #{oimcontext.currentUser.roles['SYSTEM ADMINISTRATORS'] != null}
    or
    #{oimcontext.currentUser.adminRoles['OrclOIMSystemAdministrator'] != null}
    But what would my EL be if I wanted three different roles to be allowed to see it?
    EG:
    #{oimcontext.currentUser.adminRoles['OrclOIMSystemAdministrator'] != null}
    #{oimcontext.currentUser.adminRoles['OrclOIMUserHelpDesk'] != null}
    #{oimcontext.currentUser.adminRoles['OrclOIMUserAdmin'] != null}
    None of the combinations I'm attempting work to either don't return True or a valid expression.
    Any help with the formatting or logic of the string would be very much appreciated.

    have you tried like this:
    #{ (oimcontext.currentUser.adminRoles['OrclOIMSystemAdministrator'] != null) || (oimcontext.currentUser.adminRoles['OrclOIMUserHelpDesk'] != null) || (oimcontext.currentUser.adminRoles['OrclOIMUserAdmin'] != null)  }

  • How to synchronize Address Books and Calendar Books in Mavericks 10.9.2, I am unable to synchronize my Address and Calendar Books informations with my iPhone 4 via iTunes

    Since I updated my MacBook Pro's OS X version 10.6.8 to Mavericks 10.9.2, I am unable to synchronize my Address and Calendar Books informations with my iPhone 4 via iTunes.  What do I need to do to update these data ?

    I cannot synchronize the Address Book and Calendar data, even by means of iCloud or similar servers.  It appears these data are not selected automatically during synchronization. How can one select Address Book and Calendar Book in Mavericks for synchronization ?

  • Is it possible to store user and role information in MDS instead of jazn ?

    Hi
    I want to store the user and role details in mds rather than jazn xml. Is it posssible? Could any one tell the steps that to be follow?
    Thanks,
    Vishnu

    Hi,
    MDS is not a polic store nor an identity management system. It does not really make sense what you are asking for. Instead of jazn-data.xml you can use OID and RDBMS for holiding user identities and policies. If it is only user identities and groups you want to move to another store then you have OID, RDBMS, Active Directory. OAM etc.. The jazn-data.xml file btw. is used at design time only. Upon deployment - by default - users and groups are created from jazn-data.xml into the integrated WLS LDAP server. Policies in jazn-data.xml file are copied to system-jazn-data.xml of the target WLS server.
    Frank

  • Employee Search 'Organization Information' iView

    In General Information when viewing the Employee Search iView a Manager
    selects "Employee Selection" - "Direct Reports" and the "Display"
    of "Organizational Information" it displays all employee in their
    Organizational Unit.
    We have transported our R/3 configuration to our QA/UAT Portal. When
    looking in the QA/UAT Portal and viewing the General Information iView
    and viewing the Employee Search iView the Manager selects "Employee
    Selection" - "Direct Reports" and the "Display" of "Organizational
    Information" it does not display any employees.
    We have checked the Parameters against the iView in QA Portal and they are exacty the same as the iView in Dev Portal.
    Any ideas as to why the iView is not showing employees?
    Thanks
    MN
    Points Rewarded!!

    Hi,
    Few things to check
    1 - Make sure your user ID is linked correclty in the communication infotype 105
    2 - Make sure your user is a Manager (i.e. Chief position / Position with relationship A-012)
    3 - Make sure your user have MSS role assigned
    Hope this help. If all those elements are set-up, there is now reason why it should not worked. Are you using standard SAP views in the backend ? ex: MSS_TMV_EE_ORG1 ?

  • Invalid Locator Segments-The expenditure organization information is invali

    Hi Gurus,
    Onhand quantity import from legacy to Oracle apps(11.5.10) is failing with the folowing error in the interface table, mtl_transactions_interface.
    Error Code: Invalid Locator Segments
    Error Explanantion: The expenditure organization information is invalid
    I did import successfully during my intial testing cycles though. But now after a month, trying to load the onhand quantities again, I am getting this error. Some setups might have been changed or any thing else could cause this error to show up?
    We are using project manufacturing and locator control as "Dynamic". I am using account alias receipt to import onhand balances.
    Thanks in advance,
    Kaju

    Hi,
    Please also see these docs.
    Note: 837730.1 - MTI Interface "Invalid Locator Segments" Error
    Note: 823164.1 - "Material transaction API returned error(Invalid locator segments)" Error when Issue Materials Across Workorders in CMRO
    Note: 110424.1 - Unprocessed Transactions/Closing INV Accounting Period FAQ
    Note: 210900.1 - Locator is Invalid or Missing for this Item/Organization/Subinventory Combination
    Regards,
    Hussein

  • Hiding organization data and partner block in IC_AGENT role

    Hello,
       For  Business role : IC_AGENT and under  Work Center  : Interaction record ,we have a screen with three different blocks:
       Overview  Organizational Data  Partner.
       My requirement is to hide Organization Data and Partner block.
       Please suggest how can i do that?
       Regards
       Najm

    Hello Najm,
    for the same purpose I've done in the following way.
    Enhance component ICCMP_BT_INR in BSP_WD_CMPWB if it's not been done yet.
    Enhance view InrHeaderViewSet if it's not been done yet.
    In view controller implementation class for this view (in my case it was ZL_ICCMP_BT_INRHEADERVIEW_IMPL) redefine GET_TAB_LINK_TABLE method in the following way:
    METHOD get_tab_link_table.
    CONSTANTS: c_orgdata TYPE string VALUE 'InrOrgData.BTORGSET/OrgSet',
                c_partner TYPE string VALUE 'InrPartnerId.MainWindow'.
    CALL METHOD super->get_tab_link_table
       RECEIVING
         rt_result = rt_result.
    * hide org. data tab
    DELETE rt_result WHERE id CP c_orgdata.
    * hide partners tab
    DELETE rt_result WHERE id CP c_partner.
    ENDMETHOD.
    Other way is:
    Enhance component ICCMP_BT_INR in BSP_WD_CMPWB if it's not been done yet.
    Go to Runtime Repository Editor there.
    Delete InrPartnerId.MainWindow and InrOrgData.BTORGSET/OrgSet views from the viewarea Header of the ICCMP_BT_INR/InrHeaderViewSet.
    But personally I've preffered first one. Just to remember what was actually there in standard.

  • How to inherit roles between root organization unit and sub units

    Hi all,
    I have root organization unit and sub units:
    ->Company
    >Department 1
    >Department 2
    >Department 3
    >Department 4
    >Department 5
    I would like it to work like this that all people from all departments would have access to transaction ZTEST. Most obvious way would be for me to assign appropriate role to unit Company. Unfortunately it looks like roles are not inherit between units like this. So question is how it should be done? Do I have to assign this role to all departments to make it work?
    Best regards
    Marcin Cholewczuk

    Hi,
    To activate inheritance of roles between root org and sub org units, you need to set switch HR_ORG_ACTIVE to Yes in table PRGN_CUST. Also proper evaluation path has to be used so that user comparison (via PFUD)  creates the indirect role assignment to user master records.
    You can modify evaluation path US_ACTGR in table T77AW/ tcode OOAW to include root org and its subunits (add entry for relationship O B002 O) and connect the role assigned to root org to the users belonging to sub org units. Then run PFUD which will use this evaluation path to create indirect role assigment.
    Thanks
    Sandipan

  • Error in extends root organization and roles!!

    Hi all,
    I set up multimaster LDAP, and config merging for organizations and roles. After running about 2 moths stably, all the sub orgs and users cannot extend access list of root org, and all users cannot get the access list from role.
    Logically, one user can get access list from org and role, and merge them. But now probably some configuration are changed, the root org and all role can not work correctly.
    Please help!!!
    Thank you very much.
    Best Regards,
    Peter

    Hello,
    Please help me.... Urgent!!!
    I have set merging to ldap.
    After the ldap run about one month, the root org cannot support extension, and all the roles under sub org also cannot support extension.
    I add new user under sub org, it cannot extend the access list of root org. And I add new role, the user also cannot get the access list of role.
    Please help!!!
    Thanks!
    Peter

  • WLPI: integrating organizations and roles with existing application

    Hi,
    how do I integrate WLPI's organizations and roles with an existing application's
    data structure? It looks like WLPI expects organizations and roles to be groups
    with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
    and a null member). If I am integrating with an application that stores organizations
    and roles in (for example) separate database tables, how do I get WLPI to recognize
    these? Or do I have to maintain the organizations and roles in 2 places, one for
    the application and one for WLPI in the format described above?
    THanks,
    Martin

    Hi Martin,
    We're in the middle of a prototyping exercise of getting WLS, JMS,
    WLP, WLPI integrated accross one security realm. What its looking like
    is this (bear in mind I think this hasn't been tried before judging by
    newsgroups + BEA Docs)
    1)WLP has a bug that you cannot get user details from LDAP(exception
    is thrown)
    2)WLPI does need a certain structure -
    http://e-docs.bea.com/wlpi/wlpi121/install/cfigrun.htm#1246656
    and
    http://developer.bea.com/ftp_bin/Using_LDAP_with_WLPI.zip
    A) To solve your problem maybe you could write a custom realm to
    translate the roles + orgs back (no writing from WLPI ie read only )
    to WLPI.
    B) Maybe you caould have a META-DIRECTORY set up that synchronises the
    RDBMSRealm with something else maybe LDAP or another RDBMSRealm
    We are also looking into a unified security solution by Netegrity
    called siteminder. They are about to release a version for WLS 6 but
    they seem to be laggin behind. This provides a single signon over and
    enterprise system.
    This is a bit vague Martin, I will hopefully have more concrete info
    in a week or 2. If you have any other info you can mail me on -
    [email protected]
    BTW this wouldn't be Martin Van Vilet from the Netherlands that worked
    on the Intelligent Finance Product?
    "Martin van Vliet" <[email protected]> wrote in message news:<3b17ece8$[email protected]>...
    Hi,
    how do I integrate WLPI's organizations and roles with an existing application's
    data structure? It looks like WLPI expects organizations and roles to be groups
    with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
    and a null member). If I am integrating with an application that stores organizations
    and roles in (for example) separate database tables, how do I get WLPI to recognize
    these? Or do I have to maintain the organizations and roles in 2 places, one for
    the application and one for WLPI in the format described above?
    THanks,
    Martin

  • How to use the user and role API's and where to use it

    Hi All,
    I have configured SSO for my UCM11g. Now my application authenticates through the Oracle SSO login page. Currently it is working with SQL authenticator.
    Now, i have to use LDAP authenticator. when i will configure the LDAP authenticator, i have to use the user and role API's to fetch the user profile information from LDAP. i have got the API's which will be used to fetch the respected information, but i am not getting as where i will write those java programs and how this API will be used in my application. what settings i need to do on it so that application uses the API's. ?
    Please can anyone help me on this.
    thanks,
    Saurabh

    Hi, Mithu,
    Thanks a lot for your help in advance.
    I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
    Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
    I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP.   I don't know how to do this. 
    Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
    Do you give me some hints? Thanks a lot.  My email: [email protected]
    Thanks again.
    Thanks & Regards,
    Tao

  • SRM supplier user synchronization between SUS and productive client

    Dear Sirs, in our SRM environement the contact persons (and relative system users) created by suppliers in the auto-registration procedure, should be synchronized between SUS and productive client.
    (in our implementation client 150 and 330) .
    This sync mechanism should be valid also for lock-unlock status of the user and reset of the password,
    but in both cases it does not works (a locked user, manually unlocked from client 150 via SU01, is again locked in client 330, the same from 330 client).
    Could you suggest a solution or some checkpoints ?
    Could you provide some links for the configuration of this mechanism ? (we have seen only the SPRO node " Maintain Systems for Synchronization of User Data") ?
    I am not shure if XI is implicated or not.
    Best regards,
    Riccardo Galli

    HI
    Maintain Systems for Synchronization of User Data
    In this IMG activity, you specify the RFC destinations to which user data from SUS User Management is replicated.
    In the Logical System field, you should enter the backend destination with which the user data should be synchronized when they are entered in SUS. On the basis of this information, the system determines the relevant RFC destination automatically.
    Specify the function modules for creating, changing, or deleting a user in the external system for each logical system:
    Function Module for Creating User: Function module that is called to create a user in the external system
    Function Module for Changing User: Function module that is called to change the user in the external system
    Function Module for Deleting User: Function module that is called to delete the user in the external system
    If this data exists, you can set the indicator Use Purchasing BP ID to use the business partner ID from the procurement system instead of the business partner ID from SUS.
    What are the settings maintained here ?
    external system and roles in external system
    br
    Muthu

  • How can I move all my bookmarks from different Firefox profiles into one area to organize them and then place them into the different Firefox profiles?

    How can I move all my bookmarks from different Firefox profiles (would like to move whole bookmark folders at once if possible) into one area to organize them and then place them into the different Firefox profiles? This is all under one window user account, I am using windows 8.1. Even if you have information on how to do it on a different windows, it may still be helpful. Thanks for any input you have.

    Just a note about the difference between these two things:
    * "export" and "import" use an ancient HTML document format that all browsers can understand. When you import bookmarks, Firefox may place them into an Imported Bookmarks folder, or into Unsorted Bookmarks. This does not displace existing bookmarks, and Firefox does not automatically remove duplicates.
    * "backup" and "restore" use a more comprehensive JSON data file, which contains extra information about your bookmarks (such as tags) not contained in the traditional export file. HOWEVER, a restore completely replaces all existing bookmarks, so the restore feature cannot be used to merge in a set of additional bookmarks.
    Related support articles:
    * [[Export Firefox bookmarks to an HTML file to back up or transfer bookmarks]]
    * [[Import Bookmarks from a HTML file]]
    * [[Restore bookmarks from backup or move them to another computer]]
    Some users find the disk-based Windows Favorites folder a convenient way to organize bookmarks. If you do, too, and you do not need to preserve tags on your bookmarks, you could export each profile's bookmarks to HTML and import them all into IE11. Organize them in the Windows Favorites folder, then export from IE11 to HTML and import that file into each Firefox profile. See: [http://windows.microsoft.com/en-us/internet-explorer/add-view-organize-favorites].

  • Automatic Creation of Roles and Role Mappings in GRC

    Hi,
    we are planning to use SAP Identity Management and SAP GRC Access Management.
    In SAP IDM we have defined several business roles that contain privilieges in SAP systems. When a user is requesting a role, the request will first be sent to SAP GRC for approval and risk checking.
    In order to get this to work, we need to load the business roles of SAP IDM into SAP GRC and we also need to configure the role mapping between the business roles and the technical SAP privileges.
    From what I understood, this could be implemented by loading the required information via Excel filles into SAP IDM.However, this is a quite cumbersome and error-rpone approach an we would like to automate this.
    Is there a way to use e.g. web service calls to create/delete roles and role mappings in SAP GRC?
    BTW: is a documentation of all available GRC web service calls and their parameters available?
    Thanks for your help in advance!
    Best regards
    Tom

    Hi Tom,
    as stated before, the web service description is in the config guide.
    Unfortunately there is no web service to create roles or even mappings in CUP - this is one of many I would also like to se created
    I don't think in your context you will be able to directly send Business Roles to CUP. The role mapping only happens after you send the request, so I'm not sure if that's in time for risk analysis - you will need to try that.
    Are you a customer or a consultant - anyway, feel free to contact me if you need further help integrating CUP and IdM. This is an evolving interface with many possible scenarios, so it's not easy to give you good advise without seeing the full picture.
    Frank.

Maybe you are looking for

  • How do I share address book and calendars with other iCloud users?

    I guess the title of the discussion question says it all. My wife, and other family members want to SHARE Contacts, Calendars etc... with other iCloud users. Simple task... most people would want to do it... But... I can't find an easy answer... how

  • Problem running app in default server (Jdev 11g)

    Hi, I am pretty new to Java/Jdev and I am facing some problems trying to run the application as laid out in the example tutorial from http://www.oracle.com/technology/products/jdev/11/cuecards/adf_set_22/ccset22_ALL.html. I have followed all the step

  • URGENT: Unable to view Bill

    Hello, I have been trying to view my bill online for the last four days. Every time I log in and go to My Verizon > View Bill, I get the following message: "We are unable to process your request at this time. Please try again later. We apologize for

  • Pl/sql procedure with shell script

    Hi Guys, I will be updating some of the columns in the database thru SQL UPDATE stament. I want to make this process automatic. I.e instead of running manually this uodate process, i want to write a unix script which run on cron job. In the update st

  • How to view ear files?

    we have a third party ear file deployed. I want to find out its contents such as the app descriptors web.xml, weblogic.xml , jar files and etc. How can I view these? TIA