OIM User Group
hi,
I have created a user group say "Employee grp" where the user belongs to this group cannot edit the user details (UDF fields), process form, child forms. Now there is a new requirement where the helpdesk user can change/reset only the password for other user accounts. Check the below points,
1. User can view his user details, process form etc. can edit any field.
2. User can view other user details, process form etc. but cannot edit any field except the change password..
In short, this new group has to enable only the "change password" button if the user access other user details and nothing else. Is it achievable???
thanks in advance
Edited by: achiles on Oct 12, 2010 10:51 AM
Edited by: achiles on Oct 12, 2010 10:58 AM
It is possible. My approach is..
You can create a UDF say Change Password with datatype boolean and field type checkbox in Users Group form.
Now when you create HelpDesk Group in Admin console, you can select the check box and specify whether users in this group are allowed to change password or not.
Create an adapter and check whether the user is member of helpdesk group and then check whether he has permissions to change password only, if he is not allowed to change other info then you can show up an error message to the user.
Similar Messages
-
OIM User Groups - Export and Import
Hi,
I am looking for ideas for OIM User's groups to be exported from one environment to another environment.
I am using the following logic, but it is too slow. Any suggestions are welcome.
1. Export the User's groups from Source Environment - Add it to the CSV file with the following format:
User,Group_Name
2. Import the User's group by reading the CSV file - one user and one group at a time.
I think this approach is slow. Is it possible to read all the users from Groups - then add users into groups?
Will it be faster?
Regards
Vijay ChinnasamyHi Suren,
Thanks for the note. I tested this (Evaluating rules using updateUser()).... It looks like it is working in my case.
Actually, I am already using updateUser() to update the password using below code piece. It looks like it added groups at that time.
String[] filteredColumnsSet ={"Users.Key","Users.Row Version"};
Hashtable mhSearchCriteria = new Hashtable();
mhSearchCriteria.put("Users.User ID", Users_User_ID);
tcResultSet moResultSet = uo.findUsersFiltered(mhSearchCriteria, filteredColumnsSet);
HashMap userAttributeSet = new HashMap();
userAttributeSet.put("Users.Password", Users_Password);
uo.updateUser(moResultSet, userAttributeSet);
I will few more checks and let you know.
Thanks for the note once again.
Regards
Vijay Chinnasamy -
OIM 9.1.0.2 - User group permission conflict issue
Hi Gurus,
IHAC who have faced a strange behavior about permission conflict.
User has been assigned to a user group (ANALISTA DRSI) who have permission to disable resource of the users he administrates. The user group has been assigned to resource's administrator.
The same use has been assigned to other user group (ANALISTA ADM DRSI) who have other permission. The user group has been not assigned to resource's administrator.
If the user has been only assigned to ANALISTA DRSI user group the user is able to see records on Rogue Account report. If the customer has been assigned to both ANALISTA DRSI and ANALISTA ADM the user is not able to see the record on Rogue Account report. He got a display error message (You do not have permission). Both user groups have the Report menu item assigned.
My question: if the customer is assigned to a user group who have permission to see the reports, should not the user is able to see the report even though he is also into the other group who do not have permission?
Is there conflit in the OIM???
Any tip will be very appreciated.Orgnaization > Manage > Select Org in which users are getting created > Administrative Group (Drop Down) > Select Group for which users are not coming.
-
OIM 10g Event Handler : Integrated with User Groups.User Members
I have created custom event handler and integrated it with User Groups.User Members data object.
here is my code od event handler class:
public class GroupEventHandler extends tcBaseEvent {
public GroupEventHandler() {
this.setEventName("Event Handler Sample");
protected void implementation() throws Exception {
System.out.println("============@@@@@@@@ IN EVENT HANDLER ");
try
String groupKey = this.getDataObject().getString("Groups.Key");
writeToFile(groupKey);
catch (Exception e)
e.printStackTrace();
But I am getting this exception :
ERROR [ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.SERVER - Class/Method: tcTableDataObj/getString encounter some problems: Column 'GROUPS.KEY' not found
com.thortech.xl.dataaccess.tcDataSetException: Column 'GROUPS.KEY' not found
at com.thortech.xl.dataaccess.tcDataSet.getColumnIndex(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.getString(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.getString(Unknown Source)
at oim.GroupEventHandler.implementation(GroupEventHandler.java:19)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUSG.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcGroupOperationsBean.addMemberUsers(Unknown Source)
at com.thortech.xl.ejb.beans.tcGroupOperationsSession.addMemberUsers(Unknown Source)
at com.thortech.xl.ejb.beans.tcGroupOperations_ejm77u_EOImpl.addMemberUsers(tcGroupOperations_ejm77u_EOImpl.java:1671)
at Thor.API.Operations.tcGroupOperationsClient.addMemberUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy66.addMemberUsers(Unknown Source)
at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignMemberUsers(Unknown Source)
at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignGroupMembers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)Anyone have idea about why "Groups.Key" not found exception thrown here..
I have assigned this event handler at postinsert event of User Groups.User Members Data Object. -
Reconcile user groups to OIM (11g)
I would appreciate it if someone may let me know how to reconcile the organization and leadership structure information from an Oracle DB based identity vault into OIM (11g) to create organizational roles, for example, into the user group and user group membership tables, i.e. the UGP and USG table series. Many thanks.
yesy, I have defines correct search value but its again and again throwing error. I change the search values too. But its not working.
-
[OIM] Cannot use special character in User Group Name
Dear IdM expert,
I have problem creating user group in OIM if user group name contain special character like '&', '<' or '+'.
I read Note 430081.1 : Can a Field Label in an Object Form Contain Special Characters? and change <AppFirewall><SecurityLevel> in xlconfig.xml to 0, (by default SecurityLevel is set to 1). But still no luck.
Could anyone find way to do this? Thank you.
Best Regards,
SatitI don't think the app fire wall applies to recon events so that is probably how they got in.
You may have to update the database tables directly to solve this. Should not be a big issue as you aren't messing with any table primary keys.
Best regards
/Martin -
OIM 9.1.0.2 - User group permission
Hi experts,
IHAC that need to configure some user groups in order to perform just specifics activities. We have configured the user groups but with no sucess.
1) Group that should see/track all the opened requests.
Given all request permission. (The requests don´t appear)
2) Group that should disable Resource from user thru User Detail -> Resource Profile.
Given all resource objects permission. (Error message: No permission)
3) Group that create/manage Attestation.
Given all attestation permission. (The attestation is created, but it doesn´t appear to delegated user)
Any tip on how to set the correct permission?
Brgs,Hi,
I was looking for the same questions! One of them I could make it to work...
About quetion #3, some steps:
1. Create a group with name, lets say: AttestationManagers
2. Give the following permissions:
Attestation Requests
Attestation Process Tasks
Attestation Data
Attestation Process Definitions
Attestation Process Administrator
3. Make the users responsable of attestation process part of group: AttestationManagers
4. Create an attestation process and in the last field: Process Owner, put AttestationManagers
5. Click: "Run Now"
6. This attestation should appear to the user responsable of it.
You can find an explanation about the attestation process in the following link: http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14057/attestation.htm#insertedID1 and about the Process Owner, the point 15.1.1 in the above link.
I hope it helps!
Regards. -
Hi Gurus,
I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
Any tip on what I should take a look?
Thanks in advance.Hi all,
I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
Thanks a lot. -
Problems while provisioning OIM user to AD
Hello,
My OIM version is 9.1.0.1 & AD version is 9.1.1.4
I want to provision OIM user to AD,so before provisioning i ran AD Group Lookup Recon &
AD Organization Lookup Recon .
When i tried to provision AD User to OIM user ,status=provisioning where System Validation was
completed & create user was rejected & there was no response description.
Following is the error which i got on console : java.lang.reflect.InvocationTargetException
Thanks & Regards
Rahul ShahIT Resource Parameters :
ADAM LockoutThreshold Value 5
ADGroup LookUp Definition Lookup.ADReconciliation.GroupLookup
Admin FQDN CN=Administrator,CN=Users,DC=proservdemo,DC=com
Admin Password *******
Allow Password Provisioning yes
AtMap ADGroup AtMap.ADGroup
AtMap ADUser AtMap.AD
Invert Display Name no
Port Number 389
Remote Manager Prov Lookup AtMap.AD.RemoteScriptlookUp
Remote Manager Prov Script Path
Root Context DC=proservdemo,DC=com
Server Address IP Address
Target Locale: TimeZone GMT
UPN Domain proservdemo.com
Use SSL no
isADAM no
isUserDeleteLeafNode no
& here is the exception which i see on console :
Running GETINVERTDISPLAYNAMEVALUE
Target Class = java.lang.String
Running CONCATFIRSTANDLAST
Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
Running GETINVERTDISPLAYNAMEVALUE
Target Class = java.lang.String
Running CONCATFIRSTANDLAST
Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
Running CONCATDOMAIN
Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
Running CONCATUSERLOGINWITHDOMAIN
Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Initializ
ing image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerateFull.ear\xlW
ebApp.war\cabo\images\cache\ ...
MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Loading i
mage 0 of 3 from image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerat
eFull.ear\xlWebApp.war\cabo\images\cache\
MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Finished
initializing image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerateFul
l.ear\xlWebApp.war\cabo\images\cache\
Running ISADAM
Target Class = java.lang.String
Running Get Attribute Map
Running AD Create User
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ADCREATEUSER(adpADCSCREATEUSER.java:224)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:91)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(UnknownSource)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.setProcessFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1245)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy68.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.NullPointerException
at com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks.createUser(Unknown Source)
... 68 more
com.thortech.xl.dataobj.util.tcAdapterTaskException
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ADCREATEUSER(adpADCSCREATEUSER.java:230)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:91)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(UnknownSource)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.setProcessFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1245)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy68.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
& is AD version 9.1.1.4 compatible with OIM 9.1.0.1
Thanks & regards
Rahul Shah -
Delete oimGroup membership of the oim user using Script (oim 9.1).
Hi All,
I want to remove oim users' particular oim group membership, Is there any problem, if I use the following script to delete user group information from USg table?
delete from usg where usr_key in (select usr_key from usr where usr_login in ('xxx','yyy')) and ugp_key=31
Note: In our case, No policies,membershiprules are assigned to this oim group (we defined gruops only) and env is oim 9.1.
Can any one confirm this. Or if there is nay problem, please let us know.
Thanks.
Edited by: user13285646 on Jul 28, 2011 11:01 PMThanks Rajiv.
-
OIM: Is there a way to control resource groups based on OIM Admin group
Hi,
I have a resource+target system where we provision users and groups. My requirement is to make the group assignment/de-assignment to be based on OIM's user group of the admin. For example, admins from User Group UG1 can provision certain groups to a given user where as they cannot add/delete other groups. Similarly admins from another admin user group UG2 cannot add/delete resource groups to the same user.
Have you come across such a requirement and if so could you please share you implemented this?
ThanksThe easiest way to do it is often to use a resource object for addition of groups, use request based provisioning and then include a test in the approval that checks if the raising user has the right to raise a request for that group. If not just deny the request.
Works well and is easy to implement but may be considered a bit user unfriendly as it allows the admins to raise requests that are later auto denied.
Best regards
-Martin -
How to Populate Database values in OIM user form
Hi friends,
I have created some groups in OIM and I have created a new field in OIM user form. Now i want the group values visible as new field values.
How the database table values can be made visible in OIM field ..?
please help me in doing it
Regards
sriJust follow this document and from fig 13 select LOV type as query.
http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/conf_mangmnt.htm
Regards
Shashank -
Friends
Exist in Oracle Identity Manager 11g User groups as in version 9..?
ThanksIf this question is about: What has happened to User Groups in OIM 11G then:
The User Groups is now converted to Roles in OIM 11G. -
Hello All
I just upgraded to BP12 of OIM 9.1.0.2 and in the process, had some problems with the ORM integration where is was creating new copies of roles in OIM for ORM roles. Now, instead of the 30 or so user groups that I should have, I now have about 950 or so. I have fixed the issue with the groups in OIM and change the ORMID of all the groups in OIM so they are no longer linked to ORM, but now I need to remove them so they are not showing up on everyones profiles. Do you know if there is a way to permanently delete user groups and the associated links from OIM so they are not available. Any help you can give on this would be much appreciated.
Thanks
NickYou can create a list of the groups you want to keep in OIM. Include the 4 default ones. Then looping through the list of groups use something along the lines of the following:
Map map = new HashMap();
map.put("Groups.Group Name", "*");
tcResultSet set = groupIntf.findGroups(map);
long[] users = new long[set.getTotalRowCount]'
for (int i=0;i<set.getTotalRowCount();i++){
set.goToRow(i);
tcResultSet users = groupIntf.getAllMembers(set.getLongValue("Groups.Key");
//Loop through the users result set to get all the Users.Key values. Add them to the array users[].
//After you loop through remove the users
groupIntf.removeMemberUsers(userList);
//After you remove the users, delete the group
groupIntf.deleteGroup(set.getLongValue("Groups.Key"));
I typed this off the top of my head, there is no validation in it. You will be expected to be able to come up with the rest of it in java, but this should give you something to go off of.
-Kevin -
What is difference between user group and reference user group?
hi
guys,
what is difference between user group and reference user group?
your regards
p.sureshHi ,
Chk the link below for your clarifiacation.
http://help.sap.com/erp2005_ehp_03/helpdata/EN/5c/c1c81c445f11d189f00000e81ddfac/frameset.htm
Hope it helps.
Regards,
Amit
Edited by: Amit Kotwani on Sep 2, 2008 2:15 PM
Maybe you are looking for
-
How to create a custom function module with the records in SAP R/3?
Hi All, How to create a custom function module with the records in SAP R/3? Using RFC Adapter I have to fetch the custom function module records. Regards Sara
-
MacBook Pro Mac OS X Lion 10.7.5 to new Mac Pro
I am currently using a pro 2011 and I want to buy a new one that runs on the Os X Mavericks system. I back up my current computer with an external seagate hard drive right now. If I buy a new computer running on Maverick and connect my seagate drive
-
Hi,My 932XL Black and 933 Yellow ink cartridge is lying vacant and unused as my older printer stopped working and it was replaced by an HP Officejet 8610. Those two ink cartridge has never been used and it seems like i have wasted around $51 on thos
-
X220 DP++ port to multiiple DVI-D monitors?
Hi all, Would be grateful for your advice. I want to use my DP++ port on the Lenovo x220 to 'drive' two 24" DVI-D LCD monitors showing separate images. It's not for gaming, only for boring office apps. I can't work out from the displayport.org websi
-
Hi. Can any one help me with how to paint directly in JPanel, I need to paint directly in a swing component, but i dont know in which and how How i use the paintComponent method of JPanel class.. Thanks.