Problem with Access Policy

Similar Messages

• Problem with Access policy Provisioning on AD

  Hi,
  I have created an access policy, which will trigger the provisioning the user to AD when the user is added to group 'abc'.
  Its without approval.
  We have object form and process form. Process form is autosave.
  But, the problem is, as soon as the user is added to the group 'abc'.
  It triggers the provisioning flow. But the provisioning will be in ready state only.
  When we go and save the resource form only the provisioning flow triggers.
  If we make the object as auto save, it will work. But in our case we cannot make the object autosave as it has a resource form to be filled by user in other flow.
  Is there any approach to solve the issue?
  Regards,
  SK

  Hi Rajiv,
  So, there is no way we can implement this?
  My requirement is same as this,
  OIM: Question about "Auto Save" option on Resource Object
  I have a Resource Object that needs to be provisioned at least two ways:
  1) thru an access policy by group membership
  2) thru user self-request, who is not already in that group membership
  The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
  Is there a way to make both work on the same Resource Object?
  Thanks
  SK

• Problem with Access Policies (create multiple resources)

  I'm having a problem with Access Policies:
  The first policy must create a resource.
  And the following policies should create childs on the resource.
  The problem here is that when policies will add the childs, the resource is not provisioned yet.
  And then each one will create a resource but i just want one resource with the childs.
  When the resource is already provisioned, the policies update this resource properly.
  How can I fix this?
  tks

  Ricardo,
  I had a similar problem. In a post-process handler I was managing the user membership in specific roles through the removeMemberUser and the addMemberUser of the tcGroupOperationsIntf class.
  The last parameter of this method was a boolean which, when true, would automatically trigger the access policies programmatically in the post-process.
  The problem is that there also is an OOTB event handler for triggering access policies, so I was basically triggering the access policies twice and duplicated resources were appearing.
  Hope this helps.
  Cheers

• Disable AD account with access policy

  Hi all,
  how can I disable AD account with access policy (or create AD account in disabled state)
  Regards,
  Vladimir

  Dewan.Rajiv wrote:
  Access Polcies are just for triggering provisioning. You can custom AD connector or write your own to create user in disabled state using JNDI.Hi Dewan,
  I have to create a simple demo system, and I need a solution which is not too weird (that means use as little of disparate technologies as possible).
  I have two connected systems:
  1. HR system, which is a trusted source for user and organizational data.
  2. AD system, which is my provision destination.
  I want to comply to the following requirements:
  1. When a user is created in HR system, a new OIM account shall be created, and a new AD account shall or shall not (depending on HR data) be created in AD in disabled state
  2. When a user is marked as dismissed in HR system, the AD account if exists, shall be disabled and moved to some special place in AD tree.
  3. Same rules shall apply if the OIM account is created or marked as "Dismissed" manually by OIM administrator.
  I use OIM reconciliation to get source data and it is no problem for me to create any reconciliation event I need.
  I was considering creating Group->Access Policy->Resource chains, but Access Policy allows only to manage AD attributes, not account enable status.
  Or should I add some unmapped pseudo-attribute to AD connector and a task which will enable/disable AD account based on the value of this attribute?
  What other options do I have?
  Regards,
  Vladimir

• Problem with access to SMTP, IMAP, POP3 protocols in CAS 2013.

  Hi,
  we have problem with access thgrough SMTP, IMAP, POP3 protocols in CAS 2013.
  If I test connection to SMTP 25 port from other computer, session end quickly.
  Test from CAS2013 to localhost or public IP is OK (similar also for IMAP and POP3).
  Receive connectors are with defaults settings, firewall is disabled.
  Service Microsoft Frontend Transport Services restarted, but no success.
  Certificate is assigned to IMAP, POP3, SMTP, IIS.
  IIS and HTTP(s), protocols are OK. Clients can connects only thgrough web, mobile (ActiveSync), or with Outlook with proxy.
  Do you have some tip, what to test?
  If I create new testing receive connector on port 26 for anonymous, behaviour is same, quick disconnecting.
  Thank's Mirek

  Hi,
  Pleaser try to use the following link to test your STMP/POP/IMAP e-mail, and check the test if successful:
  https://testconnectivity.microsoft.com/
  If unsuccessful, please check the test result, it will tell us what caused the problem.
  Thanks.
  Niko Cheng
  TechNet Community Support

• Problem with access to SipFactory from jsp-pages in JBoss environment

  Hello!
  I have an installation of the OCMS 10.1.3.3. deployed into a JBoss (jboss-4.0.5.GA) environment. Unfortunately I have a problem with accessing the SipFactory from a jps-page. Encouraged by the "messagesender" example I tried to get an instance of SipFactory from my jsp-page simply by calling:
  SipFactory sipFactory = (SipFactory) application.getAttribute(SipServlet.SIP_FACTORY);
  But unfortunately there seems to be no attribute "SipServlet.SIP_FACTORY" and I only get a null pointer. I have also tried running that code in the orignal messagesender example but it didn't work either. So I wonder if this should definetely work in a JBoss environment or if this might be a known problem. Is there anything that I could check/do regarding this problem? I suppose there must be an oracle module which should take care of making the SipFactory availabe after it is deployed. Perhaps something went wrong during the deployment?!
  Best regards,
  Tim

  Hi
  On JBoss, OCMS does not support converge applications.
  I.e the SipFactory can be retrieved from the servlet context when running on OC4J.
  Instead the SipFactory can be found in JNDI as described in the Developer's Guide:
  "External Access to SIP Servlets
  To enable convergent applications between SIP and HTTP, the OCMS Container allows you to get access to the javax.servlet.sip.SipFactory by looking it up through JNDI. The SIP Factory will be registered under the same name as the display name of your SIP servlet as illustrated in Example 2–12. The <display-name> in the sip.xml in this case must be "My sip app".
  Example 2–12 Accessing the Data for a SIP Session through JNDI
  InitialContext ic = new InitialContext();
  SipFactory sipFactory = (SipFactory)ic.lookup("sip/My sip app");"
  Cheers
  Lucas Persson

• I have problem with Access Connections on L412 after that utilyty upgrade

  I have problem with Access Connections on L412 after that utilyty upgrade in early August. Windows 7 Ultimate/x64.
  It stops connecting to WPA2 Enterprise (AES-CCMP), Microsoft PEAP, no server cert, with any credentials I try to use. The same account(s) works with native Intel manager on other notebooks and on mobile devices. I lost the wireless connectivity to enterprise WiFi network.
  And, after deinstallation of Access Connections, the inability to connect keeped intact with native Win7 WiFi management.
  I think, something was broken in Access Connections 5.83 Build 83C753WW and some registry settings/ dll modules were altered but not returned to normal after deinstall.

  Access Connections is definitely broken for WPA encryption.  Both versions 5.02 and 5.84 fail for me.  If I use the Windows XP wireless configuration instead of Access Connections, everything works.
  Does anyone know how to report this to Lenovo?  I chased links around the web site but couldn't find a place.

• Why do i have a problem with accessing images in adobe muse

  why do i have a problem with accessing images in adobe muse ??????!!!!!
  i need heeeeeelp ASAP
  pleeeeease

  I am on the begining stages with constructing the web so i do not have yet URL. The problem is i can not insert any image any way. Whether by fill a browser or by place image, i have the same issue. All the images with all image's format unable to be selected and it is turned off
  I really need help plz
  Is there any info i can supply that would help you figiring out the problem ??

• Can Play iTunes Library from PC on MacBook Air but cannot import, problem with access rights?

  I can play Itunes library from Windows Vista PC on my MacBook Air using homeshare but cannot import the library . Error message is problem with access rights. Latest OS and Itunes installed. Both computers registered with Apple on same Apple ID. Wifi Router turned on and off. Still does not allow importing. Any suggestions please?

  Might be an alternative for you here > iTunes: How to move your music to a new computer

• Just wondering if anyone has a problem with accessing iTunes store. have iTunes installed but can't bring up the store home page?

  Just wondering if anyone has a problem with accessing iTunes store. have iTunes installed but can't bring up the store home page?

  i have the same problem! Safari won't work either. Can anyone help please? I have completely restored my computer trying to fix this and it still won't work! I have a 2 month old alienware laptop running windows 7

• Problem with Acess policy based Provisioning using DBConnecor in OIM 11g R2

  Hi,
  I am doing Access policy based Provisioning using DB Connector 9.1.0.5.0 in OIM 11g r2.
  it is throwing ITResource Instance with key 0 does not exist. but there no option to select it resource in Process form via Acesspolicy.
  in Application instance form there is a form in that it-resource field is available with default value 0. i am trying to update this value it is not updating . at the time of triggering access policy i am getting following error.
  [XELLERATE.SERVER] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JdMSEGQApIGqywYfMG1GU6ud000002,0] [APP: oim#11.1.2.0.0] Class/Method: APIUtils/createApplicationInstance encounter some problems: ITResource Instance with key 0 does not exist.[[
  oracle.iam.provisioning.exception.ITResourceNotFoundException: ITResource Instance with key 0 does not exist.
       at oracle.iam.provisioning.util.ApplicationInstanceUtil.validateITResource(ApplicationInstanceUtil.java:119)
       at oracle.iam.provisioning.impl.ApplicationInstanceServiceImpl.addApplicationInstance(ApplicationInstanceServiceImpl.java:70)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy455.addApplicationInstance(Unknown Source)
       at oracle.iam.provisioning.api.ApplicationInstanceServiceEJB.addApplicationInstancex(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  its urgent requirement.
  Thanks,
  Edited by: 853559 on Oct 12, 2012 2:25 PM

  You can re-visit access policy It will have the Process form where you can provide the access policy and save it. Access policy is already created so you can modify access policy and open the process form select IT Resource and save it.
  Another way to write pre-pop adapter for populating IT Resource on the process form. But I am sure you can provide it resource via access policy.
  ---nayan

• Provisioing with Access Policy

  Hi All
  I have made one Access policy for Full-Time employees.
  I want that if admin creates a user who is Full-Time employee, it shouls automatically get provisioined with AD.
  I have made that Access Policy. But If Admin craetes one user who is Full-Time Employee then provisioing status goes into *"READY"* State.
  It stucks in Resource form.
  And in my resource form only one lookup field is there. And i have put Value already in that lookup.
  Could any one please tell me the solution for this.
  Thanks a lot!

  Hi
  I made access policy Without Approval.
  That extra field i.e. AD SERVER, I have already filled with ADITResource.
  Actually i have made one resource form, i'm giving value of AD Server from there & it is prepopulation in process form.
  But When user gp for provisioning then it stuck in Resource Form not in Process form. It shows status Ready.
  Is it possible to remove that Resource form from access policy, I think it may remove my problem ?
  But i don know how to remove resource form from Access Policy region.
  Please suggest.
  Thanks for these replies.

• Connector problem with access enforcer

  Hi Guys,
  I am facing a really strange problem with my connectors.
  We have a test installation of GRC which was down for about 3 months.
  During this time we migrated our central SLD to another system so I needed to change the connection after getting the system up again.
  Anyhow I still can't modify, test or even create a new connector for access enforcer.
  The only error I get is "Action failed".
  I tried to analyze the logs but found no help there too.
  2007-06-18 20:41:56,833 [SAPEngine_Application_Thread[impl:3]_4] ERROR java.lang.NullPointerException
  java.lang.NullPointerException
       at com.virsa.ae.dao.sqlj.SAPConnectorDAO.iterToDTO(SAPConnectorDAO.sqlj:75)
       at com.virsa.ae.dao.sqlj.SAPConnectorDAO.findByConnectorName(SAPConnectorDAO.sqlj:15)
       at com.virsa.ae.configuration.bo.ConnectorsBO.findSAPConnectorDetails(ConnectorsBO.java:76)
       at com.virsa.ae.configuration.actions.ManageConnectorsAction.testConnection(ManageConnectorsAction.java:163)
       at com.virsa.ae.configuration.actions.ManageConnectorsAction.execute(ManageConnectorsAction.java:66)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:229)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:412)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code))
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code))
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code))
       at java.security.AccessController.doPrivileged1(Native Method)
       at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code))
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code))
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code))
  Did anybody here face a problem like that?
  Kind regards,
  Bastian
  Message was edited by:
          Bastian Schneider
  Message was edited by:
          Bastian Schneider

  I had a simular problem with CC and I had to contact SAP. They gave me a script to run against the database that remove the connector. The problem seemed somewhat common for CC 5.1. Not sure if this applies to AE.

• Problem with Assigning Policy button in Outlook 2010 and Exchange 2010

  First of all, I'm posting here because I'm not sure how to post in the previous version of Exchange forums.
  Secondly, I'm re-posting this from the Outlook forums as I'm not getting any responses there despite of views.
  Hi,
  I'm having an issue in Outlook 2010 where I can't assign personal policies to folders. I have setup personal tags and added the mailbox to the right policy. I have also ran Start-MangedFolderAssistant in Exchange 2010 Shell against the mailboxes.
  When I go into OWA, everything shows up perfectly, I can right-click and assign policies at will, but when I open Outlook 2010 then the Assign Policy button never appears. I force added it to the ribbon and I can see from there that the button stays grayed
  out irregardless of where I click in the folder structure. I have even assigned the mailbox user Owner rights to all the folders to see if it will  make a difference.
  If anyone can help me solve this problem I will very grateful, I'm pulling my hair out here and I'm certain I could just be missing something very obvious somewhere,
  It might be worth mentioning that the company has been using .prf files to configure Outlook thus far, I'm
  looking to eliminate that. I'm not sure if that will have any effect on my current problem.
  Thanks for your time.
  Nico

  Thanks for the reply Max, that's a pretty good link.
  Like is I said though, I have the policies all set up in the Exchange configuration side of things, when I use OWA all the options for applying tags appear. It's just in Outlook 2010 Standard that the Assign Policy button stays grayed out.
  Thanks.
  EDIT:
  This has been solved, looks like version problem with Outlook.
  http://office.microsoft.com/en-us/outlook-help/license-requirements-for-personal-archive-and-retention-policies-HA102576659.aspx

• [Solved][Hal and Partitions] Newbie problem with hal policy

  Hello everybody,
  As a new user of archlinux for less than a week I have experienced a great distribution after having been for 1 year on Linux.
  After installation I was able to solve most of my problems with the wiki and the forums but there is one problem I cannot resolve.
  I have installed Kde 4.2 on my computer and I can mount Usb drives, or CDs with hal (It is in the daemons section of my rc.conf) but strangely I cannot access my other partitions such as my Ubuntu partition (ext3), or the family's Windows partition (Nfts). I have installed nfts-3g for the nfts partition hal refuses to let me access it, I will give you what Dolphin says when I try to access the Nfts:
  org.freedesktop.Hal.Device.PermissionDeniedByPolicy: hal-storage-mount-fixed-extra-options no <-- (actions,result)
  And for the ext3
  org.freedesktop.Hal.Device.PermissionDeniedByPolicy: hal-storage-mount-fixedauth_admin_keep_always <-- (actions,result)
  I don't really understand what It means but normally I am allowed to mount partitions.
  My /etc/PolycyKit/PolicyKit.conf: http://pastebin.com/m57e94025
  And my /etc/dbus-1/system.d/hal.conf: http://pastebin.com/m62861179
  I've already tried to configure these two with the wiki and the forums but nothing yet.
  If you need more information ask me.
  Thanks in advance.
  Last edited by auratux (2009-02-23 21:24:29)

  You might want to reread the Hal wiki re: Permission Denied with automounter.  Your /etc/PolicyKit/PolicyKit.conf seems to be missing the lines mentioned in the wiki.
  Edit: Or maybe it is similair to: http://bbs.archlinux.org/viewtopic.php?id=66008
  Last edited by bgc1954 (2009-02-22 14:07:10)