Provisioning of Groups in CUP

Hi
I am trying to  use default roles funtionality  in CUP and I have mapped Groups  for my Portal system.
but it error's out .
did anyone
1. try provsioing Groups via CUP
2.did any one use Default role fucntionality to pick groups up for certian requests etc?
Best Regards
Gerry

We tried provisioning portal groups and was able to provision, but not to delete.  We have since reverted to a manual process because there were too many issues.   You should be able to find my posts here with a search.
thanks,
Peggy

Similar Messages

  • Provisioning EP roles and user groups through CUP

    Hello experts,
    I am configuring EP provisioning through CUP.
    I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
    My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
    Error processing your request, Request no: 4 in stage : NEW_AS11.
    In the log it shows,  Field Mapping is not set for Application  (EP)
    But when I go to field mapping, I get this error for EP.
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    I could not find much documentation on fieldmapping.
    Are there any steps that I am missing for EP provisioning?
    Thanks in advance..
    Kee

    Thanks for your response.
    I have set up the parameters while setting up the EP connector in CUP.
    My role search URI is correct  but I am not sure about the last three parameters...
    ASSIGN_GROUPS:OC sapgroup
    ASSIGN_ROLES:OC saprole
    CHANGE_USER:OC sapuser
    CREATE_USER:OC sapuser
    CREATE_USER:password password
    DELETE_USER:OC sapuser
    LOCK_USER:OC sapuser
    LOCK_USER:islocked true
    RESET_PASSWORD:OC sapuser
    RESET_PASSWORD:password password
    ROLESEARCH_URI -  http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
    ROLESEARCH_URI_USERNAME -  same user Id I provided for the connector
    ROLESEARCH_URI_PASSWORD See your system administrator for the value.
    UNLOCK_USER:OC Sapuser
    UNLOCK_USER:islocked false
    ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un:   ??? What  is the role data source?? Is the value that is  provided is correct for the UME roles
    SCHEMA_ID SAPprincipals   ?? What does this Schema Id mean???
    USER_DATA_SOURCE  ????  Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
    So when I go to field mapping to create one for EP, I get the following error:
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    Log Details:
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
    com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
         at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
         at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
         at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
         ... 31 more
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         ... 22 more
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
    Appreciate your response.
    Thanks
    Kee

  • Provision a group

    Hi,
    How to provision a resource with process information using a java program?
    Resource does not have a resource form.
    Thanks

    To directly provision a group in OID you need to use following oim api's
    1. Get the factory instance
    tcUtilityFactory oimUtilityFactory =new tcUtilityFactory(env, moSig);
    1. Get the organization key
    tcOrganizationOperationsIntf orgOpInterface =(tcOrganizationOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcOrganizationOperationsIntf");
    HashMap orgReq = new HashMap();
    orgReq.put("Organizations.Organization Name", "Name of the Organization");
    tcResultSet tcResultDetails = orgOpInterface.findOrganizations(orgReq);
    organizationKey = tcResultDetails.getLongValue("Organizations.Key" );
    2. Get the Resource object key
    tcObjectOperationsIntf oimObjectInterface == (tcObjectOperationsIntf)oimUtilityFactory.getUtility("Thor.API.Operations.tcObjectOperationsIntf");
    long [] arr = new long[1];
    arr[0] = organizationKey;
    tcResultDetails = oimObjectInterface.findProvisionableObjectsForOrganizations(arr);
    long provisionObjectKey = -1;
    +//Get the key of the resource object to be provisioned+
    for (int i=0; i<tcResultDetails.getRowCount(); i+){+
    tcResultDetails.goToRow(i);
    if("OID Group".equalsIgnoreCase(tcResultDetails.getStringValue("Objects.Name")))
    +{+
    provisionObjectKey = tcResultDetails.getLongValue("Objects.Key");
    break;
    +}+
    +}+
    3. Provision the resource
    long objectInstanceKey = orgOpInterface.provisionObject(organizationKey,provisionObjectKey);
    4. Get the process instance key
    tcResultDetails = orgOpInterface.getObjects(organizationKey);
    long processInstanceKey = -1;
    for (int i=0; i<tcResultDetails.getRowCount(); i+){+
    tcResultDetails.goToRow(i);
    if(objectInstanceKey == tcResultDetails.getLongValue("Organization-Object Instance-Process Instance.Key"))
    +{+
    processInstanceKey = tcResultDetails.getLongValue("Process Instance.Key");
    +}+
    +}+
    5. Set the process form
    tcFormInstanceOperationsIntf oimFormUtility =(tcFormInstanceOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcFormInstanceOperationsIntf");
    HashMap groupDetails = new HashMap();
    +//fill up hashmap with all the required values from process form of OID group+
    oimFormUtility.setProcessFormData(processInstanceKey,groupDetails );
    Hope this helps,
    Sagar

  • Auto provision different groups in oim 11g

    Hi,
    While provisioning a user to AD, I need to add few different different groups based on the user's dept code.
    We have around 250 dept codes and I dont want to create 250 access policies to provision different groups based on the dept code.
    Is there any other way to resovle my issue?
    I am using OIM11g. Please let me know.

    Adding more to Bikash Reply...
    Create a Lookup with codekey as Dept Code and Decode as Groups like
    Dept1->Group1
    Dept1->Group2
    Dept1->Group3
    Write a code which retrieves the groups for corresponding dept code from the lookp, and in the same code call addProcessFormChildData(under tcFormInstanceOperationsIntf) for each group retrieved from lookup. Attach this adpater to new process task and call this task on success of create user task.
    Reference:
    JavaTask to be called after AD User provisioning succeeds
    HTH

  • Auto Provisioning backend and appropriate portal group in CUP

    Hi gurus
    Can we autoprovision backend roles and the appropriate pcd group in GRC. I have a task that should do the following
    1. User creates a request in CUP for backend R/3 or ECC role
    2. The approver approves the request
    3. User gets the backend role and the appropriate portal pcd group by autoprovisioning.
    I have done portal provisioning in the past where in user has to select the portal role he wants. But in this case he has to select the backend role and CUP should automatically provision the portal pcd group to him/her. How do we do this? I know we have to map the backend roles to the Portal PCD groups but at what stage?
    The user id in this case is same as LDAP, CUP, Portal and backend system.
    Any document in this regard?

    Hi Frank
    Sorry to ask but how to map roles. When I click Role Mapping I see
    System, Role selected by user
    Buttons - Add main role, delete main role
    Then next screen is again System, Role/Group name etc
    I am guessing in the first instance system we have to select the R/3 system? and role is the R/3 name then click Add main role?
    In the next page we have to select the Portal system and then the role/group name of the portal?
    Correct me if I am wrong

  • OIM-OID Provisioning - OID Group PrePopulate Approach :

    Hi,
    I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
    I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
    I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
    1) Created an Entity Adapter with a variable : say Org and GroupName.
    2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
    3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
    4) Mapped the Adapter variable as :
    a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
    b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
    However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
    Is my approach right ? Am I missing something ?

    Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
    1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
    2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
    3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
    Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
    -Kevin

  • Veryfying if E-mail Noti.sent to user after provisioning a req. in CUP

    Hi,
    Is there any way from where i can see the e-mail log of a particlar CUP request which has got provisioned in the system.
    I checked that e-mail address of requestor and user is properly mentioned in the request form,stage is also configued as required,e-mail reminder is also ok, but some users are still saying that they didn't recieved any e-mail notification of username and password.They say nothing is in junk folder too.I just want to check excatly what is happening.
    Thanks,
    Mukesh

    Thanks Satish for telling me the table..
    the points you mentioned, i have already check..
    Users & Requests following to other workflows are getting provisioned and getting the Password Provisioningmails.
    In troubled workflow also others mails for e.g. submission,waiting approval,approved are going but only  Password Provisioning are not getting recieved.
    I also checked from the above table, and found except  Password Provisioning mail all other notifications entry are present.
    Any idea.i am working on SP12
    Rgds,
    Mukesh

  • Is it Possible to Create a Role Owner Group in CUP

    Currently has a workflow that has each role owner to approve a role request.  Would like to create to have two differenct role owners to have to  approve the same role but with these to role owners want to have one of the role owners to have two people were only one of them has to approve.  Can this be done in CUP?  Hope it makes sense,.  Thanks.
    Laura Kacal

    Hi Laura,
    I think now I understand your challenge, correct me if i'm wrong.
    one role, 2 approvers (A, B), both need to approve, but:
    Approver A = single user
    Approver B = group of users
    not possible. you can only setup the approval to be all need to approve or at least one.
    I would recommend a 2 stage workflow. 1st stage single user approval, 2st stage group approval (CAD).
    good luck.
    N

  • SAP IDM 8.0 Provisioning of group privilege assignments

    Hi,
    I set up Active Directory as a target system. I imported the new packages for Eclipse and did the initial load for AD (System privileges were created).
    When I assign the PRIV:AD:ONLY privilege to an identity, the identity gets provisioned to AD.
    When I assign the PRIV:AD:ONLY privilege to a group, the group gets provisioned to AD.
    So far so good.
    But when I assign the group to the identity I get the error in the execution log:
    Cannot obtain mskey for group privilege PRIV:GROUP:AD:CN\=MY AD GROUP\,CN\=GROUPS\, DC\=DUMMY\, DC\=COM
    The CN represents my CN in the Active Directory, but, I have no PRIV:GROUP:AD privilege?
    so I can not provision group assignments to AD and I used only the default packages with no modifications.
    And an additional question, when does the RDS for 8.0 comes out?
    Are there some predefined approval processes like in 7.2?
    Thanks, Patrick

    Hi Jai,
    Ahhhh
    Thank you! you pointed me in the right direction, I disabled a few actions in the initial load job, including "WriteGroupPrivileges".
    I had to disable the following Attributes: MX_INHERIT, MX_GROUP_INHERITANCE
    I got the following error:
    Value not legal for this attribute:Attribute: MX_GROUP_INHERITANCE" when storing attribute 'MX_GROUP_INHERITANCE=ONE'
    Thanks for the fast help!
    Patrick
    Edit: Do I need for every Group in IDM a privilege for the target system?

  • OIM provisioning of groups to AD

    Hi,
    Can any one tell me how can i provision groups to AD. when ever the administrator creates a group in Administration Console that group needs to be provisioned to AD.

    Hi,
    The idea is that you set up triggers on the Group forms (under the Data Object Manager). So anytime a group is added to OIM, on Pre-insert (or post-insert), your adapter is called to add the group to AD. Same with pre-delete,post-delete. Your adapter will have to be coded to do the AD part. AD information will have to be hard-coded because at the time of the trigger, you only have the information that is on the group form available to you.. no other information.
    Cheers,
    Deborah

  • Provisioning of groups to AD using AD connector

    I want to provision groups from OIM to AD. I came to know from the AD connector guide that we can provision groups to AD.
    My problem is i found that connector provisions only the following attributes to AD (Group Name, Organization Name, objectGUID, Group Type, Group Display Name).
    I want to provision other attributes also like Group Scope to AD apart from the one provided above by the connector. How can i achieve this??

    I want to provision groups from OIM to AD. I came to know from the AD connector guide that we can provision groups to AD.
    My problem is i found that connector provisions only the following attributes to AD (Group Name, Organization Name, objectGUID, Group Type, Group Display Name).
    I want to provision other attributes also like Group Scope to AD apart from the one provided above by the connector. How can i achieve this??

  • How to force newly provisioned security groups into Planning

    I just provisioned 3 new security groups in Shared Services (9.2.0.2). 15 minutes later our Planning Admin says that she still cannot see these new groups within her Planning app (9.2.0.2.0). Is there any way for me to force these new groups into Planning so that she can apply her security to them within the Planning app?

    Hi,
    Did you tried out Jake's suggestion?
    Other tests are log in as a user that belongs to the group to see if that updates the tables.
    Or run the provisionusers utility for a user that belongs to the group.
    Or the the updateusers utility which syncs ups users/groups with shared services.
    I cant remember which utility is the best to use in this instance.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • OIM - Provisioning in Groups

    Hi,
    How can we provision from OIM to OID in "cn=Groups" node.
    "cn=Groups" is using out of the box "GorupOfUniqueNames" class.
    Please suggest.
    Thanks.
    Edited by: ASA on 28/07/2010 20:47

    The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
    Check below
    http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
    4.6 Configuring the Connector for User-Defined Object Classes

  • Error encountered during provisioning of user to SAP CUP in OIM 11g R1 BP07

    We recently updated our environment from 11.1.1.5 BP05 to 11.1.1.5 BP07.
    We are facing an issue with provisioning users to SAP CUP system. We receive an error specifying :
    Response: oracle.iam.connectors.sap.cup.ws.submitreq.ObjectFactory
    Response Description: Unknown response received
    However, we are unable to find any errors related in the log file. The SAP UM connector version is 9.1.2.5. Please let us know the cause of this issue.

    1. Login to Design Console and open your GTC provisioning process definition , then Add a new task called "Notify Email".
    2. Check Required for Completion, Allow Cancel and optionally Disable Manual Insert.
    3. In the Integration tab, add tcCompleteTask
    4. In the assignment tab, add an entry with the Default rule, target type of User, and for the User field pick an existing user with a valid email address in their User Profile.
    5. In the Notification tab add an entry and check Assignee, (You can select User, Manager etc ) have the Status field set to C and for the Email field pick a Provisioning type of Notification Template that you have already created.
    N.B: 7. Make sure the IT Resource and email configuration properly otherwise you will not get the mail.
    Thanks
    Tamim Khan

  • Not able provision a new native group in shared services

    Hi,
    I am trying to add a new native group in shared services and trying to provision the group. But I am getting the following error:
    90:7019:Failed to process the request
    Is there any solution for it. Can anyone suggest me how to proceed further.
    Thanks,
    Hima

    Can determine if the provisioning is failing for a particular application? Try to pick something confined to shared services like "application creator" in shared services and see if you can provision just that role. This will tell you if it is an issue with metadata from a product outside of shared services.
    Do you have any applications with the same name or registered more than once in your application groups in shared services?
    If it fails for everything you try have you restarted shared services and checked your jvm heap settings?
    Also, in the logs Shared Services directory there are many log files , can you check them for any related error messages?
    Thanks
    Nick

Maybe you are looking for

  • HP Slate 5000 and SP1

    Could not load SP1 on my HP Slate 500 with Windows 8. I talked to support and they recommended a manual load instead of using Windows Update on the Microsoft site. The manual load worked.  Reference support case[Personal Information Removed]?

  • Serial number tracking

    Dear experts, in one my scenario, i need the serial numbers mapping. my clients quality completly based on the calibration of the gauges. N number of types of gauges and instruments are used in their business. each types of N number gauges and instru

  • Is there a way to do the Alpha Inverted tool on more than 1 layer?

    I'm trying to make a object appear behind me and need to have 3 layers done like that. Or is there a way to take one layer and cut the time line into parts instead of just editing it? Like having one layers time line cut into 3 different parts?

  • Ical..... Sort items by due date

    I always like to see my tasks deadlines. so I always like to sort the items by due date in the list the "To Do Items". My point is when I updated something I always need to click the option and sort items by due date again. Can I do that action with

  • 3.1EA1 bug: Exporting 300K records to a .xls or .xlsx file

    Hello: Exporting a large query result (300K records) into a .xls or .xlsx file will cause SQL Developer to hang. On some occurences, SQL Developer will not hang, but the file created is empty. Thanks, Adrian