Search Users by Group(Role) Name
In OIM 9g, I can search users by group name like below:
searchFor.put("Groups.Group Name", "my group");
tcResultSet users = userOp.findUsers(searchFor);
But it does not work in 11g, change "Groups.Group Name" to ""Groups.Role Name", don't work neither.
Does anyone know how to search users by Role name in 11g?
Use RoleManager Class and the following API
criteria = new SearchCriteria(RoleManagerConstants.ROLE_NAME, "*", SearchCriteria.Operator.EQUAL);
roles = roleManager.search(criteria, attrNames, mapParams);http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e17334/oracle/iam/identity/rolemgmt/api/RoleManager.html#getRoleMembers_java_lang_String__boolean_
HTH,
BB
Similar Messages
-
I am seeing something odd with one of my RBA settings. Keep in mind I am seeing this as a 'Full Administrator'.
I created a new test Security scope, Security Role, created a test Active Directory group and then entered that AD group as a new account name under Security>Administrative users. I added the new Security Role under the Security Roles tab of the
Account name (Administrative users) properties and also added the security scope that I created under the Security Scopes tab. I was able to see all the settings I had created/exported in the RBA viewer and everything with the role worked as desired.
I am now looking to clean that up but I don't seem to be able to. I am starting under Administrative Users>Account name and trying to unlink the Security Roles and Security Scopes that listed in those tabs. However, remove and deletes on this
stuff are all greyed out. If I add another role to the Security Role tab I can then remove that, but I cannot remove this 1 particular one. The result is that I cannot remove the custom Security Scope, Security Role and ultimately the Administrative
user.
Does anyone have any idea why I can't remove the security roles and scopes from the Account Name?I am now looking to clean that up but I don't seem to be able to. I am starting under Administrative Users>Account name and trying to unlink the Security Roles and Security Scopes that listed in those
tabs. However, remove and deletes on this stuff are all greyed out. If I add another role to the Security Role tab I can then remove that, but I cannot remove this 1 particular one. The result is that I cannot remove the custom Security Scope,
Security Role and ultimately the Administrative user.
Does anyone have any idea why I can't remove the security roles and scopes from the Account Name?
I'm able to "delete" one admin user or group (account name) from Administrative users node (\Administration\Overview\Security\Accounts). I tried with custom security role/scope etc....even the same user was part of \Administration\Overview\Security\Accounts.
It seems something wrong with your FULL admin account ? Do you've any other FULL Admin account? If so, can you try with that account?
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM -
Tables for Role Name created through Tcode pfcg
User would Input Role Name and to that what users are attach and what value they are authorized to u2026?? Is there function module to this..
Hi,
Use this table AGR_USERS Assignment of roles to users
or try this FMs
CNV_GET_USER_ROLE
ROLE_ANALYSE_FOR_USER
Regards,
Jyothi CH. -
Hello,
I have a big problem with Reporting Services 2005 working on Windows 2003 Server.
RS work as Network service, on subdomain reporting.mydomain with SSL wildcard certificate *.mydomain,
Anonymous access: disabled and basic authentication: enabled
ReportManager and reportServer has defualt virtual folders (/reporting, /reportserver)
My problem is:
1) I can't manage security roles and site settings with report maanger. when I try assign roles to new user or group I get followng error:
"The user or group name 'BUILTIN\Administrators' is not recognized. (rsUnknownUserName) Get Online Help"
when i try to execute reports in report manager, parameters controls are not displayed correctly (very simple text boxes) and I can see:
The selected report is not ready for viewing. The report is still being rendered or a report snapshot is not available. (rsReportNotReady)
and I can't see my report in browser (IE 6.0) but only export to PDF, Excel...
other functionality are working fine i.e upload new files, creatign folders....
2) Also my reportserver virtual folder does not work correctly.
When I navigate to mydomain/reportserver I can see content of this virtual folder, than when I navigate to ReportService.soap i can see normal ReportServer view
reporting.mydomain - /Reportserver/
[To Parent Directory]
Montag, 10. April 2006 16:31 <dir> bin
Dienstag, 6. September 2005 01:12 488278 Catalog.sql
Dienstag, 6. September 2005 01:12 14738 CatalogTempDB.sql
Freitag, 21. April 2006 19:45 10555 Copy of rsreportserver.config
Freitag, 14. April 2006 17:29 76 global.asax
Freitag, 15. Juli 2005 01:12 26582 ModelGenerationRules.smgl
Montag, 10. April 2006 16:31 <dir> Pages
Montag, 10. April 2006 16:31 <dir> ReportBuilder
Montag, 13. Juni 2005 14:07 143 ReportExecution2005.asmx
Montag, 13. Juni 2005 14:06 196337 ReportingServices.wsdl
Montag, 13. Juni 2005 14:07 131 ReportService.asmx
Montag, 13. Juni 2005 14:07 131 ReportService.soap
Montag, 13. Juni 2005 14:07 139 ReportService2005.asmx
Dienstag, 13. Juni 2006 20:01 10580 rsreportserver.config
Montag, 13. Juni 2005 14:07 11845 rssrvpolicy.config
Montag, 10. April 2006 16:31 <dir> Styles
Freitag, 17. Juni 2005 01:09 2673 web.config
but me reports are not displayed correctly, I can run reports but top bar with parameters, export and print function are not displayed in correct format.
(simple textboxes, and icons)
reporting.mydomain/ReportServer - /
Microsoft SQL Server Reporting Services Version 9.00.1399.00
I think it is security issue. What schould i do to solve this problems?
WojtekHi Wojtek
I just wanted to know if you found a solution for part (1). I just recently encountered the problem where:
"when i try to execute reports in report manager, parameters controls are not displayed correctly (very simple text boxes) and I can see:
The selected report is not ready for viewing. The report is still being rendered or a report snapshot is not available. (rsReportNotReady) "
However all my reports are run from the most recent data. The rsReportNotReady message appears in Report Manager but not the Report Server interface; the latter is able to render the reports. But both have incorrectly displayed textbox inputs.
Thanks
nemo -
Assigning Roles to Users and Groups
Hi,
We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
it is an urgent assignment for me..help can be appreciated...
sudhirSudhir,
You can assign the roles to users and groups as below.
1. Select the System Administration in the top level navigtion
2. Select user administration
3. You can search for a specific user or a group from this iView.
4. Use the edit button to edit the profie of the user or group.
5. Search for the role in the search iView.
6. Add the role to the user of group and save. -
User and group names truncated with ls
Hello,
When using the 'ls -l' command the resulting list truncates user and group names that are longer than 8 characters.
Is this a know issue?
I'm running Mac OS 10.4.10.
Thanks,
AnthonyJun T. wrote:
If a program like "ls" wants to know the username corresponding to the uid, it must call a library function of the operating system. But there are two library functions, one gives the correct username and the other truncates the username.
The basic library function is getpwuid(3) which returns the correct username.
Hello Jun,
I ran a search using Xfind (Rixstep) on /bin for 'userfromuid' and /bin/ls was listed as I might of expected.
Also, /bin/ls was also listed when 'getpwuid' was used as a search Key.
Peeking further into /bin/ls further with Xstrings (which is Rickstep's "adaptation" of the "strings' tool" ) reveals the string '_ getpwuid'.
Does this mean that at some point the 'ls' command can call the getpwuid() directly under some circumstances rather than going through userfromuid() which relies on the cache you mentioned?
The problem is the size of the table; userfromuid() allocates only 8
characters for each username (the number 8 comes from UT_NAMESIZE in /
usr/include/utmp.h), and truncates the username if it is longer. This
may be "fixed" in a future version; or it may not be "fixed" to keep
backward compatibility. I'm not sure.
I've heard that utmpx.h has 'UTXUSERSIZE' which is defined as 32. Does not that allow for user and group names larger than 8 characters?
By the way, I can't find the directory usr/include/utmp.h on my drive.
Is there a way to reset or redefine this 'UT_NAMESIZE' field to more than 8 characters wherever the userfromuid() function stores it?
The commands "users", "who", and "w" read the file /var/run/utmp, in
which truncatd usernames of the currently logged-in users are saved.
Does some command initially call the function as 'ls', userfromuid(), to result in truncated names being saved in file /var/run/utmp as well?
I think there are many programs which depend on this fixed-width utmp
file, so it may not be "fixed" in a future version. "
I believe there are third party tools which rely on the userfromuid() call which require this bug to be fixed in order to display accurate user and group name data.
Thanks for your informative reply,
Anthony -
Propagating users/Groups/Roles into partner application
I am very newbee to portal development. I have a following need.
I want to use Single SingOn feature of Portal. Once the user logged in to the portal via SSo, there may be several applications(within the portal) to which S/He may have access to. Based on who S/He is, may have different level of authorization to what S/He can do into different applications within the portal. How I can make use of user entered for Single Signon, propagate to the application level inside the portal.
My understanding so far with the portal is that you can develop a portal which has web clipping portlets, external/internal applications, items etc. When we create the users and groups and assign roles to the users, it is limited to the portal front page that we publish to public.
My problem is further down, into different applications which I expose with the help of portlet or by any other means. And have control over in that particular application(individual), which portion of the application users should be able to see or take any action.
Your help is highly appreciated.Any one has a clue?
-
How to search users in Outlook Using Last Name and First Name
During recent times we change the naming convention in AD, FirstName , LastName
We can search users using More Columns but I would like to know alternate method to search users. The search result should sort results by last name as query
Regards Chen V [MCTS SharePoint 2010]Hi Chen,
Based on my knowledge, there is no related method to enforce all users using More Columns as the default search option in Outlook Address Book. We can just change the search option for individual Outlook user by remembering the last search using as I mentioned
above.
Sorry for any inconvenience and thanks for your understanding.
Regards,
Winnie Liang
TechNet Community Support -
Display default Group space for users in a Role upon login
Is it possible to configure the role/group space so that the users in that role will see the group space as default page after logging into webcenter.
Scenario:
Group Space : G_SPACE1
Role: W_ROLE1
Uers with W_ROLE1: user1, user2, etc
Requirement:
Whenever users with role W_ROLE1 login to webcenter(http://..../webcenter ),
they should see the group space G_SPACE1.
Note: I am aware that we can access the group space directly with url as http://...../webcenter/spaces/G_SPACE1.
Thanks-
SachinHi,
Not as far as I know. This is something I had a requirement to do but couldn't find a way.
Although PS3 added support to configure the landing page/space for a user, it wasn't a very useful addition in my opinion. It only allows the admin to hard-code a single Space as the default for all users and doesn't work with ELs either. -
<p><br>i am using shared services system 9.2<br>i have 200 users in a group. i am wondering whether there is a wayto search for a particular user<br>in a group, as we do search in native user directory/NT userdirectory.<br><br>thanks and regards<br><br>--------------<br>[email protected]</p>
<p>Yes, we can search for a user in a perticular group in SS.</p><p>First search for appropriate group, double click on th group andthat will open a new window.</p><p>Which has 3 tabs. go to last tab for searching a perticularuser. Just type starting 2-3 letter and a star it will bring youthe user in that group</p><p> </p><p>Eg: pra*</p><p> </p><p>HTH</p><p>Jagan</p><p> </p>
-
The user or group name is not recognized. (rsUnknownUserName)
SQL 2008 R2 Reporting Services
When trying to add a group from Active Directory onto the reporting services security we get the following error
The user or group name 'groupname' is not recognized. (rsUnknownUserName)
We are able to add users from Active Directory this only fails on group.
Jason SpencerHi Jason,
The error “The user or group name<name> is not recognized (rsUnknowUserName)” means the Report Server cannot find the user from domain or local users or groups of Report Server. Reporting Services stored users with users’ SID. After we tyoe a username
in the username textbox, the Reporting Services will user the method “LookupAccountName” in Window API to get the users’ SID. If the API cannot get the SID of the user, Reporting Services will throw the expression “rsUnknowUserName”.
Here has some threads that similar to yours, and there have solved the issue, you can try the solutions, for more information, please see:
http://social.technet.microsoft.com/Forums/en/operationsmanagerreporting/thread/64ac1fa7-4535-4369-9bf6-1323e00be543
http://social.msdn.microsoft.com/forums/en-US/sqlreportingservices/thread/fbc2728e-425a-4666-9810-1300b7881ee6/
Hope this helps.
Regards,
Charlie Liao
Charlie Liao
TechNet Community Support -
Dear All,
I am using MSSQL SSRS 2008.
All the reports run properly when viewed via a web browser. However for subscription, I am having a strange
experience.
The subscription having intermitten failure. I need to execute multiple times to get it work.
Following is the exception I am getting:-
Failure sending mail: The user or group name 'xxxxx' is not recognized.Mail will not be resent.
Failure writing file DailyPolicyExportCDN_ST@timestamp : The user or group name 'xxxxx' is not recognized.
Following is the exception I retrieve from log files.
webserver!ReportServer_0-2!1b0c!07/31/2014-05:25:09:: e ERROR: Reporting Services error Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerHttpRuntimeClientDisconnectionException: A client has disconnected from the Report Server Web service application
domain ReportServer_MSSQLSERVER_0-2-130512716074991980. No corrective action is required. An error code has been submitted to ASP.NET to release the connection. The error code is 800708CA. ---> System.Runtime.InteropServices.COMException: This network connection
does not exist. (Exception from HRESULT: 0x800708CA)
Any idea what went wrong?
Thanks in advanceHi NeoCK,
According to your description, you can access your report successfully, but it fail to send e-mail subscription. Right?
In this scenario, since you can access the report successfully, so this user has permission on report server. Please go to E-mail setting in your Reporting Services Configuration Manager, check if the current user has permission on that SMTP server.
If this is still not working, please recreate the subscription and try again.
Reference:
SUBSCRIPTION
ERRORs : Failure sending mail: The user or group name 'CB_OFFICE\XXXX' is not recognized.
The user or group name 'MYDOMAIN\myuser'
is not recognized
SSRS
2008: Failure writing file ... The user or group name 'domain\user' is not recognized
If you have any question, please feel free to ask.
Best Regards,
Simon Hou -
The user or group name is not recognized. (rsUnknownUserName) error
Hi All
i have create a group name Finance using these steps.
my computer rightclick -> manage->create group -> add user
now i add this in reportmanager ->sitesetting -> domainname\Finance.
but getting an error..
"The user or group name 'domainname\Finance' is not recognized. (rsUnknownUserName) "
I also tried to give permission to user those in active directory but getting the same error.
Kindly HelpWhat permission did you give to that account in the Report Manager?
Best Regards,Uri Dimant SQL Server MVP,http://sqlblog.com/blogs/uri_dimant/
Blog : MS SQL Development and Optimization
Blog : Large
scale of database and cleansing -
Error 15401: Windows NT user or group not found. Check the name again
when adding a windows login on SQL SERVER 2008 R2 below error is throwing
Windows NT user or group 'domain\user' not found. Check the name again.
I have gone through the link
http://support.microsoft.com/kb/324321/en-us &
http://support.microsoft.com/kb/2770837
collation setting of the instance is not case sensitive.Hi DevXYZ,
Have you checked the other possible reasons for this issue?
The login does not exist
Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access
to the SQL Server.
Verify that you are spelling the domain and login name correctly and that you are using the following format:
Domain\User
If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Duplicate security identifiers
In a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has
the same SID as an existing SQL Server login, the 15401 error occurs.
Authentication failure
You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
Verify that the domain controller of the login is accessible by using the
ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
After you tried all the possible methods list above, you still receive the same error, please check the error log as Dean Savović mentioned above and share us the detailed error message here
as we can analysis further.
Thanks
Candy Zhou -
Could we have same name's for User and Groups in Active directory
When iam trying to create a user name " Logistics " under a OU, I am getting a error
"The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose aother pre-windows logon name, and then try again"
We already have a group by the name " Logistics "
Could we have same name's for User and Groups in Active directory?
Thanks in AdvancesAMaccountName attribute is unique. So, the short answer is you cannot.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Maybe you are looking for
-
My ipod has timed out what do i do?
Everytime i put my ipod on my charger to connect on the computer it doesn't do anything and keeps saying the device has timed out. Wht do i do
-
Scripting for database connection
I am wondering if it is possible to create a new panel (like the folders panel). The reason I ask is that, at work we use bridge to process all of our images, but use a database to store them all. The database uses a tree structure that I want to see
-
Hii all, I just bought an used iphone 5c from an user and only after a few weeks realised that it got activation locked. He might be unaware of that. Is it possible to get back to him and unlock the device for me as i have not contacts with him prese
-
I have one menu button in my Muse design that will not work. Have tried to delete and recreate several times. It is a manual button linked to a subpage. Any ideas?
-
Hi, Sometimes I'm asked to help friends and family with stuff on their computers. It would be handy if I could help them remotely but I've yet to find a way to screen share between a mac and windows machine over the internet. Is it possible?