Un-assign Admin Roles

Similar Messages

• Don't want to assign Admin role to form with business rule

  Hello,
  I have a business rule assigned to a form in EPMA mode. Currently, I have to assign Admin role to the users in order for them to see the name of rule display on the left side of the panel when the form is opened. How can I have the name of rule display for users without having to assign them as Admin role in EPMA mode?
  FYI .. This same form with attached rule was displaying just fine for these users as I assigned them as regular user (not admin role) under a specific user group folder for Classic mode. These users can change data, click save button, and then the rule would run on save.
  Thank you so much for sharing.

  John .. Thank you so much for your previous reply.
  Here is additional information. I hope it provides a clearer understanding on this issue.
  1) To answer your question - Yes, I used Calc Manager to create the business rule named xyz.
  2) The Shared Services version that I used to provision a test user is 11.1.1.3.24.
  3) Here are the steps that I did for testing:
  step a) in Shared Services - I created a test user named: cashtest (Native status)
  step b) in Shared Services - I provisioned user "cashtest" with the following roles for these categories
  Business Rules -> Server 123 -> Interactive User
  Essbase: Server abc:1 -> Server Access
  Foundation -> Shared Services -> Calculation Manager Administrator -> Planning Calculation Manager Administrator
  Planning -> Forecast -> Administrator
  As you can see under the Planning category for application "Forecast", I had to provision for user "cashtest" as "Administrator" in order
  for user "cashtest" to see the business rule named "xyz" displayed on the left panel when a form was opened.
  Prior to this "administrator" provisioning, I tried to provision the roles of "interactive user or Planner" to user "cashtest" but the business
  rule would not display on the left panel when a form was opened.
  I wonder if this is a software bug.
  Thank so much again for your guidance.
  Edited by: CubeQuestion on May 12, 2010 4:09 PM

• Assigning Admin role or any other role to Unity Connection user

  How do I assign a role to a user. I`ve given them the admin role as an example but can not log in . What is the GUI log on details I should use Alisa, Extension etc but no luck. The password I`m also using is the VM PIN I use to listen
  thanks

  Chris,
  I`ve sorted it now, I was looking for as separate ssection for PIN and password , I  didn`t realise that they are under the same heading but separated by the drop down menu - Web and VM application
  thanks for your help

• Assigning admin role with bulk action

  Using IDM 6.0 SP1 on tomcat and oracle db
  Using a csv file, I can update users with an admin role only if there are more than one admin roles (pipe delimited)
  CSV Header Row:
  Command,user,accounts[Lighthouse].adminRoles
  CSV Line One:
  Update,cramert,Administrator - Second Level Help Desk|Administrator - Security Desk|Administrator - Registration Authority
  CSV Line Two:
  Update,morrisom,Administrator - Registration Authority
  The first update with multiple admin roles works - the second does not...
  Thanks,
  Mike K

  Seems we have documentation on this one:
  For a list with one value use:
  |List|Administrator - First Level Help Desk
  For Merging one value to a List:
  |List;Merge|Administrator - First Level Help Desk
  Thanks,
  Mike K

• Help required for linking Organization Admin Roles to User Profile in R2

  Hi,
  We are using OIM 11.1.2.0 (Without any patch).
  Current Requirement:
  We have requirement to provide search capability to end users to search/see users of other Organizations in OIM.
  For example: I belong to Org1: UK, So OOTB OIM just support searching/viewing profile of UK Organization users. I can not search/view user info of Org2: Italy.
  To overcome this issue,Oracle has suggested us to add both the following roles in order to see user information of other organization.
  • User Viewer
  • Organization Viewer
  After just logged in using xelsysadm, I can able to assign Admin Roles of each organization to end users.
  We want some API info/ how to automate this assignment to Admin Roles(Which are available to Organization) to end users?
  We went through the APIs available for OIM 11.1.2.0, but could not find any API related to Admin Roles of OIM.
  Please suggest.
  Regards,
  J

  Hi,
  Has any one implemented this method?
  addAdminRoleMembership(oracle.iam.platform.authopss.vo.AdminRoleMembership membership) Add a admin role membership.
  Regards,
  J

• Generation of assigner list for Admin Role

  Hello!
  How I can dynamicaly generate the list of assigners ( the users, who could assign the role to other users) ?
  I can do it manualy, one by one, but i want create a rule where the list calculates automaticaly.
  And it is impossible to insert Rule into AdminRole object. Could you help me to solve the problem?

  Hi,
  Use FBL3N to go for open line items and give the Baseline date. u can find the all the open item which u can prepare for the payment.
  Regards
  Divya

• In Portal Content admin Role "Portal content" folder is not displaying

  Hi,
        I created a user in EP and assign Only Content admin Role. But in portal content area "Portal content "folder is not displaying.
  Can someone help me the process steps to achieve it?
  Thanks,
  kundan

  It is because the user has no proper permissions  to the porta content folder.
  you should give atleast read permission to the portal content folder to the content_admin role or to the users who have content admin role.
  also make sure the end user check box is checked at the time of giving permissions.
  Otherwise give eevryone group as read permisisons to the portal content folder. then you can see the portal content folder with read permissiosn only.
  Raghu
  Edited by: Raghavendranath Garlapati on Sep 1, 2009 9:32 AM

• Is there any way to create admin role only for one resource.

  Hi all,
  I am trying to create an admin role with 'update user' capability. But I want to restrict the user(with the admin role) to be able to update a user's attribute only for one resource, The user(with the admin role) should not be able to update the attributes of the other resources which a user have.
  Is there any way to create admin role only for one resource?
  I customized the tabbed user form to show only one resource attribute (deleting the missing fields and adding my tab for the resource) and then assigned this new User Form to the user(with the admin role) in security tab.
  It works fine. But the problem is that if any user(with the admin role) is also admin of some other resource then he/she will not be able to view the other resource attributes.
  Please suggest,
  thanks

  The loop function always repeats the same region so of course the fade is also copied. So option+drag the original region to make a (non clone) copy, fade the first region and loop the second one (which you just copied).

• Assigning database roles on SQL Server db

  I am trying to set up a SQL Server adapter (not a database table adapter for SQL tables) to manage role assignment on a database 'test1' on my sql server ( 2000) 'sqlserver1' using IdM 7.1. I am trying to assign role1 to user tuser1 on test1. I am using 'sa' account so permissions should not be an issue.
  Per resource reference document, I mapped:
  userNametest1 <-> userNametest1
  rolestest1 <-> rolestest1
  My login for user 'tuser1' gets created on the SQL server. However the database and role assignment is not happening. I do not get any errors in the IdM admin pages from where I am testing this. Hence I am assuming I am not setting something right in the resource schema. I have tried different ways such as
  userNametest1 <->userName
  rolestest1 <-> roles
  and some more combination but none seem to work. How can i find out what my resource attribute mapping should be? If anyone has done this, can you please share how you got it work?
  Thanks in advance.

  Some more info.
  I have set up the out of the box MS SQL server adapter to connect to MSDE version of SQL server running on my local machine. I used the MSSQLServer Form provided in the samples folder and assigned it to an admin user and turned on the trace.
  I am able to create logins by assigning the resource to a user. Using the admin user I am able to see in the trace that the server Roles are also being retrieved fine. What I am not able to get is assigning a database to the user and then assigning db roles.
  Following the documentation (Resource Reference guide for IdM 7.1) I have created following attributes on the left hand side of schema.
  defaultDB,serverRoles,domain, userNameMyTestDb,rolesMyTestDb.
  No matter what I map the last two attribute I am not able to assign a db and dbroles to a user. I turned on sql profiler and then again used the admin user to view a test user using MSSqlServer form and it appears that the procedure sp_databases is not being called at all. I have decompiled the sql server class file and it appears there might be an issue with the way list of databases is being retrieved.
  Has any one seen this before? If you were able to get it to work, can you please give me information on the resource schema and any other settings you had to make to get it to work?
  Thanks in advance.

• XPRESS code to find all users with a specific Admin Role

  I've been playing around for a while with a way to get a list of all users that have been assigned a particular Admin Role. I have a role for which I want a specific subset of users to be approvers on it, and I want to greate a Rule that will check for people with a particular Admin Role and then return that list as people to be approvers on the role.
  I haven't been able to find an easy way to write this code. Anyone run across this before or have another suggestion???
  Thanks.

  Below is the code to find user based on condition.
  <set name='adminList'>
  <invoke name='getObjectNames' class='com.waveset.ui.FormUtil'>
  <ref>:display.session</ref>
  <s>User</s>
  <map>
  <s>conditions</s>
  <list>
  <new class='com.waveset.object.AttributeCondition'>
  <s>AdminRoles</s>
  <s>contains</s>
  <s>adminRoleName</s>
  </new>
  </list>
  </map>
  </invoke>
  </set>
  Edited by: Jay on Mar 7, 2012 4:03 AM

• Dynamic Admin Role Problems - IDM7.1

  Hi Everyone. I'm having problems getting a dynamic admin role to work correctly. No matter what I do I always get the error at logon that the user controls no organizations and has no capabilities. Here is how the admin role is configured.
  General:
  Type = Identity Objects
  Assigners = blank (I have also tried configurator)
  Organizations = Top
  Scope of Control:
  Controlled Organizations = Top
  None for everything else.
  Capabilities:
  All caps assigned, no cap rule.
  Assign to users:
  Has the rule below assigned to it. If I check a user that is in the AD group mentioned in the rule, it gives me a '1', if I check one that doesn't have the group, a '0'
  Rule:
  <?xml version='1.0' encoding='UTF-8'?>
  <!DOCTYPE Rule PUBLIC 'waveset.dtd' 'waveset.dtd'>
  <!--  MemberObjectGroups="#ID#Top" authType="UserIsAssignedAdminRoleRule" id="#ID#Rule:IAM Admin Admin Role Rule" lastMod="26" lastModifier="Configurator" name="IAM Admin Admin Role Rule"-->
  <Rule authType='UserIsAssignedAdminRoleRule' id='#ID#Rule:IAM Admin Admin Role Rule' name='IAM Admin Admin Role Rule' createDate='1239044336520' lastModifier='Configurator' lastModDate='1248287397906' lastMod='26'>
    <RuleArgument name='context'/>
    <RuleArgument name='runAsUser'/>
    <isTrue>
      <contains>
        <rule name='my_rulelibrary:get_DownCaseList'>
          <argument name='dnlist' value='$(runAsUser.accounts[AD].groups)'/>
        </rule>
        <downcase>
          <rule name='my_Configuration:IAM Admin Group Name'/>
        </downcase>
      </contains>
    </isTrue>
    <MemberObjectGroups>
      <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
    </MemberObjectGroups>
  </Rule>I have also added the item below to the system configuration and reset the app server
  <Attribute name='authz'>
              <Object>
                <Attribute name='checkDynamicallyAssignedAdminRolesAtLoginTo'>
                  <Object>
                    <Attribute name='Administrator Interface'>
                      <Boolean>true</Boolean>
                    </Attribute>
                    <Attribute name='Service Provider User Interface'>
                      <Boolean>false</Boolean>
                    </Attribute>
                    <Attribute name='User Interface'>
                      <Boolean>true</Boolean>
                    </Attribute>
                  </Object>
                </Attribute>
              </Object>
            </Attribute>Any ideas?

  Hi,
  the view handed to these kind of rules is created with the noFetch option set to true. As a result the AD groups of the user are not available during rule evaluation.
  You could solve your task by doing a search using the FormUtil class.
  I would however advise you to only do this in a small or demo environment as the usage of usermember rules does not scale at all. This is a pure sales feature that will quickly bring down a production environment with high CPU utilization and horrible response times. Unlike what one might guess these rules are not only evaluated during login but almost all the time, often multiple times for each click. Even if the rule as such only performs cheap operations the AuthCache class hogs more and more CPU time with each rule of this kind you add to the system.
  Regards,
  Patrick

• Assign biz role through CRM -SU01 and display page at portal

  HI, SDN Fellows.
  I am creating some custom portal roles at portal and mapped it to the custom business roles for some PCUI screens at crmc_blueprint_c --> "Assign Portal Role to Single Role" ("Assignment of CRM Role to Portal Role").
  Currently, our portal UME data source is mapped to CRM system.
  Right now, I have to assign both the CRM Role through SU01(to have access the CRM Object Method at CRM-PCUI application) and Portal Role through User Admin of WAS/portal (to access/display the PCUI iView in the portal).
  My goal is to just assign role through CRM-SU01 and achieve the same output as I described above. Meaning can I just do the role assignment for the CRM role (through SU01) and able to access to the CRM-PCUI application through portal (able to see the pcui screen)?
  Thanks,
  Kent

  What I want is when I assign a role (Sales Manager) said user A in CRM system, userA should able to see the related workset/page/iviews in the portal (without the need to assign the same: Sales Manager role in portal).
  Now, what I have to do is assign the related objects into a single/composite roles in CRM (for backend data access), then I have to assign a portal role (through User Admin of Portal, so that they can see the portal content),
  is that a way we can do it in one step?
  Thanks,
  Kent

• Creating a reports folder that's only visible to the Admin role

  Hi all,
  I want to create a new Shared Custom Analyses folder to contain Admin reports. I need to make this folder only visible to users with the Administator role. But you can't seem to add the Admin role when setting up User Visibility to Shared Report Folders. Help says that it's because the Admin role has visibility to all folders.
  I understand this - but how can you resrict access to a reports folder to just the Admin role (ie. it should not be visible to other roles)??
  Many thanks.

  You will need to assign all the other folders to rest of the roles.This would be the only way so that your required folder access is given only to admin and not to other users.
  -MR

• Delegated Admin roles

  Hello
  I have 5 delegated admin roles assigned to a group.
  How do i get a list of delegated admin roles defined for that group in workshop( not through the admin portal )? Is there any API?
  Also do users of a group inherit the delegated admin roles defined for a group?
  Any help would appreciated.
  Thanks
  Vijay

  com.bea.p13n.security Package may gibve you some clue.
  Also, as a general rule, Roles are 'above' Groups. So if a user is a member of a group (which has a role defined), the user 'gets' that role.
  Thanks,
  Puneet

• Not able to view the 'proxy-to-remote' iView under 'user admin' role

  Hi All,
  I am not able to view the 'proxy-to-remote' iView under 'user admin' role. I need this for Remote role assignment for FBN .
  I am using the portal version EP 7.0.
  Can anybody help me .
  Thanks & Regards,
  Amit Kade

  Hi, Amit
  u have to assign the one iview in User-Admin role
    Goto->Contentadmin-> portal content->content provded by sap->Admin interface->iview template ->select proxy to remote role iview.
  and this iview assign to user admin role the u can able to see.
  if its solve please give me 10 points
  thanks & regards
  chitta