Unlock User - Create a resource

Hi!
I have a bussiness process that need to create a resource with fuction Unlock_User (as the same as unlock user button on Xellerate user form).
It´s possible to create a adapter like this?

Yes.
Unlock user has the big advantage that it is not triggered by an event from a trusted source which means that it makes sense to implement is as an RO.
(I have spent many hours explaining that re enabling users in OIM that has been disabled in the trusted source is not a terrible good idea)
Best regards
/Martin

Similar Messages

  • Any clues on how to create a resource object to push a user object into res

    I am working on a situation where I have to push a user object via a resource object and not having assigned to the user (in other words not linked to the user).
    any ideas?
    My approach is some thing like this
    IN the "user" object I do set all the attributes required per the resource definition
    Here is the code snippet for resource object creation:
    <Action name='create services resource object' process='Provision'>
    <Argument name='op' value='createResourceObject'/>
    <Argument name='object' value='$(user)'/>
    <Argument name='objectType' value='user'/>
    <Argument name='resourceId' value='UnixUIDServices'/>
    </Action>

    I by no means want to sound belittling... so don't take me that way..
    You need to understand the basics of files, and networks. You can't check if a file exists on another machine if you don't have a network protocol to communicate with. The reason \\ works under windows is because you are using an invisible (to you) network protocol. You probably know it as windows sharing. If your file were not shared under it's own name, that method wouldn't work (I'm assuming your entire drive is shared without a password... a horrible security flaw...but one thing at a time)
    You can use FTP protocol to check if a file exists. You can either send the raw text FTP commands through a socket connection in java, or you can use a freely available FTP java API to make it a bit more simple. You could also write a small java server on the other machine, and have it tell you what you need to know with a socket connection. In this way, you have created your very own network protocol.

  • Instead of creating new resource, recon is updating the same resource object for a user

    Hi,
    I created a DB target recon in OIM 11g. I ran recon and it created resource object. Resource is visible in Accounts tab.Now, I added one more entry with different description in DB. I ran the recon again. This time, instead of creating new resource object, recon linked it the same user with same resource object.
    My requirement is to create as many resource object as there are entries in DB table. The recon should not link all DB entries with same resource object in IDM. For every entry in DB, recon should create that many resource objects in accounts tab of user.
    Please let me know how to achieve the same.
    Regards,
    Kalpana.

    Hint is : Verify Reconciliation Key field mapping in Process definition
    Thanks,
    Pallavi

  • Unlock User

    Hi,
    I have created an user called helpdesk with Unlock User Capability assigned to him, and when i login as helpdesk when i click Unlock after selecting an user it is showing an error message "User has no resource accounts that support the Unlock feature" but an resource is assigned to that user.
    when i try unlocking the same user by logging in as configurator i could get the Unlock User page.
    Kindly give me a solution ASAP.

    Please, do not unlock user. Moreover, you already get answer in this other one. And if answers doesn't sastify you, say it in the same thread by posting new post, but do no create confusion by adding a thread.
    Thanks,
    Nicolas.

  • Provisioning a user with a resource automatically doesn't work!!

    Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
    As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
    But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
    In the log file show only 2 lines of error message.
    <Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
    <Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
    However, manual add resource works well.
    Environment Info:
    - OIM 11gR1 (BP6)
    - OID Connector 9.1
    - AIX 7.1
    Is this consider as bug on AIX platform ? Or any inputs would appreciated.

    Just check if the rule satisfy, user is getting the role.
    --Hari                                                                                                                                                                                               

  • Error while provisioning user into Oracle resource

    I wrote a custom oracle resource adapter and an trying to create a new user and assign this user to the resource. I get the following error when I save the user account. "com.waveset.util.WavesetException: An error occurred connecting to resource "
    I can however successfully test connection to this resource from the resources tab. Please help me figure what the issue can be.
    Thanks,
    Prithi Narasimhan.

    Hi Prithi
    Can you please send me your code so that I can test it and give you the exact reason for your failure.
    But I feel if your test connection is successful I dont think you should have any problem try with different userid , password and Database. Hope it works.
    Regards
    Gajendra Nagapurkar

  • New user created in oracle 11g (release 2) is not connecting (ORA-01017)

    Hi All,
    Kindly help me out regarding this.
    I have created a new user using "ORACLE Enterprise Manager 11g" and used the same credentials in SQL developer for a new connection and it throw "ORA-01017: invalid username/password; logon denied" message.
    Kindly note that have followed the following steps in creating user:
    On the Users page, click Create.
    In the Name field, enter NICK.
    In the Profile list, accept the value DEFAULT.
    This setting assigns the default password policy to user Nick.
    In the Enter Password and Confirm Password fields, enter a password that is secure.
    Create a password that is secure. See Oracle Database Security Guide for more information.
    Do not select Expire password now. If the account status is set to expired, then the user or the database administrator must change the password before the user can log in to the database.
    (Optional) Next to the Default Tablespace field, click the flashlight icon, select the USERS tablespace, and then click Select.
    All schema objects that Nick creates will then be created in the USERS tablespace unless he specifies otherwise. If you leave the Default Tablespace field blank, Nick is assigned the default tablespace for the database, which is USERS in a newly installed database. For more information about the USERS tablespace, see "About Tablespaces".
    (Optional) Next to the Temporary Tablespace field, click the flashlight icon, select the TEMP tablespace, and then click Select.
    For the Status option, accept the default selection of Unlocked.
    You can later lock the user account to prevent users from logging in with it. To temporarily deny access to a user account, locking the user account is preferable to deleting it, because deleting it also deletes all schema objects owned by the user.
    Grant roles, system privileges, and object privileges to the user, as described in "Example: Granting Privileges and Roles to a User Account".
    Note: Do not click OK in Step 13 of "Example: Granting Privileges and Roles to a User Account". Instead, skip that step and continue with Step 12 in this procedure.
    Assign a 10 MB quota on the USERS tablespace, as described in "Example: Assigning a Tablespace Quota to a User Account".
    If you did not click OK while assigning the tablespace quota (previous step), click OK now to create the user.Kindly note that I have log in as SYSTEM user and created this new user.
    Could any one help me regarding this ?

    After connecting with sqlplus, as user SYSTEM and when tried the below, I could see that the new user created by me does not exist..
    select '--' || username || '--'
    from dba_users
    order by username;
    But when tried with GUI "ORACLE Enterprise Manager 11g" I can very well see the new user created by me..
    How is this possible mate??
    Is the user not properly created through GUI (than from where it is showing the new user)
    Some more information i want to share;
    i have used schema "HR"
    And have used table space "USERS"
    And tep tablespace "TEMP"
    Edited by: 828569 on Jan 16, 2011 9:01 PM
    Edited by: 828569 on Jan 16, 2011 9:03 PM

  • Can we start more than one user created database at the same time

    Hi.,
    Can we start/work more than one user created database at the same time ??
    --Shyam                                                                                                                                                                                       

    Hi Shyam,
    I really dont understand what you have asked?
    If your question is can we start more than one database at the same time then the answer to that is yes but provided to have enough resources on your server to support running of two or more different databases on the same machine.
    Ex Senior DBA

  • Dobj.schtm_invalid_dup error in oim while unlocking user

    When trying to unlock a user in oim 9.1.0.2 we get the following error.
    We have customized task created for this functionality to work.The task Xs Unlock User from UF to PF is getting rejected giving the following error
    Error Details
    Feb 20, 2013: Adapter error encountered while updating UD_OID_USR_LOCK.Setting task status... "DATABASE_ERROR" does not correspond to a known Response Code. Using "UNKNOWN".
    Please assist .

    This error is seen only for few users .

  • End User Update My Resources - Parallelizing multiple requests

    Hi,
    I'm working on the following issue: when a user requests accounts on more than one resource, these are created only when all approvers have accepted the request for his own resource.
    How can I modify the WorkFlow so if the approver "A" for "resource A" has accepted the request and approver "B" not yet, the account in "resource A" is created?
    Anyone had the same problem?
    Thanks a lot.
    O

    Hello.
    Short answer is 'yes', you can do this with IdM.
    Longer answer is that you basically will be doing a little digging, unless someone has a code sample to send to you. The default approach (ref: configuration object type: Provisioning Task; configuration object name: Create User) is to do Approvals in Activity #2 and then do Provisioning in Activity #3. It uses the sub-process "Lighthouse Approvals" to collect approvals (role, resource, organization, etc.) and uses the sub-process "Provision" to do the provisioning.
    I've not done what you want to do, but it seems that you need to collect any pre-provision approvals (i.e. not related to resources) and then after that, either do an OR-split or set-up an iteration to iterate over resources, invoking a sub-process that would do the final resource-specific approvals and then the resource-specific provisioning.
    So the approval piece is pretty straight-forward. The more complicated part (from what I can tell), is the provisioning action. By default, the Create User will basically build a User View and then create a new user from that User View. What you want to do is 'divide' up the User View by resource, so that maybe the 1st Resource approved creates the IdM virtual account and provisions the 1st Resource account, the 2nd Resource to-be approved creates the 2nd Resource account and updates the virtual account (with the reference to the 2nd account), etc. So this will likely require some view manipulation.
    Since an OR-split is effectively a hard-coded series of paths to follow, I'd think you'd want to build a sub-process to do the approval / audit / provision for "this" resource account and then iterate over the waveset.resources in the Create User W/F, invoking your custom sub-process for each resource. If you design this sub-process correctly, it should work for any resource.
    Sorry for the long-winded and non-detailed response. I just haven't done this myself. Maybe others have and can share their design.

  • Problem with Access Policies (create multiple resources)

    I'm having a problem with Access Policies:
    The first policy must create a resource.
    And the following policies should create childs on the resource.
    The problem here is that when policies will add the childs, the resource is not provisioned yet.
    And then each one will create a resource but i just want one resource with the childs.
    When the resource is already provisioned, the policies update this resource properly.
    How can I fix this?
    tks

    Ricardo,
    I had a similar problem. In a post-process handler I was managing the user membership in specific roles through the removeMemberUser and the addMemberUser of the tcGroupOperationsIntf class.
    The last parameter of this method was a boolean which, when true, would automatically trigger the access policies programmatically in the post-process.
    The problem is that there also is an OOTB event handler for triggering access policies, so I was basically triggering the access policies twice and duplicated resources were appearing.
    Hope this helps.
    Cheers

  • How to view/edit/delete the user created profile in oracle 9i? Very Urgent

    Friends,
    I logged in as system in oracle 9i.
    SQL> create profile testpro limit
    2 idle_time 1;
    Profile created.
    SQL> alter user scott profile testpro;
    User altered.
    Then i logged in to sqlplusw as a scott user.
    and i waited for 10 mins after that.
    sql> select * from cat;
    its working......
    how come? i have already set a idle time to 1 minute.
    Please correct me if im wrong.
    Also, how can i view/edit/delete the user created profile.
    Thanks & Regards
    Sathyguy
    Message was edited by:
    sathyguy

    The resource limits set for a profile are enforced only when you enable resource limitation for the database.
    Enabling and Disabling Resource Limits While the Database is Open
    ALTER SYSTEM SET RESOURCE_LIMIT = TRUE;
    http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96521/users.htm#15451
    Manu

  • LSO_PSV2 - Create /w Resources freezing, ABAP runtime error, TIME_OUT

    Hello Experts,
    I have an individual user that is a part of a team that manages our LSO environment. He is experiencing a problem when performing a "Create with resources" on an instructor-led course.
    After choosing this option his session just spins but never enters the course details screen as expected.
    After anywhere from 15 - 30min the session returns an ABAP runtime error of "TIME_OUT". The error details state that the time out for ABAP programs is set to 3000sec (50min). The odd thing is that the program never reaches the 50 min marks but still throws the error.
    The user is able to select the "create w/o resources" option and get to the next screen as expected.
    I have run security traces (ST01) on his account and all looks fine (rc=0)
    He is one of several people that executes this transaction but is the only user that is receiving this issue. The team is assigned to the same position and shares the same PD profile. They share the same security roles and the same ABAP program is being run.These users are a third party vendor that remote in via citrix desktop.
    I have had our Basis team exam the ABAP runtime error and what is happening behind the scenes as this runs and they see no indication that the program is retrieving data even though it processes for a long time.
    Obviously this is a complex issue, I have searched for two weeks with no success. Any thoughts, suggestions are more than welcome at this point as the user is unable to perform needed work functions.

    Any solution on this one? I have the same problem with LSO_PSV2 :/

  • Propagate Data from User Profile to Resource Process Form doesn't work

    Hi,
    i've created a new custom task for Propagate Data from User Profile to Resource Process Form with a gtc connector but the task is never triggered!!!
    i need clues to resolve this .
    thnks.!!
    oim 11g 11.1.1.5 bp4. high availability with 2 nodes and a balancer.

    Hi Rajiv:
    ->Did you make that entry in Lookup as mentioned in that thread/post ?
    ANSW: yes.
    ->Did you use exact naming convention for your tasks ?
    ANSW: yes i put the same name that i put in the lookup into my process from.
    In which process definition have you created your task. Make sure it should be other than "Xellerate User" process definition.
    ANSW: PROCESS DEFINITION: * iPlanet User
    *TB_BAN1_AUR_GTC
    *TB_BAN5_AUR_GTC
    *TB_BAN3_AUR_GTC
    etc.. GTC conector.
    i have a test environment where this functionality works succesfully and i put the same in my production environmnet and the task never is triggered.

  • Email notification for user created through reconciliation in OIM

    Hi..
    I have done the following configurations for email notification when user is created through reconciliation in OIM
    Configuring IT Resource     
    Name     Email Server
         Type      Mail Server
         Authentication     FALSE
         Server Name     *.*.*.*
         Username     
         Password     
    Creating email definition with the following values     
    Name     Create User Email Notification
         Type     Provisioning Related
         Language     en
         Region     US
         Object Name     Xellerate User
         Process name     Xellerate User
         From     User
         User Login     Xelsysadm
         Subject      User Created
    Add Email notification in a new process task with name Notify     
    Process definition     Xellerate User
         Task     Notify
         Disable Manual Insert     Enable
         Required for Completion     Enable
         Allow Cancellation while Pending     Enable
         Handler Name     tcComplete Task
         Assignment Rule     Default
         Target Type     User
         User     Xelsysadm
         Email name     Create User Email Notification
         Send Email     Enable
         Notification Assignee     Enable
         Email      Create User Email Notification
         Status     Completed
    Xelsysadm has a valid email id. Now when I am reconciling any user, two mail notifications are being sent. Not able to know from where these two notifications are being triggered.
    Am i suppose to make any changes in the configurations?
    Edited by: Amruta Agarwal on Sep 28, 2011 4:21 AM

    Sorry re-read your issue again. I believe there are two notifications because you have added your notify task in the process definition and OIM OOTB sends a notification when a user is recon'd. Thus remove your task or disable the OOTB notification. The property is Recon.SEND_NOTIFICATION
    HTH,
    BB
    Edited by: bbagaria on Oct 7, 2011 9:13 AM

Maybe you are looking for