Unlock user view

I have a problem with view locking in activeSync. If a user is logged in to IdM user site (and thus lock a user view), and that activeSync receives an update for the same user, activeSync will fail and skip that change number. This causes certain changes are not processed by activeSync.
Does anyone know how can I unlock a user view by using xpress/java code? In that way I can make sure activeSync process always unlock a user before any process, and thus resolve the issue.
Thanks!

I am also facing the similar problem where AS events are getting missed because the user is locked.
Few questions
1) I have checked that there is a unlockobject XPRESS call available to unlock the object. How efficient is it? If I assign "unlock user" capability to the admin will that admin have rights to unlock the object.
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='unlockObject'/>
<Argument name='type' value='User'/>
<Argument name='name'>
<ref>userId</ref>
</Argument>
<Argument name='authorized' value='true'/>
<Argument name='subject'>
<ref>WF_CASE_OWNER</ref>
</Argument>
</Action>
2) What is the implication if I reduce the unlocktimeout in the repository configuration to 1 min or 30 sec?

Similar Messages

AD account deleted when checking in Password View/User View

Hi All,
We have a custom workflow that allows our designated Password Admins to reset IDM passwords for users. What happens occasionally is that this action triggers a deletion of an AD account. It appears that the password is set as expected but the subsequent User View checkin results in the deletion of the AD account.
I have been up and down this trying to reproduce the problem in our test environments: unlinking the account, and then trying the password reset, unassigning the account and then trying the password reset, deleting the AD account on AD and then trying the password reset. I have not been able to reproduce this behaviour.
We are running Oracle Waveset 8.1.1.2.
The workflow only sets the IDM password using the Password View. And it ensures that the Lighthouse account is not locked using the User View. Below is the code snippet.
Has anyone run into this before? What am I missing here?
All help is much appreciated.
Kamil.
 <Activity id='6' name='Reset Password'>
 <Action id='0' name='Check out password view' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkoutView'/>
 <Argument name='type' value='Password'/>
 <Argument name='id' value='$(accountId)'/>
 <Argument name='subject' value='$(view.waveset.name)'/>
 <Argument name='authorized' value='true'/>
 <Return from='view' to='passwdView'/>
 </Action>
 <Action id='1' name='Populate View'>
 <expression>
 <block>
 <set name='passwdView.resourceAccounts.selectAll'>
 <s>false</s>
 </set>
 <set name='passwdView.resourceAccounts.currentResourceAccounts[Lighthouse].selected'>
 <s>true</s>
 </set>
 <set name='passwdView.resourceAccounts.currentResourceAccounts[Lighthouse].expirePassword'>
 <Boolean>false</Boolean>
 </set>
 <set name='passwdView.resourceAccounts.password'>
 <ref>password</ref>
 </set>
 </block>
 </expression>
 </Action>
 <Action id='2' name='Checkin Password View' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkinView'/>
 <Argument name='view' value='$(passwdView)'/>
 <Argument name='subject' value='$(view.waveset.name)'/>
 <Argument name='authorized' value='true'/>
 </Action>
 <Action id='3' name='Checkout user view' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkoutView'/>
 <Argument name='type' value='User'/>
 <Argument name='id' value='$(accountId)'/>
 <Argument name='subject' value='$(view.waveset.name)'/>
 <Argument name='authorized' value='true'/>
 <Argument name='options'>
 <map>
 <s>TargetResources</s>
 <list>
 <s>Lighthouse</s>
 </list>
 </map>
 </Argument>
 <Return from='view' to='userView'/>
 </Action>
 <Action id='4' name='Set unlock lighthouse'>
 <expression>
 <block>
 <set name='userView.accounts[Lighthouse].selected'>
 <s>true</s>
 </set>
 <set name='userView.accounts[Lighthouse].locked'>
 <Boolean>false</Boolean>
 </set>
 </block>
 </expression>
 </Action>
 <Action id='5' name='Checkin unlock View' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkinView'/>
 <Argument name='view' value='$(userView)'/>
 <Argument name='subject' value='$(view.waveset.name)'/>
 <Argument name='authorized' value='true'/>
 </Action>

Hi,
We are seeing a similar issue after the user has changed their AD password the account repeatedly gets locked out when they try to log into Jabber.
We are also using Cisco IM&P and our CUCM is LDAP synced
I am interested to know why you are asking if LDAP authentication is configured?
Regards,
Andries

How to Get Most Current User View Before Checking In.

Hi,
We have several custom workflows which users can start from end-user menu and have some resource accounts created/modified after approvals.
User view is checked out once at the beginning of each workflow, then some user attributes are modified through forms and user view is checked in with new attributes at the end.
If any user starts a workflow (say W2) before completion of another workflow (say W1) he started before, and W1 is completed when W2 is waiting for approvals or etc., W2 completely discards changes made to user view through W1 since it has already checked out the user view before.
If I checkout the user once more just before checkin, I'm able to get a current user view but this time changes made through forms used in the current workflow are lost.
What's the best way, to get an updated user view of the user without overwriting any changes made out of the running workflow and losing form data?
Regards,
Mehtap.

In a situation like this, you should probably change the front end to store the changes in workflow variables instead of using the view directly. Then, post approval, you checkout the view and apply the changes. I've used this approach to perform changes on large numbers of users (kind of like a bulk action, only more reliable).
Alternatively, you can checkout the user object at the beginning of the workflow, and this will prevent your race condition by putting a lock on it. This will obviously cause problems (for you) if your users expect to be able to do multiple changes simultaneously. Don't try this approach if an angry mob will storm your cubicle -- IDM coders are hard to come by.
Jason

User View is not reflecting the source data - Transparent Partition

We have a transparent partition cubes. We recently added New fiscal year details to the cube (user view as well as source data cube). We loaded the data to the source data cube. From the user view, we tried to retrieve data, it shows up 0's. but the data is availble in the source data cube. Could anyone please provide the information what might be the issue?
Thanks!

Hi-
If u haven't add the new member in the partition area, then Madhvaneni's advice is the one u should do. Because, if u haven't add the member, the target can't read the source.
If u have already added the new member in the partition area, and still the data won't show up, sometimes it's worth to try re-save the partition, and see what's the outcome.
-Will

Dobj.schtm_invalid_dup error in oim while unlocking user

When trying to unlock a user in oim 9.1.0.2 we get the following error.
We have customized task created for this functionality to work.The task Xs Unlock User from UF to PF is getting rejected giving the following error
Error Details
Feb 20, 2013: Adapter error encountered while updating UD_OID_USR_LOCK.Setting task status... "DATABASE_ERROR" does not correspond to a known Response Code. Using "UNKNOWN".
Please assist .

This error is seen only for few users .

Change user's OU with punctuation mark doesn't work by Rename User View

Hi,
I have problem with moving user between OU by Rename User View when punctuation mark in name of OU is used.
I have own WF that assign user to specific OU depending on value of Select component. When value of this component is changed (against previous value) I call Rename View, that assign user to new OU. For OU without punctuation mark Rename View works OK.
After finishing WF with punctuation mark in OU this Error appers:
java.lang.RuntimeException: There is no such object on the server.
But creating new AD account (by role assignment) in OU with punctuation work OK. In select component is rule that replace puctional character in correct form.
Select component:
<Field name='slctOrganizationalUnitUzivatele'>
 <Display class='Select' action='true'>
 <Property name='title' value='Nastavte organizacni jednotku:'/>
 <Property name='allowedValues'>
 <block>
 <dolist name='zmena'>
 <invoke name='listResourceObjects' class='com.waveset.ui.FormUtil'>
 <invoke class='com.waveset.session.SessionFactory' name='getServerInternalContext' />
 <s>OrganizationalUnit</s>
 <s>AD</s>
 <null/>
 <s>false</s>
 </invoke>
 <rule name="RUL nahrada znaku">
 <argument name="inputString">
 <ref>zmena</ref>
 </argument>
 <argument name='hledanyRetezec'>
 <s>\,</s>
 </argument>
 <argument name='nahrazovaciRetezec'>
 <s>\, </s>
 </argument>
 </rule>
 </dolist>
 </block>
 </Property>
 <Property name='sorted'>
 <Boolean>true</Boolean>
 </Property>
 </Display>
 <Default>
 <upcase>
 <ref>user.accounts[AD].ad_container</ref>
 </upcase>
 </Default>
 </Field>
WF-Rename User
<Activity id='10' name='renameUzivatele'>
 <Action id='0' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkoutView'/>
 <Argument name='type' value='RenameUser'/>
 <Argument name='id' value='$(user.waveset.accountId)'/>
 <Argument name='authorized' value='true'/>
 <Return from='WF_ACTION_ERROR' to='error'/>
 <Return from='view' to='renameView'/>
 </Action>
 <Action id='1'>
 <expression>
 <block>
 <set name='renameView.accounts[AD].identity'>
 <ref>newDNrecord</ref>
 </set>
 <set name='renameView.resourceAccounts.currentResourceAccounts[AD].identity'>
 <ref>newDNrecord</ref>
 </set>
 <set name='renameView.resourceAccounts.currentResourceAccounts[AD].selected'>
 <s>true</s>
 </set>
 <set name='user.global.OrganizationalUnit'>
 <ref>slctOrganizationalUnitUzivatele</ref>
 </set>
 </block>
 </expression>
 </Action>
 <Action id='2' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='checkinView'/>
 <Argument name='view' value='$(renameView)'/>
 <Argument name='authorized' value='true'/>
 </Action>
 <Transition to='nastaveniPristupu-overeni'/>
 <WorkflowEditor x='193' y='343'/>
 </Activity>
<set name='newDNrecord'>
 <concat>
 <s>CN=</s>
 <ref>user.global.fullname</ref>
 <s>,</s>
 <ref>slctOrganizationalUnitUzivatele</ref>
 </concat>
 </set>Do you have any ideas?
Thanks Petr

Hi,
I discovered following:
- if name of OU in AD is without space (e.g. test,sample) so DN record is test\,sample and user is moved into this OU.
- if name of OU in AD is with space (e.g. test, sample) so DN record is still test\,sample and user isn't moved.
So problem is with empty space. How can I preserve space in DN name? I found something in documentation but I doesn't work for me.
+Special Characters in FieldValues
If you have a field value with a comma (,) or double quote (") character, or you want to preserve leading or trailing spaces, you must embed your field value within a pair of double quotes ("field_value"). You then need to replace double quotes in the field value with two double quote (") characters. For example, "John ""Johnny"" Smith" results in a field value of John "Johnny" Smith. +
(from IDM Business Administrator's Guide, p.77)
Guided this information I put value of slctOrganizationalUnitUzivatele into "". But this didn't work. Is good idea to have space in DN?
Thanks for help.
Petr
Edited by: petrklinkovsky on Sep 10, 2009 5:06 AM

ABAP Program to unlock users

Hi Everyone,
I am trying to develop a ABAP Program to unlock users in sap client. Please if anyone can help me I will be thankful to them.
Thanks in advance.
Regards,
Gaurav.

eh, such a functionality already exists. in SU01 you got a button for that.

How to get the user view

Hi,
Can anyone say how to get the user view of a user logged in through admin interface.
I have tried to get the roles of logged in user as below:
<ref>waveset.roles</ref>
it did not work..
Please suggest

who said you cant create view for logged in user, try the following machi
<Action id='0' name='User View' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getView'/>
<Argument name='authorized' value='true'/>
<Argument name='type' value='User'/>
<Argument name='id' value='$(WF_CASE_OWNER)'/>
<Return from='view' to='userview/>
</Action>
Rgds,
Purush

BPM Workspace User view related issue

PROBLEM SUMMARY_
Unable to see filtering options like SEARCH, ASSIGNEE and STATE in User View, I am able to see this in Generic Inbox of BPM workspace
DETAILED DESCRIPTION_
I am new to BPM & need some assistance on below scenario-
TASKS INVOLVED-*
My BPM process contains 2 tasks
1.     Initiator task-[Part of Requester role in my JDev Swim lane]
2.     User Task-To review the request-[Part of Reviewer role in my JDev Swim lane]
SCENARIO-+
Flow would be something like, requester enters details in request message & says submit. If request message length is less than 6 characters a review would be required & therefore process flow would go to reviewer task. Reviewer can Approve or Reject the request, if he approves the process will write the request message contents to a file, if the reviewer Rejects the request, requester task would be created again so as to ask requester to enter a message of length>6.
If entered request message is having length greater than 6, no review would be required. It will be a direct file write.
CHALLENGE-+
The challenge is each of these tasks –Initiator task & Review task would be created with DIFFERENT task numbers in BPM workspace, which I do NOT want. I want the Requester tasks task number to be propagated to Reviewer task and I would want to populate this as task number (May be under different column, say Request Id) of Reviewer task as well.
After reading Oracle BPM docs, I studied that this can achieved using Human tasks-Mapped variable concept.
I used protected mapped variable/flex variable:*Request Id* in both the above tasks to achieve this.
PROBLEM-*
Problem is in BPM workspace’s user view, here we go-
I created a user view:*HelloWorld* to display the task details, the columns I want are the default columns+Column for mapped attribute:*Request Id*.
Now even though the Request Id column is populated as expected, I cannot filter the View entries based on Assignee, State or perform any kind of other searches.
I understand that User views are built based basically on certain filters itself. But post the view creation if user has to make a search-say based on Mapped attribute:*Request Id* in this case, he won’t be able to do so.
This defeats the entire purpose of Mapped attributes. Oracle document says (check the last bullet point)-
+"Human workflow mapped attributes (formerly referred to as flex fields) store and query use case-specific custom attributes. These custom attributes typically come from the task payload values. Storing custom attributes in mapped attributes provides the following benefits:+
+•     They can be displayed as a column in the task listing+
+•     They can filter tasks in custom views and advanced searches+
*+•     They can be used for a keyword-based search"+*
So is this a bug with user views in workspace?
One more thing that I would like to add-Reason behind using Custom user views is-
1)     Generic Inbox of BPM Workspace does not give option to make the mapped attribute get displayed/Searched
2)     I want to customize the Tasklist.
Edited by: user12183391 on Oct 3, 2011 9:57 PM

Oh well...
It seems there's a bug with the XE Database... Sometimes it freezes some components and the SOA Plataform goes crazy.
Simple system reboot solved.

User View not showing the assigned resources attributes in idm 7.0

Hi,
In a Remediation Form I am using a text field
<Field name='user.accounts[SimAD].group'>
<Display class='Text'>
<Property name='title' value='Title'/>
</Display>
</Field>
but here i am not able to get the value of group. when i dumps the user view its shows only Lighthouse resource under accounts attribute.
<Attribute name='accounts'>
<List>
<Object name='Lighthouse'>
<Attribute name='firstname' value='Magnet'/>
<Attribute name='fullname' value='Magnet Mangentta'/>
<Attribute name='idmManager'/>
<Attribute name='lastname' value='Mangentta'/>
</Object>
</List>
</Attribute>
while the user has three resources.
when I use the getView method in form using following code
<invoke name='getView'>
<ref>:display.session</ref>
<concat><s>User:</s><ref>user.waveset.accountId</ref></concat>
<map>
<s>authorized</s>
<s>true</s>
<s>subject</s>
<s>configurator</s>
</map>
</invoke>
this time I m able to get the value resource attribute.
please give the solution how can I get the editable user view in Remediation Form so that I can change the attribute of resource.
Thanks,
Amit

i got the solution there was one attribute on workflow
<Argument name='NoFetch' value='true'/>
remove this to false it will fetch all the resource attributes

How can OS X 10.3.9 users view Flash on websites?...

How can OS X 10.3.9 users view Flash on websites?...

I need to add one more thing for others who might benefit from the above note re Camino.
I also at the same time downloaded new plug ins from Adobe for Flash 9. There were two plugins which I deleted. One of the two new ones was of a later date, the other was the same as the one I deleted. So that might have helped change things.
So the summary of what fixed it for me is:
Latest version of Camino browser.
Latest version of Flash plug ins.
Also, after this, I could even use previously unusable services like Rhapsody, with Firefox, a browser that didn't work before.
So that may indicate that just the new Flash plugins did the trick. But not sure of that for reasons too lengthy to go into now. Try updating both and see. It worked for me, and that's after trying much stuff for a workaround.

MAM Client - Only User View Manager Link Visible

Hi,
I have followed the configuration steps as mentioned in the configuration guide for MAM2.5 SR2.
but after deploying the application in mobile device, Only the User View Manager Link is visible to me.
Details about client and server version is as follows
1. MI client 2.5 SP11
2. WebAS Server 6.40 SP09
3. Backend IDES server
Only thing which I am not sure is whether the plugin
R/3 Plug-in 2004.1 SP01 for Mobile Asset Management 2.5 is added in the Backend or not.
Is there any way to check whether the Plugin is added or not?
Also Could this be a problem why we are not able to see other menu specific to MAM?
Appreciate your help in providing some solution for the above mentioned probelm.

HI sathya,
in my last post , actually i was talking about
WAS sp 09 and client sp 11.
 not sure , whether sp11 client can successfully sync with sp09 WAS.
it might be one of the reasons?.
have u changed ur application ?. or using the standard application?.(i mean added syncbo's or not).
 just check the meRepMeta.xml file , is there any reference to MAM25_090 (item).?
 just change the trace to Information and after sync,
just look whether there is any MAM25_090 reference in the log.
Sathya just check,,
1) meta_childRow.dat
2) meta_topRow.dat
3) meta_field.dat 
 if there is no data in MAM25_090 , there will not be one MAM25_090.dat file in the data directory.
just check in the
meta_childRow.dat ,
MAM25_090 entry got created or not in the folder corresponding to the first sync.
 Regards
 Kishor Gopinathan
Message was edited by: Kishor Gopinathan
Message was edited by: Kishor Gopinathan

How to make user view available in an workitem form

Hi,
How to get hold of the user view in an workitem form ?
I want to display some of the user information in the workitem form for which I require the user view.
Thanks.
- mangb

If you have a userview in the workflow, you should be able to access it in the manual action (Workitem form).
Just make sure the form base-context is taken into consideration while referencing the workflow variables (userview in your case).
Adi.

Adding Inbuilt OIM fields in User View form OIM 11gR2

I am working on customizing my OIM User View form. I want to include some internal OIM dates like USER create date (USR_CREATE in USR table)
USER update date (USR_UPDATE in usr table) in my USER VIEW FORM.
Below are the steps i am performing:
1. Login into identity console
2. Activate sandbox
3. Go to users link
4. Click on search
5. Click on any user (user login)
6. In view page click on Customize button on the top right
7. click on view-->source-->click on area--> edit
But after here i do not see any option to import the inbuilt OIM dates to form.
Please provide a solution/documentation/referrence material.
This is a bit urgent so quick action will be very helpful..
thanks

If you don't able to see this in the Managed User data component then you can't include those field.As you know these attributes are for OIM internal usage.
So, you can't include these OOTB system attributes.
If realy it is required for your business need. you can try below
1. create an UDF say USR_UDF_UPDATE
2. write a trigger(insert,update) on USR table and copy USR_UPDATE value into USR_UDF_UPDATE if any insert update happen on USR table.(you can specify the trigger based on specific column as well).
3. now add this UDF to the user view page
--nayan

How to unlock users in a SAP system if all of them are locked

How to unlock users in a SAP system if all of them are locked
Posted: Mar 21, 2007 10:07 AM Reply E-mail this post
Hello Experts,
In any SAP System,if a user having authorizations has mistakingly locked all the users of the SAP system,then how wll we unlock those users bcoz we wont be able to logon into the SAP System. Requested to revert your valuable replies at earliest.This happened with us,how to resolve it.My Email Id is [email protected] .
Regards,
Saumya

Hello Siva And Manas,
Thanx for ur replies .
Manas: These SQL statements we hv to run at the Command Prompt level only na.......
Siva : U r telling to delete the SAP* user ,u dont mean with the System created default user SAP* rite but u mean to delete our self created SAP*/any super user rite? Secondly how to delete tat user at the database level?
Regards,
Saumya
If all the users are locked , they can only be unlocked via sql.
Actually waht happens is if the uflag field of an user in table usr02 is 0 then the user is unlocked. Different values of the uflag field in table USR02 mean:
0 User not locked
32 Locked by CUA central administrator
64 Locked by administrator
128 Locked after failed logon
Incase all the users are locked execute the following sql to unlock them
update sap<sid>.usr02 (means update sapd01.usr02 or sapq01.usr02 etc)
set uflag='0' ;
commit.;
This unlocks all the users.
update sap<sid>.usr02
set uflag='0' where bname='xxx';
commit.;
This unlocksonly the user xxx.

Unlock user view

Similar Messages

Maybe you are looking for