User deletion from OIM

hi guys.. I have the following doubts.. kindly help me out
1)Is it true that no actual deletion of any user record takes place in OIM and they are just disabled.If that is the case suppose any new joinee joins an organization wit the same name as that of an employee who has left wont there be any conflict between the two records?
2)We all know that recon is possible from AD to OIM.Now if sur name of an employee is changed in SAP(trusted authoritative source), how is this change reflected about in AD provided provisioning has already taken place?

Hi,
There are a lot of tables associated with users that would need to be touched to delete an ex-employee, as that means that you need to delete all tasks associated with that employee (ie requests, provisioning processes, reconciliation data, etc).
Deleting employees might also affect the audit trails of other things. Let's say, for example, that someone submitted a request for 3 employees. One leaves the company, but 2 stay on for 10 more years. If you try to delete the first employee, the request's audit record becomes invalid. You need to keep that employee's key around.
To improve the performance of the database, it is best to look at other data that should be archived (as opposed to employees), like reconciliation data (I believe that can be archived now with the new 9.0.3 database tuning examples), User Audit data, and perhaps old processes that are no longer necessary. BTW, the biggest tables are always the RCD/E (recon tables), SCH (task table), and the UPA (user audit) tables.
Deborah

Similar Messages

  • Get user details from OIM User From based on Last modified time stamp

    Hi Gurus,
    I have a requirement that i want user details from OIM(11gr1) User form based on some time stamp.
    suppose my time stamp is 201401011130.
    And i changed one user in user form at 201401011200 (let sau user name is mahesh)
    now when i run the java code based on the time stamp i want mahesh details. How can i do this.
    Please let me know.
    Regards
    Mahesh

    This is how you can run sql query.
    String query="write sql query";
    Connection con=Platform.getOperationalDS().getConnection();
    Statement st=con.prepareStatement(query);    // PreparedStatement is preferable instead of Statement
    ResultSet rs=st.executeQuery();
    while(rs.next())
    String userlogin =rs.String("usr_login");

  • User deleted from EBP

    Hello Experts,
    Below is the scenarion: (SRM 4.0 classic)
    User A created few SCs.
    Before all the SCs were completed(closed), the User A got deleted from the system
    Now we recreate USER A with same ID again, and assign him/her to Org. Str.
    User A, now cant access earlier raised SCs by him/her.
    Could anyone suggest any way by which USER A can access all his earlier SCs. Or accessing earlier SCs is not possible?
    Thanks,
    Dhananjay

    Hi Dhananjay,
    Have a look at the below threads for some pointers:
    Re: User X  must not be deleted ? ;-)
    Re: Changing the SC creator
    How to Replace GUID inside table CRMD_PARTNER
    Changing the owner of a shopping cart
    BTW if the carts created by this users are closed,why do you need to access them now using this same user?

  • Problem with tab access after user deleted from group

    9ias version 9.2.0.1
    There seems to be a problem (potential bug???) when deleting a user from a portal group. I have a portal page set up with multiple tabs. These tabs can only be accessed by users belonging to certain portal groups. When i add a user to a group, the user sees the necessary tabs when authenticated. However, if i delete this user from the group there is a problem. When the user re-logs into portal, they will see all the tabs belonging to the group they were deleted from. However, when they select this tab nothing happens and the portal goes into a state of flux (doesn't navigate). One way to resolve this is to go in as a portal admin, edit any tab and select apply. The portal then seems to refresh.
    This solution isn't practical. Is this a bug? Is there a patch or another solutions??? Thanks

    Hi Turloch! Thanks for your help!
    Those SQL Statements were extracted from the MS Access application that we will continue to use to access the data , now on an Oracle Database.
    I don't know what I can do to make this kind of statements works as it is on Access database. The first query, that I called Query1 works fine on Oracle, I just mentioned it because the 2nd Query , named Query2, use it.
    I'm not able to understand why when I change the 1st. query to a "make-table" query the Query2 works as desired, but if I keep the Query1 and Query2 as it is on the MS Access Application I got the ODBC error message and the ORA-00904 error message , related (I think!) to the FieldTmp field used on the LEFT JOIN statement (AND).
    As I told before, if I change the AND clause to compare to another field, as instance, field1 :
    FROM Query1 LEFT JOIN Table3
    ON (Table3.field1=Query1.Field2) AND
    (Table3.field5 = Query1.Field1)
    it works.
    Please, is there anything that I can do to keep the MS Access Application unchanged?
    Oracle = 8.1.6
    Oracle ODBC Driver = 8.1.6.4
    Oracle Migration Workbench = 1.3.1
    Thanks in advance,
    Elaine Viel Denadai

  • Importing User attributes from OIM 9101 to 11g

    hi all,
    I need to import/create all the User attributes(UDFs) present in the OIM 9101 version to OIM 11g. Is there any way this can be achieved using deployment manager? Looking to avoid creating all of them manually again,as that would be a time consuming/error prone task.
    Looking forward to your replies.
    Thanks,
    Anuj.

    Hi,
    I think, you better create it manually in OIM11g and higher environments. The UDF import in 11g is unstable..some times it works..and some times it disappears..and when you try to create UDF after import, It will make your life hell.
    I really had very bad experience with OIM 11g UDF export/import.
    Regards,
    J

  • Any version od IDSync supports user deletion from AD to DS

    Hi,
    I would like to know that any version of IDSync supports deletion of users in AD to be synced with DS 5.2. We use Version - 1 2004Q3
    Build - 2004.259.1055 with Win2k3 AD. if it is there how to go about implementing it in a production environment.
    shaji

    hi,
    i don't know if this is the recommended way but we have a cron job running
    where we check for deleted AD acounts:
    <IDSYNC_INSTALL_PATH>/idsync resync -D cn=<LDAP_MANAGER> -w <LDAP_MANAGER_PW> -h <LDAP_SERVER_HOST> -p <LDAP_PORT> -q <IDSYNC_CONF_PW> -s <ROOT_SUFIX> -x -o Windows -i ALL_USERS
    hope it helps

  • Getting Error While accessing Accounts from oim

    Hi All,
    I am getting an exception while accessing user accounts from oim through the jdeveloper(I m giving UserId as input)
    Exception:
    avax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=oim#11.1.2.0.0, module=iam-ejb.jar, ejb=ProvisioningService, method=getAccountsProvisionedToUserx, methodInterface=Remote, signature={java.lang.String,java.lang.String}.
         at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:581)
         at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:111)
         at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:274)
         at weblogic.ejb.container.internal.StatelessRemoteObject.__WL_preInvoke(StatelessRemoteObject.java:41)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:24)
         at oracle.iam.provisioning.api.ProvisioningService_p7m7x_ProvisioningServiceRemoteImpl.getAccountsProvisionedToUserx(Unknown Source)
         at oracle.iam.provisioning.api.ProvisioningService_p7m7x_ProvisioningServiceRemoteImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
         at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
         at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Process exited with exit code 0.

    Which user are you using for creating connection with OIM ?
    Which method are you using to create connection with OIM ?
    Re: OIMClient login throwing AuthenticationException execption (FOR R2)

  • How to delete Users or Organinzations from oim

    Hi,
    I have deleted some users as well as organizations in OIM, and I got the message that they are successfully deleted.
    But when I try to reconile the same user from csv file using GTC connector or create the deleted organization from OIM I am getting the Error that user already exists and Organization cannot be created
    Do we have a way to completely delete the users or organizations
    Please help me

    This may be due to user logins are same for deleted user and newly coming user. Go to system properties and reuse use login property to true and retry reconciliation.
    Else
    You can remove from database but it'll be tedious as you would need to delete all reference as well.
    regards,
    GP

  • How to delete users from oim database 11g???

    Can anyone help me:
    I need to clean the OIM database, so I need to delete All user accounts that exists in OIM
    Any help apprecciated
    regards

    Hi
    Last time I used this script to delete the users. Hope it will be useful for you:
    delete from oud where oiu_key in (select oiu_key from oiu where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy')));
    delete from osi where req_key in (select req_key from req where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy')));
    delete from osi where osi_assigned_to_usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from osh where osh_assigned_to_usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rcd where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rch where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rcu where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rcb where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rce where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from orc where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from upd where upp_key in (select upp_key from upp,usr where upp.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from upp where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from usg where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from uhd where uph_key in (select uph_key from uph,usr where uph.usr_key = usr.usr_key and usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from uph where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from pcq where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from rcu where usr_key in (select usr_key from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy'));
    delete from usr where usr_create > to_date('20-06-2010','dd-mm-yyyy');

  • Not able to create, deleted user again in OIM

    Hi,
    As part of our porcess we susped the user on the next day of his/her last working day. And after 20 days we are deleting that user from OIM.
    Now the deleted user again re-hire into the organization. So we need to re-create the user in OIM.
    But we are unable to create the user in OIM 11g. And it is showing error as "user already exist".
    Then we found there is an entry for this user in OIM repository as usr_status as deleted. And also we are not able to see this user in the OIM admin console even there is an entry in repository.
    Please help us how to solve this issue in creating the identity in OIM.
    Thanks in advance
    Siva

    If you want to re-create a deleted user with the same user id then you need to set the re-use id property to true and also drop the unique key contraint from the USR table.
    Ref: Re: Steps for re-using the same user id of a deleted user in OIM 11g ?
    -Bikash

  • Delete oimGroup membership of the oim user using Script (oim 9.1).

    Hi All,
    I want to remove oim users' particular oim group membership, Is there any problem, if I use the following script to delete user group information from USg table?
    delete from usg where usr_key in (select usr_key from usr where usr_login in ('xxx','yyy')) and ugp_key=31
    Note: In our case, No policies,membershiprules are assigned to this oim group (we defined gruops only) and env is oim 9.1.
    Can any one confirm this. Or if there is nay problem, please let us know.
    Thanks.
    Edited by: user13285646 on Jul 28, 2011 11:01 PM

    Thanks Rajiv.

  • OIM: trusted source reconciliation - user deletion

    Hello,
    I am working on a test scenario with Oracle Identity Manager 9.1.0.1.
    I have succesfully setup trusted source reconciliation with Oracle 10g Database using the "Database Application Tables Release 9.1.0 connector".
    In the DB resides a HR table with users.
    When the data in the HR table is edited and updated everything works fine it get's reconciled to OIM.
    But when a user get's deleted from the Database HR table. The user isn't deleted in OIM
    How is that possbile?
    Your response is greatly appreciated!
    Thank you very much in advance!

    OK i have now managed the problem with the first unparsable error syntax.
    According to here (http://download.oracle.com/docs/cd/E11223_01/doc.910/e11194/create.htm):
    Database Date Format parameter for reconciliation:
    Enter the same value that you enter for the Source Date Format parameter.
    I entered the settings bellow and it works.
    Database Date Format: DD-MMM-YY
    Source Date Format: DD-MMM-YY
    Another problem:+_
    Now i have a problem with the "hire end" date, because if a user is still employed, there is a null value in the Oracle 10g DB.
    And i get Unparsable date: "" error
    Please help.

  • How to restrict the user(Schema) from deleting the data from a table

    Hi All,
    I have scenario here.
    I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
    Below is the example.
    I have created a table employee in abc schema which has two values.
    EMPLOYEE
    ABC
    XYZ
    In the above scenario the abc user can only fire select query on the EMPLOYEE table.
    SELECT * FROM EMPLOYEE;
    He should not be able to use any other DML commands on that table.
    If he uses then Insufficient privileges error should be thrown.
    Can anyone please help me out on this.

    Hi,
    kumar0828 wrote:
    Hi Frank,
    Thanks for the reply.
    Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
    If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
    Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
    See the forum FAQ {message:id=9360002}
    The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
    USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
    SELECT  *
    FROM    table_x
    ;what actually runs is:
    SELECT  *
    FROM    table_x
    WHERE   USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
    ;If you want to prevent any user from deleting rows, then the policy function can return just this string
    0 = 1Then, if somone says
    DELETE  employee
    ;what actually gets run is
    DELETE  employee
    WHERE   0 = 1
    ;No error will be raised, but no rows will be deleted.
    Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
    Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
    I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

  • Date parse error while importing users from OIM to OIA (SRM 5.0.3)

    Hi All,
    Env Details:
    OIA (SRM 5.0.3), Weblogic and Oracle 10g DB
    We have integrated OIM to OIA with extended attributes mapping by modifying iam-context.xml file to load users. Its done successfully. But when we map "Date" related attribute, its giving "Date Parsing error" and its not loading the users.
    We have tried loading users using flatFile mechanism, its also giving same result.
    Please suggest me. Thanks in Advance !!!
    Regards,
    Ravi G.

    Hi,
    Its a problem with OOB's OIMIAMSolution.class file, which is called while importing users from OIM. It used DateParse () conversion method only for all attributes which OIA attributes' name is ends with "Date". It defined, the conversion of date from (yyyy-MM-dd). So its expecting the input value should be in defined format(yyyy-MM-dd), if not, it gives a parse error.
    We found work around for this as follows,
    We have used other related OIA attribute which name ends other than "Date" string.
    Thanks,
    Ravi G.

  • Provisiong of users from OIM to Exchange Server 2007

    Hi,
    I am trying to Provisioning the users from OIM 9.1.0.1 to Exchange server 2007. For this i used Exchange Server Connector 9.1.1.1.0. By using AD_Base_connector 9.1.1.0.0 i can
    provisioned the user details. But while provisioning to the Exchange server 2007 i am getting the following error
    ERROR [XELLERATE.WEBAPP],Class/Method: tcLookupFieldAct ion/lookupByColumn encounter some problems: lookup Error in OIM
    And i am unable to get the LookUp detais for the MailBox in Design Console as well as in the ScheduleTasks in OIM Admin Console..
    Can anybody help me in solving this issue.
    Thanks & Regards
    SRI

    Hi suren,
    i am using the Remote Manager. I enabled logs in log.properties in both OIM server and Remote Manager.
    I am observing the following message in Remote Manager command prompt.
    DEBUG,30 Mar 2010 01:12:44,437,[XELLERATE.REMOTEMANAGER],Class/Method: RMISSLCli
    entSocketFactory/createSocket left.
    and i am getting the error in Weblogic server command prompt.
    Running ISADAM
    Target Class = java.lang.String
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attributes
    ERROR,30 Mar 2010 01:13:39,484,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAct
    ion/lookupByColumn encounter some problems: lookup Error
    can u help me in resolving this issue.
    Thanks in Advance,
    SRI

Maybe you are looking for

  • Using a mac and a pc in the same case

    I realize that this is probably not the best category for this but I am going to put it in here anyways. I run a mac at home, and a pc at work. I recently needed to bring work home when I realized that I needed to run a PC only application. As the we

  • Error writing data in a flat file using UTL_FILE feature

    Hi All, I have written a package which fetches data from four different cursors and inserts into a temporary table. Now this temporary table is used to write data in a file using the UTL_FILE feature. fhandler := UTL_FILE.fopen (l_path,'Demand_Transa

  • Why this error in writing string to text file using utl_file?

    HI Friends, Iam trying to write procedure to add one line of text in text file using UTIL package. But getting error. create or replace procedure Add_To_File() is OutFile utl_file.file_type; l_err_code NUMBER(10); l_err_msg VARCHAR2(2000); vNewLine V

  • Adobe Reader Shortcut Icons don't display properly

    Uninstalled and reinstalled latest version. Recently used program list on XP Home S3 Start Menu doesn't display Adobe logo and neither does Adobe Reader 9 shortcut on All Programs. PDF shortcuts display properly. Tried to search knowledge base and fo

  • Can't Open Trial Photoshop Elements Download

    I get a warning saying the following disk images couldn't be used with the reason invalid checksum.  I am using a mac running OSX 10.8 Thanks