User role for service requests from the SSP

Similar Messages

• End User Role for Service Desk in Solution Manager

  Hey,
  I am launching the Service Desk functionality for my End Users. One thing that i want to know of is the role that I should assign my user in Solution Manager to access his message. E.g.
  I have a user 'A' who creates a message from any system in my landscape:Test, QA, Dev or Production. Now this message reaches in Solution Manager and is assigned to a certain Support Team according to the rules I defined. Now the personnel of Support Team needs some feedback from the end user who created the message. For that the user 'A' has to log into Solution Manager, access his message and enter the details which the Support Team requested.
  I want to know that what Role should i give to this user 'A' so that he is able to access ONLY the messages that he created i.e. "Reported by" field showing user 'A'; and is able to view and edit them.
  If I give him the role SAP_SUPPDESK_CREATE and SAP_SUPPDESK_DISPLAY, he is just able to see the messages, all of them, but is not authorized to edit any. Please help me out in this matter as i need a solution asap.
  Regards,
  Bilal Nazir

  Hi Nazir,
  Create a role and add this t-code manually.
  CRM_DNO_MONITOR - Transaction Monitor
  This is will definitely solve your problem.
  Feel free to revert back.
  Thanks and Regards,
  Ragu
  ERP,
  Suzlon Energy Limted, Pune
  Extn: 2638
  +919370675797
  I have no limits for others sky is only a reason

• Directory Services User/Role Validation concurrent request impact

  we have the Java WF Mailer active and have users that receive WF notifications via email and the worklist. If we are are constantly running the Workflow Directory Services User/Role Validation concurrent request, what will this do to them?
  Thanks & Regards,
  sree

  There should not be any impact on the notifications.
  Please see (Questions On The "Workflow Directory Services User/Role Validation" Program [ID 369279.1]) for how frequent you should run this concurrent program.
  Thanks,
  Hussein

• Online Service Request  Currently, the online processing of your repair is not possible. Please contact Apple Technical Support, for more information.

  hey guys,
  I had a repair service on 14.12 when ordered today then the message with the iPhone (around 12:00 clock) came back it was my fault that the iPhone does not
  work anymore now I wanted tonight again a repair service request with the cost then I for the repair cost on my acquiring and now I can not why?
  what can i do now?
  Thanks in advance

  Well I would have thought the sensible thing was to do as the message says and contact Apple Tech support
  Why would other users on this User to User forum have any idea

• Assigning the End User Role for E learning management in Solution Manager

  Hello Team,
  In the E Learning Management in Solution Manager, I have to a assign the End User Role for each Bussiness Process. While assigning the role, I couldn't able to assign the role of type " JOB ". What have I do to get the type as JOB instead of "Organizational Unit" and "User"?
  Regards,
  Shyjith.K

  Hi,
  Have you maintained your Organizational data? Did you assign any job to any user in the organizational hierarchy. You need to maintain you PPOMA_CRM first in order to assign any roles there.
  Hope this helps
  Rajeev

• How do I set-up my Dataset to pull data for Service Requests for a report

  I am using SQL Server 2012 Report Builder 3.0.
  I have my Data Source added - DWDataMart
  I want to build my Dataset to query and find a very specific item. Basically I am creating a daily report that will show what each "team" or Support Group (AD Object) Closed that day. He also wants the ability to open it by date, so if he misses
  a day he can get it later.
  I am totally new to this report building and only got this far by following a guide on a blog, but he used incident Reports in his example, and I do not know what objects to query for service requests.
  Thanks for any information you can provide.

  First, you will need to get the support group ID's in the warehouse before you can run reports for them.  I found that putting these queries in their own stored procedure was a better path.
  select IR.IncidentTierQueuesId, IR.IncidentTierQueuesValue
  from dbo.IncidentTierQueues as IR
  where IR.IncidentTierQueuesId != 0
  select SR.ServiceRequestSupportGroupId, SR.ServiceRequestSupportGroupValue
  from dbo.ServiceRequestSupportGroup as SR
  where sr.ServiceRequestSupportGroupId != 0
  Enter the the support group ID's into your work item query.
  Incident information is in dbo.IncidentDim and Service Requests are found in dbo.ServiceRequestDim.  Both incidents and service requests link to relationship data through dbo.WorkItemDim.  You can INNER JOIN on BaseManagedEntityId to link the incident
  or service request to the workitem entry and from there to the Assigned Users, Affected Users, or Affected Configuration Items.  Each relationship has it's own separate fact views.
  If you poke about in the tables, you will find it pretty easy to pull back all sorts of information from the data warehouse.

• How can I add a user Role member that is from a different domain

  We are currently building out SCOM 2012 R2 to provide monitoring as a service to some of our customers.  As of now we have the RMS on our own department's domain (Domain A) which we have full control of and we have a gateway server that is on the company
  wide domain (Domain B) so that we can monitor other departments devices as the leverage this system.
  Monitoring is working just fine on both domains and we are just working on fine tuning SCOM so that we can roll it out as a service we offer to our customers.  One of the next steps we are working on before rolling it out is giving specific users access
  to view only their own devices, dashboards, and groups.  So I created a Read-Only profile and went to add a user to test it out, but that user is on Domain B and SCOM is unable to resolve this account.  I'm seeing Event ID 26319 with Error Code 1332.
  How can I get SCOM to discover devices on a different domain so that I can give them different permissions for accessing the Operations Console and/or Web Console?  Is this possible?
  Here is the Error I'm seeing.
  Log Name:      Operations Manager
  Source:        OpsMgr SDK Service
  Date:          2/4/2015 1:11:59 PM
  Event ID:      26319
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxx.xxxx.xxxxxxxx.xxx
  Description:
  An exception was thrown while processing UpsertUserRolesV2 for session ID uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40.
   Exception message: The creator of this fault did not specify a Reason.
   Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected] associated with the user role. Error code 1332. Check your active directory configuration.).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="OpsMgr SDK Service" />
      <EventID Qualifiers="49152">26319</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-04T21:11:59.000000000Z" />
      <EventRecordID>172748</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>xxxxx.xxxx.xxxxxxxx.xxx</Computer>
      <Security />
    </System>
    <EventData>
      <Data>UpsertUserRolesV2</Data>
      <Data>uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40</Data>
      <Data>The creator of this fault did not specify a Reason.</Data>
      <Data>System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected]  associated with the user role. Error code 1332. Check your active directory configuration.).</Data>
    </EventData>
  </Event>
  Thanks for any help I can get in resolving this issue.
  Jake

  The SCOM Management Server is in Domain A.  I've tried it already and it has failed.  
  So just to clarify the method I used was to go to Administration>Security>User Roles.  Then New User Role>Read-Only Operator.  In the Create User Role Wizard I then gave the User Role a name, Clicked "Add" under User Role Members.
   Then the Select Users or Groups window pops up and I changed the Locations from Domain A to Domain B and searched for the user, which it's able to find, then clicked "OK" to add it to the User Role members which it does just fine.  On
  the next page which is Group Scope I checked the one group I want this account to have access to and then click next.  This brings me to Dashboards and Views where I click the radio button for "Only the dashboards and views selected in each tab are
  approved" and chose the folder of dashboards I want this account to access and then click next.  This brings me to the Summary and I click "Create".  At this point it thinks for a moment then closes out the wizard but the new Read-Only
  Operator does not appear.  I then look in Event Viewer and see the Event I pasted above.
  Am I doing something wrong here?  Any guidance on how to get around this issue would be much appreciated.
  Thanks,
  Jake

• SLA for service request\service order  without create a service contract

  Hello Experts,
  We are using CRM 7
  Is there a possibility to determine SLA for service request\service order  without create a service contract?
  We have defined:
  1. Trasaction Code: CRMD_SERV_SLA-  Response Profile / Response Times
  2. In Customizing we have defined our date profile with the relevant duration
  3. In  Customizing for transaction types  we defined  SLA Prof. Det. Proc= IT000001
  4. we assign the Service Profile and Response Profile to BP (from "service levels" block) .
  Everthing seems ok but the SLA time is not determined automatically.
  Hope you can help me out.
  Thanks,
  Tal

  Hi Tal Tal
  Your steps are correct and i hope you did these too
  a) In the SLA determination procedure ,you have defined the access sequence for service product item or org
  b) If service product item ,take any service product for ex INVESTIGATION assign the two Service and response profile in the service tab
  c) if org the above two profiles can be assigned to org attributes.
  d) In my opinion the date profile you should have assigned it to item category as I think the SLA date calculation is done at the item level
  e) You should assign the SLA det prof to the transaction type in the service process business category - customizing header.
  f) when you create a transaction type sla dates will be determined as follows
      a) you have to enter service product entered in the item ,then dates will be visible,and also if your access sequence is based on service product,the respons profile and service profile will be determined.
      b) if you have given indicators as all these three "category,priority,codes' in your response profile, then you have to enter all three and then hit enter
     c) After hitting enter,the response profile determined above,will use the above 3 inputs of category,priority etc and determine the duration times ,which should be maintained in your date profile.hence the durations determined will be used in the dates calculation.
  Let me know if you have any other questions.

• Inbox Search - status for service request not updated

  Hi,
  In inbox search, the status change for a service request does not reflect until the user log offs or opens the service request in edit mode. PFB the steps followed. (Two users are monitoring the service request but is being processed only by one)
  Web UI window 1(User 1): I open the inbox search result page. Service requests are displayed with the status field
  Web UI window 2(User 2): In a separate window, the service request is approved by changing the status of the service request to Approved.
  Web UI window 1(User 1): In the inbox result screen, i click on search for the same search criteria, but still the old status of the service request(updated in window 2) is displayed.
  Observation:
  1. If I open the service request, the service request still has the old status. If i click on edit, the new status is displayed. If i click on Back button (without clicking on edit), the new status is refelected for the service request in the inbox result page now.
  2. If I log off and again open the inbox result, the new status of the service request is reflected.
  3. The status of the service request is updated in the database immediately user 2 changes the status.
  There is no enhancement done for the inbox search. The behavior is for standard inbox result.
  Please provide any pointers to resolve this issue.
  Regards,
  Radhika
  Edited by: Radhika Chuttani on Jan 5, 2011 7:13 AM

  Radhika,
  This is standard behavior in the SAP inbox. The reason is that SAP buffers search results in the Inbox in order to improve performance. So even though you hit "search" again, SAP does not update the search results because this search has already been executed in this session. Clicking "End" or logging off refreshes the buffer.
  SAP released a note to update the "Responsible Employee" in the Inbox without requiring the user to log off. You can see their explanation and the solution here:
  https://service.sap.com/sap/support/notes/1465966
  If you want to enable inbox refresh every time a search is executed, you will probably have to do custom coding. My guess is that you may be able to leverage the CRM_IC_INBOX_BADI. Let me know if this much info is enough or if you want further details on how to technically achieve this.
  Rahul

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• Searching for Service Orders in the Archive in CRM 5.2

  Hi,
  I am trying to enable Searching for Service Orders in the Archive in CRM 5.2, in CRM 2007 this is done by a button being provided as standard and the user is able to toggle between views from the advanced search to search in the Archive. This also comes as standard in PCUI for the 5.0 version. But for the life of me I can seem to find how to do this in 5.2 without having a developer write code to enable the search in archive flag of the BTQuery1O  we are using the component BT116S_SRVO.
  I am trying to use the Archive Search function in SAP WebUi 2006s(5.2) to search for Business Transactions stored on the Archive fiel system.
  Thanks for all your help in advance,
  Kinika

  hi..
  we are also using KO8G and settling orders through background processing. In parametres there are options for period, year etc for selection.
    I could not understand ur problem. you creat a variant for orders to be settled. if you ar not getting the parameters in KO8G cosult ur ABAP consultant to get it.
  kkb/dsp

• I am trying to open a service request and the site does not work.

  I am trying to open a service request and the site does not work with ANY browser. I get the page https://getsupport.apple.com/GetParts.action which says "Send in for service. We just need a little more information." The continue button does not work. I've seen this problem before trying to file support requests. It's as if Apple simply does not want you to create requests.

  I just went through several screens and had no problems.  Try clearing your browser's cache and/or history.

• How to delete a noncompress request from the aggregates

  hello gurus
            i have a request in an infocube, which is not compressed in the cube. i rolled up the request, so that the data will  be moved to the aggregate. is it? then i found that the data is inconsistant. so i delete the request from the infocube manage scree, under the request tab. now my question is whether the data will be deleted from the aggregate or not?
  thanks in advance
  rams.

  If the Request has not been compressed in teh cube or the aggregate, you should simply be able to delete the Request form the Cube and it will be automatically deleted form teh Aggregate.  Since it has NOT been compressed in the aggregate, it should be a very quick process - no need to deactivate the aggregate.
  If it has been compressed in the aggregate, but not the InfoCube, you should still be able to delete the Request form the InfoCube, but the BW will have to refill the aggregate.  It should do this on it's own, but at differnt sopport packs, I had some problems with that always working.  As others have mentioned, in this case you could always deactivate the aggregate, the delete the Request from the InfoCube.
  As yo ureview this situation, you should consider how often you have/might have a problem like this.  If it occurs very often, then you should have your aggregate(s) for this cube setup so they do NOT automatically compress after Rollup.  Instead the Requests in the aggrgate will only be compressed when the Request in the InfoCube is compressed.

• HOW TO USE FUNCTION Deletion of Requests from the Change Log IN PRCSES CHAN

  Respected all
  i used Deletion of Requests from PSA from the prcess chain and found good results, now i have only one request at the psa and thus i am doing good space utililisation. but when i am using Deletion of Requests from the Change Log i am not getting any changes in the request of dso. kindly let me know how to use this 2nd function.
  thanks
  abhay

  Hi Mahodaya,
  As per SAp standards its good to delete the requestes that are no longer needed for the delta update and no longer used ffor inti from the change log table and the data is loaded already in to DSO.
  Goto RSPC
  Click on create New PC -> enter the PC name n long descp
  Next we need to define the start process for the PC.Maintain the start variant process.save n come back.
  for deletion of change log we have option in the Other BW Processes -> deletion of requestes from change log
  Once u select the option we get a dialoge box here we need to create the variant for the process enter the process variant n long descp. cick ok.
  Next in the maintenance screen for the deleting the request from change log table will appear.
  Enter the selection patterns to which the requestes should be deleted from the change log.
  In the maintenance screen, select one or more Data Store objects for which requests are to be deleted from the relevant change log tables under Data Store Object column and select theInfo Area of the corresponding Data Store Objects under Info Area
  If you select the first check box exclude selction pattern, this means that del of requests from change log table will be ignored.
  or
  We can delete the requests which are Older than N-number of days (or) date in the above screen. For this one, enter the number of days (or) date in the filed Older than .
  OR
  If we want to select the requests with a certain status then we can also do in the above screen. We can select the following status indicators from the above screen.
  Delete Successfully Updated Requests Only -This status will delete only requests which
  are successfully updated into corresponding Data Store objects.
  Delete Incorrect Requests that were not Updated - This status will delete only incorrect requests which are not successfully updated into the corresponding Data Store Objects.
  Delete Activation Requests only, No Load requests- This status will delete only the activation requests (requests that begin with ODSR_... ). No load requests are deleted.

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .