Users are not removed from role using UME API

Hello,
I am using this code to remove users from a batch of roles that I have.
Everything is running OK, no exception is thrown and at the System.out I see all the actions that needs to be taken correctly. The problem is that if I'll go later to one of the roles the users are still assigned to it. Any idea what I'm doing wrong here?
try
IRoleFactory roles = UMFactory.getRoleFactory();
IUserFactory users = UMFactory.getUserFactory();
IRoleSearchFilter filter = roles.getRoleSearchFilter();
filter.setUniqueName("<My_filter>", ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult sresult = roles.searchRoles(filter);
if ( sresult.getState() == ISearchResult.SEARCH_RESULT_OK )
     while(sresult.hasNext())
     String id = (String)sresult.next();
     IRole role = UMFactory.getRoleFactory().getMutableRole(id);
     Iterator i = role.getUserMembers(false);
     while (i.hasNext())
                     String uid = (String)i.next();
          IUser user = users.getUser(uid);
          role.removeUserMember(user.getUniqueName());
          System.out.println("Removed user: " + user.getUniqueName() + " from role: " + role.getDisplayName());
     role.save();
     role.commit();
catch (Exception e)
     manager.reportException(new WDNonFatalException(e), false);

Solved it!
It needs the FQDN User ID...

Similar Messages

  • Users Are Not Removed From Old Position Via Structural Auth

    Hello...
    Has anyone experienced an issue where someone move from one position into a new one, the old reporting manager can still see this person information via structural auth?  There's a general structural profile with the evaluation path o-s-p and function module RH_GET_ORG_ASSIGNMENT which is assigned to all accounts in the system.  This profile works as intended when Person A moves to a different position reporting to Manager B.  Manager B can view Person A information (time, personal, etc.); however, the system does not remove Person A from Manager A.  In addition, the RHPROFL0 is scheduled twice a day.
    Thanks for any insights or thoughts on this issue.

    Hmm...
    Which release and SP are you on?
    Also check the depth of the profile (just in case the employees were demoted...) and the period (although you mention that it should be current only).
    I have only been involved is custom implementations of "structural authorizations" because the standard is quite tricky and complex to find an error or inconsistency - so hopefully one of the other gurus who are more familiar with it can help as well.
    Cheers,
    Julius

  • PO Approval Items Workitems are not removed from the Universal Worklist UWL

    Hi,
    Certain of our purchase orders require approval, they are sent to the relevant approver via workflow to their SAP inbox (SBWP) and universal worklist.
    When the user executes the workitem (Approve or Reject) The workitem should be removed from the universal worklist and SBWP when refreshed.
    The problem we experiencing is that the Workitems are not removed from the UWL after they have been executed. The SBWP is behaving correctly and the items are removed.
    It is not all the workitems that have this problem, only certain ones - but there is no pattern.
    Thanks for the help.

    Hi,
    The user B approved the PR accessing the transaction SBWP or via PR transaction directly?
    If via PR transaction directly, then your workflow needs a Wait Event step.
    Regards,
    Kleber

  • Deleted attachments are not removed from Content Server

    We have setup Content Server to store business documents and create attachments in documents in CO. Both types are stored ok and can be opened without any problems. After deleting them though, they disappear from the Attachment List but when looking in CS, attachments created on the document still exist in CS. Stored business documents on the other hand are removed properly.
    Looking at statistics in CSADMIN shows that the deletion of the created attachment does not increment the "delete" counter.
    Any ideas on why the created attachments are not removed from CS upon deletion?
    Thanks

    We have solved this issue now. By design, the attachments are not removed directly from the content server upon deletion; Instead you will need to run report RSBCS_REORG to completely remove them from the Content Server.
    Edited by: Christian Nordvaller on Jan 26, 2010 3:53 PM

  • After deleting users they are not removed from portal30.wwsec_person

    I am building a customized script to carry on users self registration.
    the script is going great and user is created and i can log into portal
    successfully with this new created user.
    I relogin as portal administrator and delete this new user and now if i tried
    to list portal users I cant see the user.
    But when I try to rerun my script to recreate this user again it fails when I
    investigated I found that it fails because the entry of this user is removed
    from portal30_sso.wwsec_person while it still exists in portal30.wwsec_person
    so the script fails as there is duplicate in primary key.
    Is this a bug in portal 309 that when the user is deleted it is not removed
    from portal30.wwsec_person

    This is actually a combination of intended behavior/design and a bug.
    Let me first explain why there is a user in both the PORTAL30_SSO schema as well as the PORTAL30 schema.
    The definition of the user, that can log in, and defines the single sign-on account, is the user's entry in the
    WWSEC_PERSON$ table in the PORTAL30_SSO schema. The SSO server actually just uses a subset of the
    columns in this table -- those defined in the WWSSO_SSO_USER view.
    The same table exists in the PORTAL30 schema, because there is a lot of common infrastructure code
    shared by both applications (Login Server, and Portal). The Security and Session Management code
    is common, and this code includes the dependency on the WWSEC_PERSON$ table.
    Now, assuming that the code was independent (for the sake of argument), why do we still have an entry
    for the user in both schemas? As I mentioned earlier, the user entry in the SSO schema is the "master".
    The SSO server can have multiple partner applications connected to it. Indeed, on my.oracle.com, the
    login server there has at least 4 portals hooked up to it, and a few other non-Portal partner applications,
    such as Oracle Mobile.
    Each partner application may have a local user profile that it uses to store application specific attributes
    of the user. This is stuff that the Login Server is not interested in, and could in no way predetermine for
    all conceivable partner applications. So, it is not unreasonable for each partner application to also have
    a user record which stores additional attributes of the user (not related to user authentication), and which
    can be used to reference other user-related data. For example in the Portal, all the user's privileges
    and group memberships are tied to the Portal's user record (foreign key constraints). So, the Portal
    being just one partner application of the Login Server, it adhere's to this model and has a user entry
    in it's schema corresponding to the user entry in the Login Server.
    When a user logs on and accesses a partner application for the first time, the partner application (read Portal)
    is expected to automatically create a local profile entry for the user on demand. The Portal does this.
    In 3.0.9 and previous versions, to delete a user, you need to delete the user in the Login Server AND the Portal.
    The only way to do this is to first delete the user in the Login Server, using the User Portlet.
    Then type the user's name into the Portal User Profile portlet (they won't be in the LOV anymore since
    you just deleted them from the login server), and click Edit, then Reset To Defaults (this means delete).
    You will then get a User Not Found error, since the page is trying to go back to show the details about this user.
    (All this has been fixed in 9.0.2 v2, by the way).

  • Multibyte users are not able to authenticate using Default Authenticator

    Hi,
    We are facing an issue with multi-byte user authentication. All chinese and french users are not able to authenticate.
    When we try to authenticate with réseau/welcome1, where réseau is a user created in embedded LDAP, authentication fails.
    Security log generated is-
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=rseau>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <LDAP Atn Login username: rseau>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <authenticate user:rseau>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=base_domain", "(&(uid=rseau)(objectclass=person))", base DN & below)>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=base_domain", "(&(uid=rseau)(objectclass=person))", base DN & below)>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <[Security:090302]Authentication Failed: User rseau denied>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <LDAP Atn Abort>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
    ####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate failed for user rseau>
    We are using WebLogic Server 10.3 Default Authenticator as Authentication Provider.
    I found few change requests related to multi-byte from the link: http://edocs.bea.com/wls/docs103/issues/known_resolved.html
    Am I missing some configuration? Has anyone else tried authenticate multibyte username?
    Thanks,
    Anuj

    Can you provide more information on the use case?
    1. Is this using Basic or Form authentication?
    2. If the user logs on from a web-based client, do you get the same failure with Internet Explorer as with other browsers?
    3. On which operating system is the WebLogic AdminServer running?
    With WebLogic Server 10.3, I am able to authenticate with multi-byte (French and Japanese) usernames. (My environment: form auth, Firefox 3.0.5, WLS runs on Linux RHEL 4.0.)

  • The removed photo albums in iWeb are not removed from my website.

    I have removed a few photo albums from my web site in iWeb and added none. When uploading the changes to my website it still shows all the albums only the links of the removed albums are not valid any more.
    How can I get the albums completely removed from my site via iWeb?

    Welcome to the Apple Discussions. You are hosting your site on a MobileMe account, correct?
    Try publishing the entire site with the File ➙ Publish Entire Site menu. If that doesn't clear out the old stuff from your web site try the following:
    1 - close iWeb.
    2 - delete the iWeb preference file, com.apple.iWeb.plist, that resides in your User/Library/Preferences folder.
    3 - go to your User/Library/Caches/com.apple.iWeb folder and delete the contents.
    4 - reboot.
    5 - launch iWeb and and try again.
    Still if not cleared out publish the site to a folder on your hard drive and open the local copy with your browser to see if that shows the changes to the site.
    Happy Holidays

  • Users are not importing from BW to bobj

    Hi Experts,
    I am working on bobj 4.0 and bw 7.0 i am facing an issue while importing users from bw .i can import roles but i can not  see the users .In Bw the roles have users but when i import them to bobj  i can see only roles but not users ?????

    Hello,
    I know this post is from almost 2 years back.
    But we are running into an issue in BOBJ 4.1 SP2 with role and user import.
    When we import roles from BW to BOBJ from SAP Authentication. All the roles are imported fine.
    The user gets created in BOBJ when the user logs into Portal via Launchpad for the firs time.
    Lets say we have 5 roles in BW that the user is part of, and when we import the 5 roles, we do not see the user as a member of the 5 roles in BOBJ. But the user is seen in only one role.
    We do not see user in any other 4 roles imported from BW, even though the user is in those roles in BW. This causes a problem as the roles are applied to different folders in BOBJ and User now cant see the objects attached to the 4 roles that the user is part of.
    We even tried scheduling a role and alias import from User Update tab in the SAP Authentication in CMC. That did not help either. I thought this should atelast synch up everything between BW and BOBJ.
    Any thoughts on this please
    Thank you
    Suman

  • Messages filed into folders are not removed from message folder

    I have a client that has been able to file messages into his folders in the past and then the message would then be removed from the messages view. This would be the expected behavior. Recently he tried to file messages into a folder and then the message turns into a double envelope indicating that the message has been filed but it does not get removed from the view. Any clues to why this might happen?

    Sounds like the Hide Filed Messages is set to No. Have them go into Messages | Options | General Options and set the Hide Filed Messages to Yes
    If someone has been helpful please consider giving them kudos by clicking the star to the left of their post.
    Remember to resolve your thread by clicking Accepted Solution.

  • Oracle Services are not removed from system (10g, on Windows 2003)

    Hi,
    I haven't used Oracle on Windows Os before and not sure what to do.
    Here is what happened
    1- I installed 10g on windows 2003 server, created a database with service name OPER
    2- I was unhappy with the installation and removed it.
    3- then I installed Oracle 10g software again, creating a database again which has name IZROPER
    now, there are two of every oracle service in the services.msci
    service names containing the first db's (OPER) are still showing up in services, how can I remove them?
    ORACLEDBCONSOLEoper
    OracleJobSchedulerOper
    OracleServiceOper
    etc..

    start -- run -- > regedit
    In regedit mode --> HKLM -> SYSTEM -- currentcontrol set --> services --> here Oracle services are avilable , you can delete from here.

  • Items are not removed from Workflow Inbox

    Hi all,
    Im having problem with our workflow. Below are the details
    SCENARIO:
    User A creates a PR. The PR is then forwarded to user B for approval. Once the PR is approved by user B, it is forwarded back to user A for notification purposes. User A then executes the PR and it is automatically forwarded to user C for processing.
    THE PROBLEM:
    When user B approves the PR, his/her inbox should be cleared once the PR is forwarded to user A. The problem  is that, out of the 45 line items present in the PR, only 38 lines were cleared from the inbox. The remaining 7 items were retained. However, when we try to view the PR from user A, there are 45 line items and they are complete.
    QUESTION:
    What causes the 7 line items to be retained in user A's inbox? How do we clear them?
    Any output will be highly appreciated.
    Thanks

    Hi,
    The user B approved the PR accessing the transaction SBWP or via PR transaction directly?
    If via PR transaction directly, then your workflow needs a Wait Event step.
    Regards,
    Kleber

  • Played Podcasts are not removed from iPhone despite iTunes settings?

    Hi,
    In iTunes I have set my general Podcast settings to only sync unplayed podcasts to my iPhone. However, when synced, the played podcasts remain on my iPhone. Can anyone help?
    Many thanks

    I have exactly this problem. Alongside the podcasts I subscribe to via iTunes, I download some random ones from time to time via the iPhone itself. Now I simply can't rid myself of the files - they show on the iPhone screen but not when connected to iTunes and they are restored to my library every time I reconnect to the Mac. There seems to be no way of deleting the things - I even tried de-synching all podcasts and re-synching again but this didn't work either.
    This only seems to have happened since I upgraded to iOS 5. Mine is a 3gs by the way.
    Any answers anyone?

  • Cancelled meeting requests are not removed from ICAL.

    I am currently receiveing  new and updated meeting requests through "Mail" on my mac. The email body contains a .ics icon that either adds (new appointments) or updates (changes) in my MAC's Ical.
    However when I receive a cancelled meeting request ... clicking on the same .ics icon take me to Ical, but doens't remove it from the calendar. Is this a known bug or somthing that I've got set up incorrectly?
    Please advise if you have any information on this problem - Thanks

    bump

  • Infopath form not removed from central admin after retracting the solution

    I have InfoPath form admin appvoed deployed through Stat machine workflow when I retracting some forms are not removing from Central admin
    when trying to deploying it says
    Error 3 Error occurred in deployment step 'Add Solution': An object of the type Microsoft.Office.InfoPath.Server.Administration.FormTemplate named "urn:schemas-microsoft-com:office:infopath:" already exists under the parent Microsoft.SharePoint.Administration.SPFarm
    named "SharePoint_Config".  Rename your object or delete the existing object.
    I have tried renaming the file as well
    MCTS,ITIL

    Hey shahid
    try to use force command to uninstall/remove solution,then only add solution.
    if this not work out then first uninstall feature using force and manually delete feature folder from file system inside layouts.
    Regards,
    Rajendra Singh
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful
    http://sharepointundefind.wordpress.com/

  • Workitem is not removed from User Inbox

    Hi,
    There is requirement, when the PR is created by user, first it has to go his department Head and then to Manager, AGM, GM, etc. There are different departments.
    I'm maintaining organizational structure and giving positions in Release Strategy. Now how can i know who has created and to whom it has to go first. Shall i create different release strategy for that ?? Or is there any other way ??
    And i tried to create custom workflow and using two release steps instead of one. And giving Rule in my first release step. And in second release step i'm using the strategy. When i create the PR and release, it is not removing from User Inbox.
    Do anyone know what could be the problem ??

    Hi,
    From your requirement, its not a good idea to have all department heads assigned to a single position.
    But, you can have different positons for different departments and the association between department and the corresponding position number can be maintained in  ztable. Then have a custom rule based on function module which will make a call to this ztable and find the corresponding postion given the department of user, get this position out and use it as agent assignment in step. However to use above first you should be able to find the Deparment to which a given user belongs to.
    the position that you are talking about in your question, is it a position with relevance to HR structure or is it just that you have created for workflow purpose. In general its a good idea to have bit strong dependency with HR structure rather than going for workflow specific positions. If your position is a HR position then probably with bit of reengineering the HR organization structure with respect to your departments would be good and with a good design of org structure you can also get rid of any new custom table to maintain the relation between department and corresponding position.
    Good Luck !!
    Regards
    Krishna Mohan
    ooops !! many replies came in while drafting this mail itself, i guess rule using custom table already tried !!
    Edited by: Dubbaka Krishna Mohan on Jan 29, 2008 9:20 AM

Maybe you are looking for

  • Office 2013 ODT The operating system is not presently configured to run this application

    hi! We have RDS 2012 R2 setup up and running with session host, connection broker, rd gateway and rd web. AS office 2013 can be deployed using APP-V 5 SP2, we have created .appv pkg using ODT as mentioned in this guide . It was working fine for 2 day

  • Having JScrollBar scroll to the top.

    I'v got a JTextArea inside a JScrollBar. After adding text the ScrollBar goes to the bottom of the text. How do I get the ScrollBar to go all the way to the top. Thanks alot in advance..

  • Deleting a Custom Automator Service

    Hi Guys, So I was playing around with the new Services functionality it Automator. Seems I've been successful in creating a new item in every contextual menu for a file or folder called "New Text File". Problem is, I want to now delete it. See pictur

  • DHCP Failover / Migrate DHCP Server to another Machine

    We have DHCP Server Installed in Domain Controller with Windows Server 2008 R2 Based OS. I have Checked that there is no way to make the DHCP Failover in Server 2008 R2. Can anyone help me to get some level of Failover in DHCP? or If I want to migrat

  • Confirmation of PO

    The standard WF WS10400002 is triggred on confirming the goods i have written a Check FM to see that some of the conditions are satisfied on triggering the workflow so if that conditions are not met the workflow should not be triggered and therefore