Creating Access Policy in OIM 11g R2

From 11g R2 onwards, accounts and entitlements can either be revoked or disabled if policy no longer applies. There is no longer an option to leave any option deselected.
 
You have to use the class tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType to specify if you want the entitlements to be revoked or disabled when the access policy is no longer applicable.
 
If you are creating the access policy using the tcAccessPolicyOperationsIntf, then use the below to specify the revoke/disable option for your access policy.
 
static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType revokeFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.REVOKE; 

static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType disableFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.DISABLE;

tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType[] actionIfPolNotApply = {revokeFlag};

moAccesspolicyutility.createAccessPolicy(attr, provObjKeys,                    actionIfPolNotApply, denyObjKeys, groupKeys, policyData);

 
References:
 
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/accesspolicies.htm

http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
 

All Java SE Downloads

If you are looking for a single place to find all the binaries for all Java SE versions, please refer to below note on MOS:
 
All Java SE Downloads on MOS (Doc ID 1439822.1) 

OIM 11gR2: How to Roll back A Published Sandbox

 
If your OIM is messed after publishing your sandbox, then here is what you can try to fix the issue.
 
1. Login to Enterprise Manager

2. In Application Deployments select oracle.iam.console.identity.self-service.ear or oracle.iam.console.identity.sysadmin.ear link.

3. Right Click and select MDS Configuration (from the drop-down)

4. At the bottom of the screen choose "Runtime MBean Browser" (under the Advanced Configuration section)

5. The right side of the screen should refresh and then click on the "Operations" tab.

6. Scroll down and identify the MBean operation "listMetadataLabels" and invoke it (choose the one that takes no parameters).
Select the sandbox pre-create to which you want to restore and copy it to the clipboard.

For example the value you might copy might look something like - Creation_IdM_test_09:25:00

7. Now go back to Operations by clicking Return.

8. Find the MBean operation "promoteMetadataLabel" (the first one in the list)

9. Invoke the "promoteMetadataLabel" MBean operation and enter the value saved to the clipboard in step 6.

10. Restart OIM.
 
Now, if your issue is still not fixed, then I will recommend looking at /file/User.xml file to see if all UDFs are properly defined or not.
 
References:
 

OIM 11gR2: How to Roll back A Published Sandbox (Doc ID 1496179.1)

 

How To Solve "Error On Publishing A Sandbox" with the message "There Is A Concurrent "UPDATE" Operation On The Document ?

If you are seeing the below error while publishing your OIM sandbox, then you can try the workaround I am able to use successfully everytime:

Publish Sandbox Failed

Basically, here is 3 step I follow:

1. Export the sandbox to your local directory.
2. Delete the sandbox from OIM.
3. Import the Sandbox in OIM, activate it and hit the publish button.

While doing the impor, make sure that zip contains all the sandbox files. It shouldn't contain any top-level directory.

Obviously, this issue is legit if multiple users are working in OIM on the sandbox. However, I have also seen this issue when you make changes on /identity and /sysadmin console using the same sandbox and same user.

Master Note on Fusion Middleware Proactive Patching

If you are looking for a master note to find the list of patches available for IAM & IDM products, please refer the below document on MOS:

 

Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs) (Doc ID 1494151.1)

IAM Suite 11g R1 Docs & Downloads

if you are planning to install IAM Suite 11g R1, here is master note which you can follow to find all the doucmentation and binaries:

IAM Suite Docs and Downloads for 11gR1 (Doc ID 1423492.1)

Oracle Unified Directory 11g R2 PS2 11.1.2.2

Here is the documentation link for OUD 11g R2 PS2:

http://docs.oracle.com/cd/E49437_01/index.htm
 

OIM Database Schema Documentation

If you are looking for OIM Database schema documenation, here is the DocID you should refer:
 
Master Note for Oracle Identity Manager 11g (11.1.X) Database Schema Documentation (Doc ID 1541870.1)

• OIM 11.1.1.3.0 version: Document 1164914.1 - OIM 11.1.1.3.0 Data Dictionary
• OIM 11.1.2.0 version: Document 1476552.1 - Oracle Identity Manager 11gR2 (11.1.2.0) Database Schema Documentation
• OIM 11.1.2.1 version: Document 1541858.1 - Oracle Identity Manager 11gR2PS1 (11.1.2.1) Database Schema Documentation
• OIM 11.1.2.2 version: Document 1612983.1 - Oracle Identity Manager 11gR2PS2 (11.1.2.2) Database Schema Documentation

 

Customizing the OIM 11g R2 UI

This is the first part of series of blogs on UI Customization where I will be updating the tricks I used to customize the OIM UI:

If you want to display the fullname or any other attribute instead of default User Login, follow below steps:

1. Create and activate a sandbox.

2. Click on the Customize link at the top of the screen. On the top left corner, click on  View Source in the newly appeared menu bar.

3. Click on the "xelsysadm" and click Edit.

4. Scroll down on the Component Properties window to get to "Text" property. Click on drop down arrow and choose "Expression Builder" as the option. Enter below:

#{oimcontext.currentUser['Display Name']}

Note: You can use any variable here like Employee Number, SSN, Common Name etc.

5. Click Test and then Apply to see the changes.

You can also keyword like "Welcome" or "Hello" like

Welcome #{oimcontext.currentUser['Display Name']}

in the expression builder.