IBM Security Identity Manager: Oracle eBS Adapter User Guidepublic.dhe.ibm.com/software/security/products/isim/adapters/7.0/ora... · Reconciliation synchr onizes the accounts and

IBM Security Identity ManagerVersion 7.0

Oracle eBS Adapter User Guide

IBM

IBM Security Identity ManagerVersion 7.0

Oracle eBS Adapter User Guide

IBM

ii IBM Security Identity Manager: Oracle eBS Adapter User Guide

Contents

Figures . . . . . . . . . . . . . . . v

Tables . . . . . . . . . . . . . . . vii

Chapter 1. Overview . . . . . . . . . 1Prerequisites . . . . . . . . . . . . . . 1Starting the adapter . . . . . . . . . . . . 2

Chapter 2. User account management . . 3Reconciling user accounts . . . . . . . . . . 3

Reconciling supporting data . . . . . . . . 3Adding user accounts . . . . . . . . . . . 4

Attributes for adding user accounts. . . . . . 4Password lifespan for a user account . . . . . 5Specifying the lifespan of a user account . . . . 5Person, Customer, and Supplier attributes . . . 6

Assigning roles to a user account . . . . . . 7Assigning responsibilities to a user account . . . 8Assigning securing attributes to a user account . . 8

Modifying user accounts . . . . . . . . . . 9Password change of user accounts . . . . . . 10

Suspending user accounts . . . . . . . . . 10Restoring user accounts . . . . . . . . . . 10

Chapter 3. Troubleshooting . . . . . . 13Error logs . . . . . . . . . . . . . . . 13Error messages and warnings . . . . . . . . 13

Chapter 4. Reference . . . . . . . . 17Application Programming Interfaces . . . . . . 17

Index . . . . . . . . . . . . . . . 19

iii

iv IBM Security Identity Manager: Oracle eBS Adapter User Guide

Figures

v

vi IBM Security Identity Manager: Oracle eBS Adapter User Guide

Tables

1. Prerequisites checklist . . . . . . . . . 12. Required attributes for adding user accounts 43. Result of creating user accounts with values for

the Person, Customer, and Supplier attributes . 6

4. Adapter error messages, warnings, andrecommended actions . . . . . . . . . 13

5. APIs used by the adapter . . . . . . . . 17

vii

viii IBM Security Identity Manager: Oracle eBS Adapter User Guide

Chapter 1. Overview

An adapter is an interface between a managed resource and the IBM® SecurityIdentity server. The Oracle eBS Adapter provides connectivity between IBMSecurity Identity Manager and Oracle eBS.

The adapter runs as a service, independent of whether you are logged on to IBMSecurity Identity Manager.

The Oracle eBS Adapter automates the following tasks:

User account management

v Adding user accountsv Modifying user accountsv Suspending and restoring user accountsv Retrieving user accountsv Reconciling user accounts and other support data such as person,

customer, supplier, and responsibilities from the Oracle eBS to thedirectory server of IBM Security Identity Manager.

Note: The Oracle eBS suite does not support deprovisioning of useraccounts, that is, there are no stored procedures available for user accountdeprovision. You cannot delete a user account by using the Oracle eBSAdapter.

The Oracle eBS Adapter contains Tivoli® Directory Integrator assembly lines thatserve one or more user account operations.When the first request is sent from IBMSecurity Identity Manager, the required assembly line is loaded into TivoliDirectory Integrator. The same assembly line is then cached to serve subsequentoperations of the same type.

PrerequisitesUse the Prerequisites checklist to install and configure the adapter before youperform any of the user account, group, or role management tasks, whereapplicable.

Table 1. Prerequisites checklist

Task For more information, see

Install the adapter. See the adapter's Installation andConfiguration Guide

Import the adapter profile into the IBMSecurity Identity server.

See the adapter's Installation andConfiguration Guide

Create an adapter service. See the adapter's Installation andConfiguration Guide

Configure the adapter. See the adapter's Installation andConfiguration Guide

Perform a reconciliation operation to retrieveuser accounts and store them in the IBMSecurity Identity server.

Managing reconciliation schedules in the IBMSecurity Identity Manager productdocumentation

1

Table 1. Prerequisites checklist (continued)

Task For more information, see

Adopt orphan accounts on IBM SecurityIdentity Manager.

Assigning an orphan account to a user in theIBM Security Identity Manager productdocumentation

Start the adapter. “Starting the adapter”

Starting the adapterStart the adapter. before your perform any management task.

About this task

All IBM Tivoli Directory Integrator based adapters require the Dispatcher for theadapters to function correctly. Run the dispatcher, which in turn runs the adapter.

Procedurev Run in service mode.

1. In the Windows control panel, double-click Administrative Tools.2. Double-click Services.3. Right-click the IBM Security Identity Manager Adapter service, and click

Start.v Run in console mode.

1. At a Windows command prompt, go to the ITDI_HOME directory and setthe TDI_SOLDIR environment variable to the Tivoli Directory Integratoradapter solution directory. For example, set TDI_SOLDIR="c:\ProgramFiles\IBM\TDI\V7.1\timsol"

2. Run the following command from the ITDI_HOME directory:ibmdisrv.bat -c ITIM_RMI.xml -d

2 IBM Security Identity Manager: Oracle eBS Adapter User Guide

Chapter 2. User account management

IBM Security Identity Manager manages user accounts that are stored on theOracle eBS by using the Oracle eBS Adapter.

You can perform the following operations:v Add or modify an accountv Suspend or restore an accountv Reconcile accounts

You can manage:v Accounts for a specific personv Accounts for a service instancev Specific accounts by using the search function of IBM Security Identity Manager

Reconciling user accountsReconciliation synchronizes the accounts and supporting data between IBMSecurity Identity server and the managed server. Reconciliation is required so thatdata is consistent and up-to-date.

The reconciliation operation retrieves the user account information from the OracleeBS and stores it in the directory server of IBM Security Identity Manager.

You can schedule reconciliation to run at specific times and to return specificparameters. Running a reconciliation before its schedule time does not cancel thescheduled reconciliation. For more information about scheduling reconciliation andrunning a scheduled reconciliation, see the IBM Security Identity Manager productdocumentation.

You can perform the following reconciliation tasks at any time from IBM SecurityIdentity Manager:v Reconciling support datav Reconciling a single user account

Reconciling supporting dataYou can reconcile supporting data for an Oracle eBS user account.

About this task

An Oracle eBS user account includes the following information:v Personv Customerv Supplierv Responsibilitiesv Securing Attributesv Roles

3

For more information about each of these attributes, see the Oracle eBSdocumentation.

To reconcile only the supporting data, without reconciling the user accounts:

Procedure1. Log on to IBM Security Identity Manager as an administrator.2. In the My Work pane, click Manage Services. The Manage Services page is

displayed.3. Select the type of service from the Service type list and click Search.4. Select the name of the service that you created for the Oracle eBS Adapter.5. Click the View popup menu icon and select Reconcile Now from the pop-up

menu. The Reconcile Now page is displayed.6. Click Define query.7. Select the Reconcile supporting data only check box and click Submit.

Adding user accountsYou can add user accounts at any time for either an existing person or a newperson in the organization.

Adapter attributes define the accounts on the account form. For specificprocedures, see the IBM Security Identity Manager product documentation.

Attributes for adding user accountsTo add user accounts to the Oracle eBS, specify the required attributes on theOracle eBS account form.

Table 2. Required attributes for adding user accounts

Attribute Description

User ID User ID of the account.

Password You can choose to have IBM Security Identity Manager generate apassword for you or you can specify a password of your choice. Ifyou specify a password when adding a user account, you can logon to the Oracle eBS by using that password. Your password mustadhere to the password policy that is configured on the Oracle eBS.

Note: The User ID attribute on the Oracle eBS account form is mapped to the UserName attribute on the Oracle eBS.

In addition to the required attributes, you can also specify the following optionalattributes on the Oracle eBS account form:v Descriptionv Password Lifespan (in days)v Password Lifespan (in number of accesses)v Available Password Lifespan (in number of accesses)v User Start Datev User End Datev Session Numberv Email


v Faxv Personv Customerv Supplierv Responsibilitiesv Securing Attributesv Roles

Password lifespan for a user accountThe password lifespan specifies the time before the password of a user accountexpires.

The following attributes determine the password lifespan of a user account:

Password Lifespan (in days)Specifies the total number of days the password is valid. If you specify thisattribute, then after the specified number of days, the password expires.You must then change the password to continue accessing the Oracle eBS.

Password Lifespan (in number of accesses)Specifies the number of times you can access the Oracle eBS by using thesame password. If you specify this attribute, then you can log on to theOracle eBS by using the same password till the value for the AvailablePassword Lifespan attribute becomes zero.

Note: You are prompted to change the password on your first logon to the OracleeBS, regardless of whether you specify values for the Password Lifespan (in days)and the Password Lifespan (in number of accesses) attributes.

If you specify values for both the attributes, then you are prompted to change thepassword on the Oracle eBS depending on whichever of the following conditionsoccur first:v Available password lifespan becomes zerov Specified number of days elapse

Specifying the lifespan of a user accountYou can specify the lifespan of a user account, which is the time before the useraccount expires.

About this task

The value of the User End Date attribute specifies the expiration date of a useraccount on Oracle eBS. If you do not specify a value for the User End Dateattribute, then the user account is valid indefinitely.

Note: In the following situations, the status of a user account becomes inactive andunavailable for use:v When the value of the User Start Date attribute is same as the value of the User

End Date attributev When the start date of a user account is later than the end date of the user

account

In both the situations, the user account is created on the Oracle eBS, but the usercannot log on to the Oracle eBS.

Chapter 2. User account management 5

Procedurev Specify the start date. This is the date on which the user account is active.

User Start Date: DateThe default value of this attribute on the Oracle eBS account form isNever. To specify a date, follow these steps:1. Clear the Never check box.2. Click the View Calendar icon and select the date.3. Click OK.

v Specify the end date. This is the date on which the user account becomesinactive and unavailable for use.

User End Date: DateThe default value of this attribute on the Oracle eBS account form isNever. To specify a date, follow these steps:1. Clear the Never check box.2. Click the View Calendar icon and select the date.3. Click OK.

Person, Customer, and Supplier attributesSpecifying the Person, the Customer, and the Supplier attributes means associatinga user account with an employee, a customer, or a supplier.

When you specify values for these attributes, you authorize employees, customers,and suppliers to use the Oracle eBS applications. The employee, the customer, andthe supplier who are associated with the user account can log on to the Oracle eBSby using the user name and password of that user account.

Table 3 describes the result of creating user accounts with values for the Person,the Customer, and the Supplier attributes on the Oracle eBS account form.

Table 3. Result of creating user accounts with values for the Person, Customer, andSupplier attributes

Attribute Result

Person Customer Supplier

Specified Not specified Not specified The adapter creates the user account on theOracle eBS, and sets the value of the Personattribute on the Oracle eBS.

Notspecified

Specified Not specified The adapter creates the user account on theOracle eBS, and sets the value of theCustomer attribute on the Oracle eBS.

Notspecified

Not specified Specified The adapter creates the user account on theOracle eBS, and sets the value of the Supplierattribute on the Oracle eBS.


Table 3. Result of creating user accounts with values for the Person, Customer, andSupplier attributes (continued)

Attribute Result

Person Customer Supplier

Specified Specified Not specified v If values are the same, then the adaptercreates the user account on the Oracle eBS,and sets the values of the Person and theCustomer attributes on the Oracle eBS.

v If values are different, then the adaptercreates the user account on the Oracle eBS,and sets the value of the Person attributeon the Oracle eBS. However, the adapterdoes not set the value of the Customerattribute on the Oracle eBS.

Specified Not specified Specified The adapter creates the user account on theOracle eBS irrespective of whether the valuesare same or different, and also sets the valuesof the Person and the Supplier attributes onthe Oracle eBS.

Notspecified

Specified Specified The adapter creates the user account on theOracle eBS irrespective of whether the valuesare same or different, and also sets the valuesof the Customer and the Supplier attributeson the Oracle eBS.

Specified Specified Specified v If values are the same, then the adaptercreates the user account on the Oracle eBS,and sets the values of all the threeattributes on the Oracle eBS.

v If values are different, then the adaptercreates the user account on the Oracle eBS,and sets the values of the Person and theSupplier attributes on the Oracle eBS.However, the adapter does not set thevalue of the Customer attribute on theOracle eBS.

Assigning roles to a user accountYou can assign roles to the Oracle eBS user account by using the Roles subform.

About this task

A responsibility cannot be deleted. It can be disabled by setting the end date to adate before the current date.

Procedure1. On the IBM Security Identity Manager console, select the Oracle eBS account.2. On the account form, locate the Roles field and click Details. The subform is

displayed. The subform lists the roles that are assigned or are to be assigned.3. Click Add. The Search window is displayed.4. Specify the search information and click Search. A window is displayed with

the search results. Each result is listed in the form Name | ID | System |Display_Name | Description.


5. Click the check box for each role that you want to add.6. Click Add. The Search window closes and the roles are displayed on the

subform.7. Specify optional start and end dates for each role in the form dd/mm/yyyy

hh24:mi. Not specifying an end date indicates that the role continuesindefinitely.

Note: An end date must not occur before the start date.8. Optional: Specify an assignment reason.9. Click Save Changes and Close Current Window. If you want to exit without

saving your changes click Cancel. You are returned to the account form.10. On the account form click Submit Now or Schedule Submission. If you

cancel the account form, the role changes are not saved.

Assigning responsibilities to a user accountYou can assign responsibilities to the Oracle eBS user account by using theResponsibilities subform.

About this task

A responsibility is uniquely identified by Oracle eBS applications. Responsibilitiesdetermine the access rights a user has to various Oracle eBS applications.

Note: A responsibility cannot be deleted. It can be disabled by setting the end dateto a date before the current date.

Procedure1. On the IBM Security Identity Manager console, select the Oracle eBS account.2. On the account form, locate the Responsibilities field and click Details. The

subform is displayed. The subform lists responsibilities that are assigned or areto be assigned.

3. Click Add. The Search window is displayed.4. Specify the search information and click Search. A window is displayed with

the search results. Each result is listed in the form Application_Name |Responsibility_Name.

5. Click the check box for each responsibility you want to add.6. Click Add. The Search window closes and the responsibilities are displayed on

the subform.7. Specify optional start and end dates for each role in the form dd/mm/yyyy. Not

specifying an end date indicates that the responsibility continues indefinitely.

Note: An end date must not occur before the start date.8. Click Save Changes and Close Current Window. If you want to exit without

saving your changes click Cancel. You are returned to the account form.9. On the account form click Submit Now or Schedule Submission. If you cancel

the account form, the responsibility changes are not saved.

Assigning securing attributes to a user accountYou can assign securing attributes to the Oracle eBS user account by using theSecuring attributes subform.


About this task

Securing attributes control a user’s access to data. The access is based on the userID and responsibilities. Securing attributes grant access to records of data tospecified users or responsibilities based on the attribute value for that record.

Procedure1. On the IBM Security Identity Manager console, select the Oracle eBS account.2. On the account form, locate the Securing Attributes field and click Details. The

subform is displayed. The subform lists securing attributes that are assigned orare to be assigned.

3. Click Add. The Search window is displayed.4. Specify the search information and click Search. A window is displayed with

the search results. Each result is listed in the form Attribute_Name |Attribute_Code | Application_Name | Application_ID | Attribute_Type.

5. Click the check box for each securing attribute you want to add.6. Click Add. The Search window closes and the securing attributes are displayed

on the subform.7. Specify a value or optionally modify an existing value for each securing

attribute. Attributes with the type DATE use the format dd/mm/yyyy. Attributeswith the type DATETIME use the format dd-mm-yyy hh24:mi:ss.

Note: To delete a securing attribute, click the check box for the attribute andclick Delete Selected. The subform is refreshed.

8. Click Save Changes and Close Current Window. If you want to exit withoutsaving your changes click Cancel. You are returned to the account form.

9. On the account form click Submit Now or Schedule Submission. If you cancelthe account form, the securing attribute changes are not saved.

Modifying user accountsYou can modify user account attributes at any time in IBM Security IdentityManager.

This section describes the adapter attributes that you can use to modify the useraccounts. For specific procedures, see the IBM Security Identity Manager productdocumentation.

Modifiable attributes

You can modify values of the following attributes on the Oracle eBS account form:v Password Lifespan (in days)v Password Lifespan (in number of accesses)v Available Password Lifespan (in number of accesses)v Personv Customerv Supplierv Descriptionv Emailv Fax


v User Start Date (You can modify the value of this attribute on the Oracle eBSaccount form, however, you cannot delete the value.)

v User End Datev User IDv Responsibilitiesv Securing Attributesv Roles

Non-modifiable attributes

You cannot modify values of the Session Number attribute on the Oracle eBSaccount form:

Password change of user accountsYou can change the password of any of the Oracle eBS accounts that exist on IBMSecurity Identity Manager.

For information about changing passwords, see the IBM Security Identity Managerproduct documentation.

You cannot change the password of suspended user accounts on the Oracle eBS12i. However, to change the password perform one of the following steps:v Enable the user account by setting a future User End Date or delete the User

End Date and then perform the password change operation.v Perform the restore operation and specify the new password.

Note: The PASSWORD_DATE column in the FND_USER table in Oracle eBSdisplays the date when you set or change the user account password.

Suspending user accountsWhen you suspend a user account, the status of the user account on IBM SecurityIdentity Manager becomes inactive and the user account becomes unavailable foruse.

Suspending a user account does not remove the user account from IBM SecurityIdentity Manager. For more information about suspending user accounts, see theIBM Security Identity Manager product documentation.

The adapter uses the FND_USER_PKG.DisableUser API to suspend user accountsby setting the Effective Dates To field on Oracle eBS to the current date of the hostworkstation on which the Oracle eBS database instance is running.

Restoring user accountsThe restore operation reinstates the suspended user accounts to IBM SecurityIdentity Manager.

After restoring a user account, the status of the user account on IBM SecurityIdentity Manager becomes active. For more information about restoring useraccounts, see the IBM Security Identity Manager product documentation.


When you restore a user account from IBM Security Identity Manager, the adapteruses the FND_USER_PKG.EnableUser API that deletes the value of the EffectiveDates To field on Oracle eBS.



Chapter 3. Troubleshooting

Troubleshooting is the process of determining why a product does not function asit is designed to function. This topic provides information and techniques foridentifying and resolving problems that are related to the adapter, includingtroubleshooting errors that might occur when managing the accounts or groups,where applicable.

Error logsWhen an operation fails, the corresponding error messages and warnings arelogged in the ibmdi.log file. This file is in the adapters solution/logs directory.The adapters solution directory is a Tivoli Directory Integrator work directory forIBM Security Identity Manager adapters.

You can display the error logs in the user interface by running the Dispatcher fromthe command prompt. You can also configure logging information for the adapter.For more information about displaying logs in the user interface and configuringlogging information, see the adapter's Installation and Configuration Guide.

Error messages and warningsA warning or error message might be displayed in the user interface to provideinformation about the adapter or when an error occurs.

The table lists the error messages and warnings that might occur while performingthe user account or group management tasks, where applicable.It also includes thecorrective actions to resolve the errors.

Table 4. Adapter error messages, warnings, and recommended actions

Error message Recommended action

CTGIMT001E: The following erroroccurred. Error: Either the Oracle EBSservice name is incorrect or the service isnot up.

Ensure that:

v The value of the Oracle EBS Service Nameattribute on the Oracle eBS service form iscorrectly specified.

v The Oracle eBS service is running.

CTGIMT001E: The following erroroccurred. Error: Either the Oracle EBS hostor port is incorrect.

Ensure that values of the Oracle EBS ServiceHost and the Oracle EBS Service Portattributes on the Oracle eBS service form arecorrectly specified.

CTGIMT002E: The login credential ismissing or incorrect.

Ensure that the login credentials that arespecified in the Oracle eBS service form arecorrect.

CTGIMT001E: The following erroroccurred. Error: No suitable JDBC driverfound.

Ensure that:

v The appropriate version of the JDBC driveris copied to the workstation where theOracle eBS Adapter is installed.

v The path is included in the CLASSPATHenvironment variable.

13

Table 4. Adapter error messages, warnings, and recommended actions (continued)


CTGIMT600E: An error occurred whileestablishing communication with the IBMTivoli Directory Integrator server.

IBM Security Identity Manager could notestablish a connection with Tivoli DirectoryIntegrator. To fix this error, ensure that:

v Tivoli Directory Integrator is running.

v The URL specified for the Tivoli DirectoryIntegrator location attribute on the OracleeBS service form is correct.

CTGIMT007E: A system error occurredwhile adding an account. The account isnot added. ERROR: java.sql.SQLException:ORA-20001: APP-FND-02600: Unable tocreate user username due to the followingreason(s):No password provided for useruser name when callingFND_WEB_SEC.VALIDATE_PASSWORDto create a new user.

Ensure that a password is provided whencreating a user account.

CTGIMT007E: A system error occurredwhile adding an account. The account isnot added. ERROR: java.sql.SQLException:ORA-20001: APP-FND-02600: Unable tocreate user username due to the followingreason(s): This user name is already in use.Please enter a unique user name.

A user account with the specified user IDexists on the Oracle eBS. Create a useraccount with another user ID.

CTGIMT007E: A system error occurredwhile adding an account. The account isnot added. ERROR: java.sql.SQLException:ORA-06502: PL/SQL: numeric or valueerror: character string buffer too small.

This error occurs either when you specify anon-permissible data type value for anattribute or the value of the attribute exceedsthe permissible character limit.

For example, this error occurs if you specifyan alphanumeric value for the PasswordLifespan (in days) attribute or if you specify avalue for the Description attribute thatexceeds 240 characters.

To fix this error, ensure that:

v You specify a valid data type value for anattribute.

v The value of the attribute does not exceedthe permissible character limit.

CTGIMT007E: A system error occurredwhile adding an account. The account isnot added. ERROR: java.sql.SQLException:ORA-20001: The following invalidcharacters are not allowed insideusername: Invalid characters are: " ( ) * + , ;< > \ ~ /

Specify a value for the User ID attribute thatexcludes the non-permissible characters thatare listed in the error message.

CTGIMT007E: A system error occurredwhile adding an account. The account isnot added.ERROR: java.sql.SQLException:ORA-20001: APP-FND-02600: Unable tocreate user username due to the followingreason(s): Passwords must be at least 5characters long.

Ensure that your password adheres to thepassword policy that is described on theOracle eBS.




CTGIMT008W: The account was added,but some attributes failed.Attributes:erOraEBSDescription

The log file describes this error message as:java.sql.SQLException: ORA-20001:APP-FND-02601: User user name is not avalid user.

Ensure that the value of the Descriptionattribute does not exceed the permissiblecharacter limit. For example, in the Oracle eBS11i, the Description attribute value has a limitof 240 characters.

CTGIMT008W: The account was added,but some attributes failed.Attributes:erOraEBSUserFax

The log file describes the error messageas:java.sql.SQLException: ORA-20001:APP-FND-02601: User user name is not avalid user.

Ensure that the value of the Fax attribute doesnot exceed the permissible character limit. Forexample, in the Oracle eBS 11i, the Faxattribute value has a limit of 80 characters.

CTGIMT008W: The account was added,but some attributes failed.Attributes:erOraEBSCust

The log file describes the error message asfollows:java.sql.SQLException: ORA-20001:APP-FND-02913: User user name: TheCustomer is linked to Customer customername (Customer ID). The Person is linkedto Employee employee name (Employee ID).Customer and Employee must be linked tothe same person.

This error occurs when you specify differentvalues for the Person and the Customerattributes. Ensure that values of both theattributes are same.

CTGIMT008W The account was added, butsome attributes failed.

ERROR: java.sql.SQLException:ORA-01861: literal does not match formatstring

Ensure that a value specified to this attributematches the data format of the securingattribute.


ERROR: java.sql.SQLException:ORA-01843: not a valid month



ERROR: java.sql.SQLException:ORA-06550: PLS-00103: Encountered thesymbol "x" when expecting one of thefollowing: ), * & | = - + < / > at in is modnot rem => .. <an exponent (**)> <> or !=or ~= >= <= <> and or like between ||The symbol "," was substituted for "x" tocontinue.



ERROR: java.sql.SQLException:ORA-01858: a non-numeric character wasfound where a numeric was expected


Chapter 3. Troubleshooting 15



CTGIMT013E: The account was added, butsome attributes failed.

Attributes:

v erOraEBSLeftPwdAccess

v erOraEBSPwdAccesses

v erOraEBSSessionNumber

v Available password

This error occurs when you specify anon-permissible data type value for anattribute.

When you add or modify a user account,ensure that you specify numeric values forthe attributes that are listed in the errormessage.

CTGIMT013E: A system error occurredwhile modifying the account. The accountis not modified. Error: None of theattribute were set, See Adapter log.

Ensure that the user account exists on theOracle eBS.

CTGIMT013E: A system error occurredwhile modifying the account. The accountis not modified. Error: None of theattribute were set, See Adapter log.

The log file describes this error messageas:Error in updating attributeerOraEBSUserStartDate : Can not clearstart Date.

Ensure that a value is specified for the UserStart Date attribute. The value of this attributecannot be empty.

CTGIMT013E A system error occurredwhile modifying the account.

Ensure that the user name is not in use andthat it does not exceed the limit for thenumber of characters.

CTGIMT014W: The account was modified,but some attributes failed. erUid Error: SeeAdapter log for detailed error.

Ensure that the user name is not in use andthat it does not exceed the limit for thenumber of characters.

CTGIMT024E: The account was notsuspended: ERROR: java.sql.SQLException:ORA-20001: APP-FND-02601: User username is not a valid user.


CTGIMT026E: The account was notrestored: ERROR: java.sql.SQLException:ORA-20001: APP-FND-02601: User username is not a valid user.


CTGIMT215E: The account was not deleteddue to a system error: Delete Operationsnot supported.

The Oracle eBS Adapter does not support thedelete operation.


Chapter 4. Reference

Reference information is organized to help you locate particular facts quickly suchas adapter attributes, application programming interfaces, files and commands,where applicable..

Application Programming InterfacesApplication programming interfaces (APIs) are part of a plug-in model that youcan use to add applications without disrupting existing applications. The adapteruses application programming interfaces to communicate with the managed server,to perform operations..

Table 5 lists the APIs and their operations.

Table 5. APIs used by the adapter

Oracle eBS API Operation

FND_USER_PKG.DisableUser Suspend

FND_USER_PKG.UpdateUser Modify (This includes modification of all the attributesexcept the Responsibility attribute.)

FND_USER_PKG.EnableUser Restore

FND_USER_PKG.CreateUser Add

FND_USER_PKG.addresp Add responsibility

FND_USER_PKG.change_user_name Change user name

ICX_USER_SEC_ATTR_PUB.create_user_sec_attr Add securing attribute

ICX_USER_SEC_ATTR_PUB.delete_user_sec_attr Delete securing attribute

WF_LOCAL_SYNCH.propagateUserRole Add or modify user roles

17


Index

Aaccounts

responsibilities, assigning 8roles, assigning 7securing attributes, assigning 9

adapterAPIs 17dispatcher, running

console mode 2service mode 2

introduction 1overview 1troubleshooting errors 13user account management tasks 3

APIs 17attributes

customer 6person 6supplier 6user accounts 4

Cchecklist, configuration 1configuration checklist 1connectivity 1customers 6

Eemployees 6error

logsaccessing 13warnings and messages 13

errors, troubleshooting 13

Llifespan

password 5user account 5

logsaccessing errors 13warnings and messages 13

Ooperations

adding 4changing passwords 10modifying 9reconciling 3restoring 10suspend 10

Ppassword

changing 10lifespan 5

person 6

Ssubforms

for assigning responsibilities 8for assigning roles 7for assigning securing attributes 9

suppliers 6supporting data, reconciling 3

Ttroubleshooting

adapter errors 13

Uuser accounts

adding 4assigning responsibilities 8assigning roles 7assigning securing attributes 9attributes, adding 4changing passwords 10lifespan 5modifying 9passwords, changing 10reconciling 3responsibilities, assigning 8restoring 10roles, assigning 7securing attributes, assigning 9suspend 10

19


IBM®

Printed in USA

Documents

IBM Security Identity Manager: Oracle eBS Adapter User Guidepublic.dhe.ibm.com/software/security/products/isim/adapters/7.0/ora... · Reconciliation synchr onizes the accounts and