Obejctive :
In this article, we will see how can we can create Roles in OIM and what is role .
Roles :
Roles play a pivotal role in Oracle Identity Governance.They are used to define the access rights that an entity may have. A role may be associated with one or more access rights to Oracle Identity Manager functions. For example, a single role enables a user to create other Oracle Identity Manager user accounts and manage a specific organization. Roles determine the links and menus that are available to users when they log in to the console.
Roles are entities that are independent of organizations, capable of being assigned to multiple organizations, users, and to other roles.
Roles can be grouped into a category, organizing the roles for the purpose of navigation and authorization. Creating role categories also presents a cleaner and easier-to-navigate hierarchy if you are creating many roles.
Two categories exist by default in an out-of-the-box installation of Oracle
1) OIM Roles: The Oracle Identity Manager (OIM) Roles category contains the list of predefined roles that exist in Oracle Identity Manager by default. These roles are primarily used for managing permissions and access rights to menu items, links, and buttons in Oracle Identity Manager.
2) Default: Any roles created in Oracle Identity Manager that are not assigned to a category at the time of creation are assigned to the Default category by default.
In order to create a role we have to login as admin .
1. Click on Roles (people icon) >Create.
Name the Role>Project7. We can specify the owner of the role and role category also .
2. For this project there could be some resources required . So we can define Acces Policy and provision users to that resources . As soon as the user becomes the member of the Project7 all resources which are listed in the access policy will be provisioned . If you remove the role membership of the user then all the access which are listed in the access policy will be revoked . So if you think role requires madatory resources , we can define them in the Access Policy . We call it as Role-based Access Policy . We dont assign the resources to the users instead we assign the roles .
3. Click Administration>Users to search for a particular user .
4. Click on the User Login appearing to assign a role to the user (kashif123).
Click on Roles to assign Roles to the user
5. Click on Request Roles
6. Request Catalog opens and you can search for a particular role to assign to the user. We will search all the roles starting with Pro. You cannot perform the Blank Search
7. We will add the Project7 role to the Cart. Roles is nothing but group of users .
Once added Click on Submit
If OIM Administrator is performing this then it will bypass the approval and the operation will be completed successfully, other than administrator if someone other is doing it goes for approval.
Also if the user himself is the requestor then it goes for the approval process.
8. Click on User Details>Roles and then click on Refresh button.
There is a Catalog Synchronization chart which runs after every one minute . User can request for a role and administartor can assign the role .
Apps2Fusion Articles 