| Oracle® Identity Manager Reference Release 9.1.0 Part Number E10375-02 |
|
|
View PDF |
| Oracle® Identity Manager Reference Release 9.1.0 Part Number E10375-02 |
|
|
View PDF |
This glossary lists all the terms that are frequently used in Oracle Identity Manager.
access
Access is the granting of enterprise resources to Oracle Identity Manager users and/or organizations. Access to these resources depends upon the specific policies adopted by the enterprise. The customer defines (and Oracle Identity Manager implements) policies that determine whether, how, and under what circumstances users gain access to various corporate resources.
access policy
This is a list of user groups and the resources with which users in the group are to be provisioned or deprovisioned. Access policies are defined by using the Access Policies menu item in Oracle Identity Manager Administrative and User Console.
access rights management
This is the process by which access to enterprise resources is granted or revoked. This includes decisions regarding which users can access specific resources and when they are allowed to access them.
adapter
A Java class, generated by the Adapter Factory, that enables Oracle Identity Manager to interact with an external JAR file, a target IT resource (for example, a resource asset), or a user-defined form.
An adapter extends the internal logic and functionality of Oracle Identity Manager. It automates process tasks and defines the rules for the auto generation and validation of data in fields within Oracle Identity Manager.
There are five types of adapters: task assignment adapters, task adapters, rule generator adapters, prepopulate adapters, and entity adapters.
adapter factory
A code-generation tool provided by Oracle Identity Manager, which enables a User Administrator to create Java classes, known as adapters.
adapter task
This is one of several possible components within an adapter. And this is a logical step within an adapter, equivalent to calling a programming language method. The following types of adapter tasks are available: Java Task, Remote Task, Stored Procedure Task, Utility Task, Oracle Identity Manager API Task, Set Variable Task, Error Handler Task, and Logic Task.
adapter variable
This is a user-defined placeholder within the adapter that contains run-time application data used by its adapter tasks. An adapter variable can be used multiple times within a single adapter.
administrative queue
This is a list of user groups (or other administrative queues). Users who are members of groups that comprise a queue can be assigned administrative privileges on a particular data element. Administrative queues serve as a mechanism for mass-assigning users with administrative privileges on a given record. Each administrative queue consists of one or more user groups (and/or administrative queues) and the privileges (for example, read, write, and delete) the members of the queue have on the records to which the queue is assigned.
Application Program Interface (API)
This is the interface (calling conventions) by which an application program accesses an operating system and other services. An API is defined at the source code level and provides a level of abstraction between the application and the kernel (or other privileged utilities) to ensure portability of the code.
An API can also provide an interface between a high-level language and lower-level utilities and services that were written without consideration for the calling conventions supported by compiled languages. In this case, the API's main task might be the translation of parameter lists from one format to another and the interpretation of call-by-value and call-by-reference arguments in one or both directions.
approval process
This is one of two Oracle Identity Manager process types. This type of process is generally used to approve the provisioning of Oracle Identity Manager resources to users or organizations. Unlike provisioning processes, approval processes are usually comprised of tasks that must be manually completed.
attestation
Attestation enables reviewers to be notified of a report they must review that describes the provisioned resources that certain users have. The reviewer can attest to the accuracy of the entitlements by providing a response. This attestation action, along with the response the reviewer provided, any associated comments, and an audit view of the data that the reviewer viewed and attested to, is tracked and audited to provide a complete trail of accountability. In Oracle Identity Manager, this process is known as an attestation task.
audit engine
The audit engine is the main component for creating audits history for different areas of the Oracle Identity Manager system. The engine is in charge of receiving changes to data objects and passing them along to auditors interested in those data object changes.
audit subrecord
One subentry in the audit record. Audit subrecords are captured during transactions and applied to the previous snapshot.
auditor registration
A phase in which Audit Manager determines the existence of auditors and exchanges information such as data objects and change records.
auto-group membership
This is a rule-based mechanism by which Oracle Identity Manager automatically adds or removes users to and/or from user groups. See rule.
authoritative identity reconciliation
This is also known as Trusted Source Reconciliation, which can be used to create, update, and delete users in Oracle Identity Manager.
automated task
This is any task within a process that does not require user-interaction for completion. Automated tasks always require a process task adapter. Provisioning processes are generally comprised of automated tasks. See Process Task Adapter.
back end
A general term for the database server functions and procedures used to obtain and manipulate data on a network. This is also the storage location for Oracle Identity Manager's data.
certification authority
A third-party company that issues trusted certificates. See trusted certificate.
child table
A subordinate database table used to store, access, and reference the information associated with one or more fields of a user-created form, which has been defined by using the Form Designer form.
client
This is the GUI tier of the client/server edition of Oracle Identity Manager. See Oracle Identity Manager Administrative and User Console (Web Application).
column header
The box containing the name of the column associated with the data in a table column. To change the order in which records are sorted in a particular table, click the column header for that table column.
conditional task
A process task that is not part of the default process instance. A conditional task is inserted into a process only when specific predefined conditions are satisfied. See process task.
connector
Used to integrate Oracle Identity Manager with a specific third-party application, such as Microsoft Active Directory or Novell eDirectory.
data field
Areas of a form into which information can be entered (for example, Organization Name). Data fields are used to contain, display, and potentially edit the data entered into them.
data flow
This is the transfer of information between processes or related forms (for example, from resource forms to process forms).
data object
Data Object is an internal object representation of tables in the Oracle Identity Manager data model in which business logic is applied. It is also responsible for inserting, updating, and deleting data from the data store.
data object manager
The Oracle Identity Manager form used to assign event handlers, rule generator adapters, or entity adapters to data objects. These event handlers or adapters can be run in a specific order on a database event on pre or post insert, pre or post update, or pre or post delete. See event handler. See data object.
data set
A data set is a representation of data that is at a particular stage of transit between the target system and Oracle Identity Manager. Data sets can be visualized as data structures arranged in the form of layers, with data flowing from one layer to another during provisioning and reconciliation. Oracle Identity Manager provides features that enable you to specify the fields that constitute these data sets.
database
This is the storage facility for data within Oracle Identity Manager. Oracle Identity Manager controls this data by using a software application known as the Database Management System (DBMS). See Database Management System (DBMS).
Database Management System (DBMS)
This is software that controls the organization, storage, retrieval, security, and integrity of data in a database within Oracle Identity Manager. DBMS accepts requests from the application and instructs the operating system to transfer the appropriate data.
delegated administrators
This is an Oracle Identity Manager user who has been assigned administrative responsibilities. Administrative rights are assigned by using membership within administrative groups. Administrators have access only to those organizations, forms, data, and users for whom they are responsible. See user group.
delimited field
This is a field containing data of varying length (as opposed to fixed-length fields). Individual fields of this type are separated by a field delimiter (for example, a comma or semicolon).
delimited file
A file comprising of data records of varying lengths. Individual records are separated by a record delimiter character (for example, a hard return or colon).
dependent object
This is a resource object that has a dependency relationship with another resource object. The processes of the parent resource object must be completed before the processes of the dependent resource object can be started. See resource object.
dependent task
A process or adapter task that is dependent on another process or adapter task, respectively. Oracle Identity Manager or an Oracle Identity Manager user can only start this type of task once the process/adapter task on which it is dependent is completed.
deprovisioning
The rescinding of a user's, user group's, and/or organization's access to a resource. See Process Task Statuses.
digital signature
This is an identification mechanism, which is used within Oracle Identity Manager to secure password propagation, by authenticating the application or device receiving the password.
direct provisioning
This is one of the methods by which a resource can be provisioned. Only users with specific administrative privileges can direct provision resources. When a resource is direct provisioned (to a user or organization), Oracle Identity Manager does not invoke the standard approval process (because this is only associated with requests) or the resource's approval process. Instead, Oracle Identity Manager proceeds directly to beginning the applicable provisioning process for the resource. See request.
Electronic Data Interchange (EDI)
This is the electronic format for the automated communication of business transactions (for example, orders, confirmations, and invoices) between organizations. EDI services, provided by third parties, enable organizations with potentially disparate hardware to connect and exchange data. Although interactive access might comprise a component of such a solution, EDI implies direct computer-to-computer transactions within vendors' databases and ordering systems.
e-mail definition
This is a predefined template that is used when generating e-mail notifications. E-mail definitions are created by using the Email Definition form. See e-mail notification.
e-mail notification
This is the act of informing an Oracle Identity Manager user of the occurrence of an action, process task assignment, or process task status change by using e-mail.
entity adapter
This is one of five Oracle Identity Manager adapter types. This type of adapter is attached directly to a provisioning process and/or a form by using the Data Object Manager form. Oracle Identity Manager is able to trigger and run entity adapters on preinsert, preupdate, predelete, postinsert, postupdate, or postdelete.
error handler task
This is one of several adapter task types. This type of adapter task is used to display any errors associated with an adapter that occur at run time. In addition, you can view the reasons for the errors, along with possible solutions. See adapter task.
error message
This is informative text that is displayed when a specific problem occurs within Oracle Identity Manager.
event
This is an action (started by Oracle Identity Manager, an external system, or a user) and/or a result of that action being performed.
event handler
This is a Java class that executes user-defined or system-generated actions. An event handler can be set to run on:
PreInsert: Before information is added to the database.
PreUpdate: Before information is modified within the database.
PreDelete: Before information is removed from the database.
PostInsert: After information is added to the database.
PostUpdate: After information is modified within the database.
PostDelete: After information is removed from the database.
See event. See data object manager.
explorer
This is the Windows-styled list of folders and forms displayed in the left-hand panel of the Oracle Identity Manager application window. The folders and forms displayed in the Explorer (as well as their nesting configuration and display sequence) might vary for each user depending on the user groups to which the user belongs.
export
This is the act of taking an XML data file (produced by Oracle Identity Manager), and using it to transmit information to additional Oracle Identity Manager environments.
field
This is a data element of a database record or area of a GUI form in which a particular item of data is stored.
form
A graphical user interface layout (or mechanism) used to view, insert, edit, and delete information associated with records in the Oracle Identity Manager database. A form can be displayed as two distinct views:
Form View that contains detailed information related to a single record.
Table View that contains minimal information related to multiple records.
See record.
form designer
A form used to create customized forms. Forms created by using this form must be associated with a process or a resource object. These forms (and the fields that comprise the forms) are used to provide processes or resource objects with a mechanism for obtaining additional information they require to conduct provisioning.
form tab
A region of a form used to display details related to the primary form or record. Tabs allow for the conservation of active space on the screen while providing streamlined access to related data.
front end
This is a general term for the client within a client/server model. The front end provides for the display of information and supports actions started by users.
generated task
A process task that Oracle Identity Manager starts when another related process task achieves a predefined status (provided that this status is represented by a response). See response
generic adapter
The generic adapter contains the code for all the provisioning functions that a generic technology connector performs.
generic auditor
The generic auditor as the name suggests is a generic auditor. It is driven by an XML metadata contained in the AUD table. The metadata information specifies the auditor name that the generic auditor will use for the interested data objects and what other information is needed to record the snapshot.
generic technology connector
A generic technology connector is a collection of components. A component provides a service that is used by another component, the target system, or Oracle Identity Manager. Together, these components can be linked to support a wide variety of data formats and data transport mechanisms.
import
The act of taking a previously created XML data file, and using it to load information into Oracle Identity Manager by using the deployment manager. Import files are generated by other Oracle Identity Manager environments. They can contain either new information to be added to Oracle Identity Manager or updates to information that already exists in Oracle Identity Manager (for example, a record insert or record update).
IT resource asset
This is Oracle Identity Manager representation of the physical component of the external target resources provisioned by Oracle Identity Manager (for example, the various Solaris servers in a company).
JAR file
This is a Java Archive file. A compressed archive file (denoted by a .jar extension) containing one or more Java class files. This file format is used to distribute and run Java applications.
JavaBean
JavaBeans allow developers to create reusable software components that can then be assembled together by using visual application builder tools. Within Oracle Identity Manager, it is a Java program module that is used by Oracle Identity Manager Remote Manager to communicate bidirectionally with non-network-aware APIs. See remote manager.
Java DataBase Connectivity (JDBC)
A programming interface used by Java applications to access databases by using SQL. Because Java interpreters (or Java Virtual Machines) are available for all major operating systems, this interface supports the creation, modification, and deletion of platform-independent database applications.
Java task
This is one of several adapter task types available within the Adapter Factory form. This type of adapter task is used to communicate with an external source through a Java API. See adapter task.
Logic task
This is one of several adapter task types available within the Adapter Factory form. This type of adapter task is used to build a conditional statement within an adapter (for example, an if statement, a for-loop, or a while loop). See adapter task.
lookup definition
A definition that can represent:
The name and description of a text field;
A lookup field and the values that are accessible from that lookup field; or
A combination box and the commands that can be selected from that combination box.
Lookup definitions are created by using the Lookup Definition form (for default forms) or the Form Designer form (for custom forms). See lookup field.
lookup field
This is a data field that provides the user with a set of pre-defined values. Lookup fields only accept values selected from the pre-defined list as valid entries. See data field.
lookup queries
You can define lookups (for lookup fields and combination boxes) in Oracle Identity Manager for user-defined fields (UDF's) in system forms (for example, User Form, Resource Object Form) and fields of user-defined resource and object forms. The lookups are defined in two ways:
Lookup Queries: where the queries are statically defined for the field and are run against the appropriate database table.
Lookup Codes: where the items are displayed in a list from a lookup definition table
The (custom) lookup queries have been enhanced to allow the lookup query to be parameter driven. The parameter property is a mapped parameter, where you can specify:
Filter Column: the column for which a value is specified in the "where" clause
Filter Map: the source from where the value comes from
While the enhancement itself is delivered as part of the existing Forms Designer feature in the Design Console, any updates made by this feature are rendered on the Administrative and User Console dynamically as administrators, approvers, or end-users access the updated form(s).
lookup value
This is an item, which contains information pertaining to the text field, lookup field, or combination box that represents the lookup definition. See lookup definition.
manual task
This is any task within a process that requires user action in order to be completed. Approval processes generally comprise manual tasks.
Metadata
This is data about data. Metadata can represent information about or documentation of other data managed within an application or environment. For example, metadata can be used to provide information about data elements or attributes, (name, size, data type), records or data structures (length, fields, columns) or the physical location or permissions of data (where it is located, how it is associated, ownership). Within Oracle Identity Manager, there are two types of metadata, system metadata, which is internal to the Oracle Identity Manager system, and customer metadata, such as process definitions.
network
This is a system that connects computers and peripheral devices to allow for the sharing of information and resources. Networks are categorized by speed and distance between the computers. The most common kind of network is a LAN, which usually connects computers within an office. Another kind of network is a WAN, which connects computers at different locations. See Wide Area Network (WAN).
object
This is any resource that can be provisioned (for example, a database, server, software application, file, or directory access). Also referred to as a resource object.
OIM Account
An OIM Account is granted to an OIM User to give the OIM User the ability to log in to Oracle Identity Manager and access Oracle Identity Manager features. At the minimum, these features involve self-service and request. An OIM Account can be granted additional privileges including the ability to define workflows and the delegated administration of various entities, such as users, organizations, and roles. See OIM User.
OIM User
An OIM User is an identity that exists within and is managed through Oracle Identity Manager. An OIM User can be created in the following ways:
Through reconciliation from one or more trusted identity sources, such as HRMS or LDAP
Manually, by using the Administrative and User Console
Through the Java APIs or the SPML Web Service
An OIM User might or might not have an OIM Account. In Oracle Identity Manager release 9.1.0, every OIM User has an OIM Account. See OIM Account.
Open DataBase Connectivity (ODBC)
A database-programming interface produced by Microsoft that provides a common language for Microsoft Windows applications to access databases on a network. ODBC comprises of the function calls programmers write into their applications and the ODBC drivers themselves.For client/server database systems (such as Oracle Database and Microsoft SQL Server), the ODBC driver provides access to the database by using links to their database engines. For desktop database systems (such as dBASE and FoxPro), the ODBC drivers actually manipulate the data. ODBC supports SQL and non-SQL-compliant databases. Although the application always uses SQL to communicate with ODBC, ODBC communicates with non-SQL-compliant databases in their native language. See Structured Query Language (SQL).
Note: Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.
operation
This is an operand (for example, and/or) that determines and illustrates the relationship among the multiple elements (or nested rules) of a rule.
Oracle Identity Manager
A software platform that automates access rights management and the provisioning of resources. Oracle Identity Manager instantly connects users to the resources that can be productive, and revokes and or prevents unauthorized access to protect proprietary information and enhance security.
Oracle Identity Manager API Task
This is one of several Oracle Identity Manager adapter task types. This type of adapter task enables an external third-party application to access Oracle Identity Manager functionality from outside of Oracle Identity Manager. See adapter task.
Oracle Identity Manager System Administrators
These are members of Oracle Identity Manager user groups to which maximum system access has been assigned. See system administrator. See user.
Oracle Identity Manager Administrative and User Console (Web Application)
This is the user interface using which end-users and delegated administrators access Oracle Identity Manager functionality by using the Internet (Web browser).
organization
A record used to represent an organizational unit within a company's hierarchy (for example, a department, division, or cost center). Oracle Identity Manager does not limit the number of suborganizations that can be created within an organization.
organization target
The Oracle Identity Manager organization that is to be provisioned with a resource specified within a request.
password policy
A collection of criteria used to validate password creation and modification within Oracle Identity Manager or on an external resource. The criteria within a policy are applied based on the rule associated with it on the resource object to which it has been attached. Password policies can be defined for Oracle Identity Manager and/or third-party system passwords.
password policy rule
A rule used to determine which password policy is to be applied to password creation and modification on a particular resource or within Oracle Identity Manager. Password policy rules are always of type General. See rule.
Prepopulate Adapter
This is one of five Oracle Identity Manager adapter types that are used to populate data on user-defined fields on user-defined forms. This specific type of rule generator adapter can be attached either to custom fields of forms or to fields of custom forms. These fields are created by using the User Defined Field Definition form and the Form Designer form, respectively.
preceding task
A task that must have a status of Completed before Oracle Identity Manager or a user can start any tasks dependent on it. See dependent task.
process
This is a collection of one or more process tasks in addition to a requested instance of a process definition. See process definition.
process definition
This is a record containing a detailed definition of all properties of a process as well as its workflow and the tasks that comprise it.
process status
This is the current state of execution for a process. The status of a process is determined by the status of its tasks. See status.
process task
This is a step or component of a process (as specified within the Process Definition form). Process tasks can be independent or dependent on one another.
Process Task Adapter
This is one of five Oracle Identity Manager adapter types. This type of adapter helps Oracle Identity Manager to automate the execution of a process task. See process task.
Process Task Statuses
A process task status indicates the status of the task throughout its entire life cycle. A task has following predefined statuses R, C, X, P, W, XLR, UCR, UT, S, UC, PX, and MC.
provisioning
This is the granting of access for resources to users in conformance with Oracle Identity Manager policies. See deprovisioning.
provisioning policy
This is an access policy that is applied to a user group during resource provisioning. A provisioning policy is one of several factors that determine whether a resource object can ultimately be provisioned to the user. A provisioning policy definition specifies the resource objects that can be allowed or disallowed for one or more user groups. See access policy. See resource object. See user group.
provisioning process
This is one of two Oracle Identity Manager process types. This type of process is used to provision Oracle Identity Manager resources to users or organizations.
provisioning status
The status of the resource object as it is being provisioned to a user or an organization. A resource object can have one of nine predefined statuses:
Provisioning: The resource object has been assigned to a request, and an approval process and a provisioning process have been selected.
Provisioned: The resources, represented by the resource object, have been provisioned to the users or organizations.
Enabled: The resources, represented by the resource object, have been provisioned to the users or organizations. In addition, these users or organizations have access to the resources.
Disabled: The resources, represented by the resource object, have been provisioned to the users or organizations. However, these users or organizations have temporarily lost access to the resources.
Revoked: The resources, represented by the resource object, have been provisioned to the users or organizations. However, these users or organizations have been permanently deprovisioned from using the resources.
Provide Information: Additional information is required before the resources, represented by the resource object, can be provisioned to the target users or organizations.
None: This status does not represent the provisioning status of the resource object. Rather, it signifies that a task, which belongs to the provisioning process that Oracle Identity Manager selects, has no effect on the status of the resource object.
query
A method of searching for particular data records within a database by using a common characteristic. For example, a common query performed on the Organizations page in the Administrative and User Console is to retrieve all records related to a particular organizational unit. Oracle Identity Manager has many powerful built-in query syntax tools.
record
A collection of related items of information organized as a single unit of data (for example, a single record comprising of a name, telephone number, and address). The record is the entity stored in the database that contains this related information (whereas forms are the mechanism employed by the user to view or edit that information).
reconciliation
The process by which any action to create, modify, or delete a target system identity started in the target system (by using traditional means) is communicated back to the provisioning system and recorded.
reconciliation rule
These are rules configured to identify a matching user in Oracle Identity Manager based on reconciliation fields.
recovery task
This is a process task that starts when a preceding process task achieves a status of Rejected. The relationship between the primary task and its recovery task must be predefined for this to occur. This relationship is set within the Undo/Recovery tab of the process task's Editing Task window.
remote manager
A server that enables Oracle Identity Manager to communicate with a remote application that is either non-network-aware, or is network-aware, but is not located on the Oracle Identity Manager Server. Remote managers are employed when Oracle Identity Manager has to perform some function with this third-party application (for example, call a method that resides within the external API).
remote task
This is one of several adapter task types. This type of adapter task enables an adapter to call a method on an API (for example, when the API resides on a computer that is external to Oracle Identity Manager).Remote tasks are generally used within integrations of third-party APIs that are not network-enabled. In these cases, a remote manager runs the remote API method, which is located on a remote computer.
Remote tasks can also be used with integrations of third-party APIs, which are network-enabled, but are not located on the Oracle Identity Manager Server for scalability purposes. The remote API method is still executed by a remote manager. However, because the third-party API is network-enabled, the remote manager does not have to reside on the target system. See adapter task.
request
This is an entity that represents the beginning of the approval and provisioning of one or more resources to one or more users or organizations. When a request for the provisioning of resources is submitted, Oracle Identity Manager will:
Select and evaluate a standard approval process.
Select and evaluate a resource-specific approval process for each resource in the request.
Select and run a resource-specific provisioning process for each resource in the request.
The request record maintains information about the standard approval process and the resource-specific approval process instances. Administrators or end-users generally place requests. Requests can also originate in external systems.
Request-based provisioning differs from direct provisioning. Direct provisioning bypasses both the standard approval process and resource-specific approval process. See direct provisioning.
request status
This is the current state of the request. A request can have one of six statuses:
Request Initialized: This status signifies that the initial data fields of the Requests form have been populated, and the request has been saved.
Request Received: This status signifies that both a resource object and a user or organization has been assigned to the request, and that the Complete Request Creation button has been clicked.
Approved: This status signifies that the standard approval tasks are completed.
Not Approved: This status signifies that the request has been rejected or canceled.
Object Approval Complete: This status signifies that all the approval tasks in standard approval and object approvals are completed.
Request Complete: Request goes to this status when the request is complete.
reset password
This is the ability of a user to change the password. When the user first registers with Oracle Identity Manager (by using the Oracle Identity Manager Web Application), the user must select personal verification questions, and specify the answers to these questions. Oracle Identity Manager then uses these questions to verify a user's identity and reset his or her password.
resource
Also referred to as a Resource Object. This is any unit of hardware, software, or data over which a company wishes to enforce provisioning control. For example, hardware resources can be servers and printers in the network. Software resources can be programs, utilities, or even smaller elements within a program. Data resources could be any accessible files or databases.
The Oracle Identity Manager resource object definition is the virtual representation of the resources to be provisioned. For example, a resource object can have one or more approval processes, provisioning processes, rules, and password policies.
The Oracle Identity Manager resource object definition is used to control the various processes and policies associated with the resource, as well as set systemwide options that will determine how the resource is provisioned.
Resource Access Control Facility (RACF) server
A remote IBM mainframe security application used by Oracle Identity Manager to:
Verify the ID and password of a user.
Control the access of users to Oracle Identity Manager resources.
response
This is a predefined message or action that is generated when a process task is started and achieves a particular completion status.
result set
The data or records returned from a query. Most API results are returned in Result Set format.
row header
The rectangular box located along the left edge of each row in a table in the Oracle Identity Provisioning Design Console. The row header displays the row number of the associated record within the current sort order (if the sorting criteria are changed, then the row number can also change). In most forms, a record can be selected by double-clicking the row header.
rule
User-defined criteria employed by Oracle Identity Manager to match conditions and take action based on them. There are five types of rules (the first four are defined by using the Rule Designer form):
General: This type of rule enables Oracle Identity Manager to add a user to a user group automatically. It also determines the password policy that will be assigned to a resource object.
Process Determination: This type of rule determines the standard approval process that will be associated with a request, as well as the approval and provisioning processes, which will be selected for a resource object.
Task Assignment: This type of rule is used to determine the user or user group to which a task is to be assigned.
Prepopulate: This type of rule is used to determine the prepopulate adapter that Oracle Identity Manager selects when populating a custom field of an Oracle Identity Manager or user-defined form. See "Prepopulate Adapter".
Reconciliation: This type of rule is used to specify the criteria Oracle Identity Manager applies when attempting to match changes to data within target resources or trusted sources (for example, external systems with which you have configured Oracle Identity Manager to compare and reconcile data) with data in Oracle Identity Manager. Reconciliation rules are defined by using the Reconciliation Rules form.
rule element
This is the logical component of a rule. It is a unit that consists of an attribute, an operator, and a value (for example, user role == full time).
Rule Generator Adapter
This is one of five Oracle Identity Manager adapter types. This type of adapter is responsible for automatically generating, modifying, or verifying the value of a form's field, and saving this information to the database. Values supplied by a rule generator can be overridden by user input.
self-registration
This is the ability of a user to register with Oracle Identity Manager by using the Oracle Identity Manager Web Application.
server
The software architecture tier used to implement the business logic and manage the interaction between the Oracle Identity Manager Client and the database.
set variable task
This is one of several adapter task types. This type of adapter task lets you set the value of a variable within an adapter. See adapter task.
Simple Object Access Protocol (SOAP)
A message-based protocol based on XML used for accessing services on the Web. started by Microsoft, IBM, and others, it employs XML syntax to send text commands across the Internet by using HTTP. Similar in purpose to the COM and CORBA ® distributed object systems, but more portable and less programming intensive, SOAP is used to invoke services throughout the Web. Because of its simple exchange mechanism, SOAP can also be used to implement a messaging system. SOAP is supported in COM, DCOM, Internet Explorer, and Microsoft Java implementation.
standard approval process
This is a type of approval process. This type of approval process is used to approve a request as a whole, which can include multiple resource objects, and users or organizations. It is not resource-specific but rather request-specific.
status
This is the current state of execution for a given process or process task. The statuses of each task within a process determine the overall status of the parent process (certain tasks statuses have a greater effect on the process' overall status). There are six main statuses within Oracle Identity Manager:
Canceled: The process or process task has been stopped (once a status is canceled, its status cannot be changed).
Suspended: The process or process task has temporarily been placed on hold.
Rejected: The process or process task has not been completed successfully or has not been approved. The status of 'Rejected' process tasks can only be changed to 'Canceled' or 'Unsuccessfully Completed'. If a retry task has been specified, it will be inserted.
Pending: A user or system action is currently being performed on the process or process task. This status also signifies that all preceding tasks and processes on which the process or process task might be dependent have been completed.
Completed: The process or process task has been run successfully.
Waiting: The process or process task cannot be completed until all preceding process tasks or processes, on which the current process or process task is dependent, are completed.
stored procedure
A SQL program located within a particular database schema. Stored procedures contain information, such as SQL statements, which are precompiled for greater efficiency. See stored procedure task.
stored procedure task
This is one of several adapter task types. This type of adapter task help Oracle Identity Manager to map to and run SQL programs that are located within a particular database schema. Within Oracle Identity Manager, these programs are known as stored procedures.
By incorporating a stored procedure task into an adapter and attaching this adapter to a process task, Oracle Identity Manager can use stored procedures on any Oracle Database or Microsoft SQL Server database (assuming it is accessible on its network). This includes retrieving primitive values from stored procedures. See adapter task. See stored procedure.
Note: Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.
Structured Query Language (SQL)
This is a database language created by IBM in a research project in the late 1970s. It rapidly became the standard database language due to its combination of elegance, power, and connectivity. It is commonly used with database servers on mainframes, minicomputers, and PCs. An ANSI standard for the language exists.
suborganization
This is an organization that is a member of and derived from a higher-level (or parent) organization (for example, a department within a division). See organization.
system administrator
This user has both read and write access to all forms and records within Oracle Identity Manager.
Task Assignment Adapter
This adapter enables Oracle Identity Manager to automate the allocation of a process task to a user or group. A task assignment adapter can be written to dynamically assign a task based on parameters in the task request. The new Task Assignment Adapter is associated with a task assignment rule.
The Task Assignment Adapter enhances the mechanism of assigning a task through the Assignment tab of the Editing Task form (nested in the Process Definition form), where a rule is attached to a task, and users or groups are assigned to the current task.
table-view
A presentation mechanism for a collection of data records in which the items are arranged according to common predefined elements. In SQL database tables, the information is organized within columns and rows. A column represents one field or piece of information, such as a name. A row contains information related to one record. A record is a set of columns. Therefore, SQL tables are thought of as having multiple rows of columns. In Oracle Identity Manager, tables are presented in Table views in order to display multiple records on a single screen simultaneously. By contrast, a Form view can display only one record at a time. When queries are performed, only the records that satisfy the search criteria will be displayed in the Table view. See form. See form tab.
target resource
The external resource or application to which you wish to provision a user or organization with access by using Oracle Identity Manager.
Within the context of Oracle Identity Manager's reconciliation functions, this term has a more specific meaning. It is then used to refer to a resource with which Oracle Identity Manager has been set to conduct reconciliation. Target resources differ from trusted sources in that Oracle Identity Manager only accepts changes to the primary user record from a trusted source. All other external applications with which Oracle Identity Manager is conducting reconciliation are referred to as target resources.
target resource reconciliation
This refers to reconciliation that result in creation/update/revocation of resources provisioned to a user in Oracle Identity Manager. Account Discovery, Orphan Account Discovery, Rogue Account Discovery, and Direct Management Discovery are all specific use cases within this type of reconciliation.
task status
This is the status of a process task. The status of a process' tasks determines the process' overall status.
three-tier architecture
Oracle Identity Manager consists of three distinct tiers. The three tiers of Oracle Identity Manager are the Oracle Identity Manager Client, Oracle Identity Manager Server, and the database. See client. See server. See database.
toolbar
The set of icons along the top edge of the Oracle Identity Manager Design Console window that provides access to frequently used functions. When you click an icon, the function of that icon is triggered. If you take the mouse pointer over a icon, a tool tip describing that icon is displayed.
trusted certificate
A digital ID, which verifies that the user's password for an external application is being transmitted to Oracle Identity Manager from the correct location.
trusted source
This is the Resource object in which a unique key for reconciliation with data in Oracle Identity Manager has been defined. The trusted source is the resource object from which Oracle Identity Manager accepts changes to the user record definition. There can be more than one trusted source and more than one key for each trusted source.
undo task
This is a process task that will be started when a predefined associated process task is canceled.
user
An individual who possesses an account and login credentials within Oracle Identity Manager. There are two distinct types of users in Oracle Identity Manager:
End-User Administrators: This type of user might use either the Administrative and User Console or the Design Console of Oracle Identity Manager. End-user administrators are responsible for configuring Oracle Identity Manager for their company's end-users.
End-Users: This type of user can access only the Oracle Identity Manager Administrative and User Console. End-users are generally only able to perform basic functions within Oracle Identity Manager.
User-Defined Field (UDF)
Supplemental fields that can be created by the user to augment the fields already present on the Organizations, Users, Requests, Resource Objects, User Groups, Form Designer, or Locations forms. By using a user-defined field, an administrator can provide a location for entering and storing data, define default values, format input data, create and apply data validation criteria, and provide a label for the field. The field and its contents are then stored in the database.
user group
This is a collection of one or more users. User group definitions can be used to assign permissions to all members of the group (for example, the users). The user group is an efficient mechanism for managing the privileges and access rights for large numbers of users.
User profile auditor
The user profile auditor inherits from the generic auditor to perform the user profile auditing. The user profile auditor relies on generic auditor to read and parse its XML metadata, process the changes to data objects, and process the offline creation of the snapshot.
utility task
This is one of several adapter task types. It is an adapter task that helps an adapter to be populated with any of the methods and APIs that are packaged with Oracle Identity Manager. In addition, this type of task provides you with access to a Java API. See adapter task.
Wide Area Network (WAN)
This is a computer network that connects computers at different locations. A WAN often connects to many LANs.
workspace
The region of the Oracle Identity Manager application window, displayed within the right-hand panel, which contains the forms and tables used to view, edit, and manage information.
XML - Extensible Markup Language
This is an open standard for describing data from the World Wide Web Consortium (W3C). It is used for defining data elements on a Web page and business-to-business documents. It uses a tag structure similar to HTML; however, whereas HTML defines how elements are displayed, XML defines what those elements contain. HTML uses predefined tags, but XML helps tags to be defined by the developer of the page. As a result, virtually any data items, such as product, sales rep and amount due, can be identified, allowing Web pages to function similarly to database records. By providing a common method for identifying data, XML supports business-to-business transactions and is expected to become the dominant format for electronic data interchange. See Electronic Data Interchange (EDI).
