The first steps in defining policies are to (1) create an organization under which the application to be secured will be defined and (2) define identities (users and groups) to represent application users. Once users and groups are created, they be granted access to application resources.
This section walks you through the steps of creating the organization and identities needed to represent employees of Parker Hospital who use the Admissions System’s patient roster. These are described in Table 3-1.
Table 3-1 Organization and Identities
ParkerHospital is created to hold all Parker Hospital identities and applications.
The Parker_Identities directory is created to contain all Parker Hospital employees (users) as well as any groups needed to define user collections.
John Kildaire — A doctor who requires view access to the Admissions System’s patient roster.
Harry Hopkins — An Admissions System operator who manages the patient roster. He requires view and edit access.
Doctors — a group to contain all doctors at Parker Hospital.
AdmissionsOperators — a group to contain all Admissions System operators.
Create the Organization
If you have not already done so, start the Oracle Entitlements Server and launch the Entitlements Administration Application as described inthe previous chapter.
In the left pane of the console window, select the RootOrg organization and click New Organization at the bottom of the pane.
When you expand RootOrg, you will see two out-of-box entities: the EntitlementUI application and a child organization named DefaultOrg. The EntitlementUI application represents the Entitlements Administration Application itself and the DefaultOrg organization contains a number of out-of-box resources and any resources created in previous versions of this product. For further information about these objects, see Entitlements Administration Application help system.
On the New Organization dialog, enter ParkerHospital in the Name field and click OK.
Note that spaces are not allowed in organization names.
As shown in Figure 3-1, the ParkerHospital organization will appear in the navigation tree under RootOrg.
Figure 3-1 ParkerHospital Organization
Create the Identity Directory
In the left pane, select the ParkerHospital organization. Then click the Identities tab in the right pane as shown in Figure 3-2.
Figure 3-2 Identities tab
Click New at the bottom of the right pane. When the New Identity Directory dialog appears, enter Parker_Identities and click OK.
As shown in Figure 3-3, the identity directory will appear in the Identities Directory list and the Type column will indicate it is a direct child of the ParkerHospital organization.
Figure 3-3 Creating Identities
Create the Groups
With the Parker_Identities directory selected in the Identities Directories list, select the Groups tab on the right.
As shown in Figure 3-4, the Groups tab lists the allusers group, which is an automatically provided group that contains all users in the Parker_Identities directory.
Figure 3-4 Groups Tab
To create the Doctors group, select New at the bottom of the tab. Then enter Doctors in the Group Name field and click OK.
Repeat step 2 to create a group named AdmissionsOperators.
After both groups are created, they will appear in groups list as shown in Figure 3-5.
Figure 3-5 Groups in Parker_Identities Directory
Create the Users
With the Parker_Identities directory selected in the Identities Directories list, select the Users tab on the right and click New at the bottom of the tab.
When the New User dialog appears, enter John Kildaire in the User Name field and complete the two password fields using any string of at least six characters and click OK.
The password value is unimportant; it will not be used in these tutorials.
John Kildaire will appear in the Users list as shown in Figure 3-6.
Figure 3-6 User John Kildaire
Add John Kildaire to the Doctors group.
Repeat steps to create a user named Harry Hopkins and assign it to the AdmissionsOperators group.
Save Your Work
After creating the organization and identities, save your changes as follows:
In the top right part of the console window, click Save & Distribute as shown in Figure 3-7.
Figure 3-7 Save Changes
On the Save and Distribute window, make sure No, just save changes is selected and click OK.
The Yes, save changes and distribute option is used when you have made changes to policy definitions. Selecting it will save your changes and also distribute the policies to the SSM that is securing the application.
To turn on autosave so that changes will be automatically saved, click the Auto Save checkbox on the main menu as shown in Figure 3-8.
Figure 3-8 Autosave
This tutorial showed how to create the following objects:
Organization — ParkerHospital was created to hold all employees at Parker Hospital.
Identity Directory — Parker_Identities was created to hold all Parker Hospital users and groups.
Groups — The Doctors and AdmissionsOperators groups were created to contain all doctors and operators who access the patient roster.
Users — John Kildaire was created and added to the Doctors group. Harry Hopkins was created and added to the AdmissionsOperators group. These users access the Admissions System’s patient roster.