A About the XML Schema Definition

This appendix lists all the elements that are valid according to the schema definition and the various attributes that are valid for each element. It also lists the set of values that each of these attributes can take.

The elements along with their attributes and attribute values are explained here for easy reference. For complete XML schema information, refer to:

oracle.iam.rm.rule.predicate.config_1_0.xsd

To access the XML schema:
1. Navigate to the ORM_HOME\lib directory.
2. Extract the contents of the server.jar file into a temporary location using any unzip utility or the jar command-line tool, which is part of the Sun Java Development Kit.
3. From the temporary location, navigate to META-INF\schemas.
  
  This directory contains the oracle.iam.rm.rule.predicate.config_1_0.xsd file.
standard.xml

The standard.xml file contains the standard data model that supports the Oracle Role Manager user interface.

To access the standard.xml file:
1. Navigate to the ORM_Home\config directory.
2. Extract the contents of the standard.car file into a temporary location using any unzip utility or the jar command-line tool, which is part of the Sun Java Development Kit.
3. From the temporary location, navigate to the config\oracle.iam.rm.temporal directory.
  
  This directory contains the standard.xml file.

Note:

If there are customizations to the Oracle Role Manager sample data model, then all the attributes in this appendix can take user-defined values as per the customizations made in the XSD.

Topics in this appendix include:

Section A.1, "Attribute Expressions"
Section A.2, "Hierarchy Expressions"
Section A.3, "Relative Object Expressions"
Section A.4, "Role Membership Expressions"

A.1 Attribute Expressions

The attribute-expression element has the attributes object-type and attribute-id.

The attribute-id attribute takes values based on the value of the object-type attribute specified in the attribute-expression element.

Table A-1 lists the object-type attributes and its corresponding attribute-id values. The Inherits From column in Table A-1 gives the name of the supertype from which the object-type attribute mentioned in object-type column is inherited.

See Also:

Oracle Role Manager Developer's Guide for detailed information about every object

Note:

The status attribute-id of the abstractRole object-type attribute is not used from this release onward.

Table A-1 Attribute Values for object-type and attribute-id

object-type	Inherits From	Values for attribute-id
`abstractIdentity`	NA	`displayName` `locale` `status` `userID` `userPassword`
`person`	`abstractIdentity`	All values for the `attribute-id` attribute of the `abstractIdentity` object-type (listed earlier in this table). In addition, it can take the following values: `audio` `businessCategory` `carLicense` `costCenterOrg_id` `departmentNumber` `description` `destinationIndicator` `employeeNumber` `employeeType` `fax` `givenName` `homePhone` `homePostalAddress` `initials` `internationalISDNNumber` `jobTitle` `jpegPhoto` `l` (Note: This `attribute-id` attribute refers to the LDAP attribute for the locality of the person) `locationOrg_id` `mail` `manager_id` `mobile` `pager` `photo` `physicalDeliveryOfficeName` `postalAddress` `postalCode` `postOfficeBox` `preferredDeliveryMethod` `preferredLanguage` `registeredAddress` `reportingOrg_id` `roomNumber` `seeAlso` `sn` (Note: This refers to the surname of the person) `st` `street` `telephoneNumber` `telexNumber` `userCertificate` `userSMIMECertificate` `x121Address`
`abstractOrg`	NA	`costCenterHierarchyRoot_id` `costCenterOrg_id` `description` `displayName` `locationHierarhcyRoot_id` `locationOrg_id` `orgHead_id` `reportingHierarhcyRoot_id` `reportingOrg_id` `uniqueName`
`building`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `buildingName` `postalAddress` `telephoneNumber`
`country`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `c` (Note: This `attribute-id` attribute refers to the two-letter country code to which the organization belongs.)
`division`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table).
`dcObject`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table).
`floor`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `floorIdentifier`
`locality`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `l` (Note: This attribute-id attribute refers to the LDAP attribute.) `seeAlso` `st` `street`
`organization`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `businessCategory` `destinationIndicator` `fax` `internationalISDNNumber` `l` (Note: This `attribute-id` attribute refers to theLDAP attribute for the locality of the organization) `physicalDeliveryOfficeName` `postalAddress` `postalCode` `postOfficeBox` `preferredDeliveryMethod` `registeredAddress` `seeAlso` `st` `street` `telephoneNumber` `telexNumber` `x121Address`
`ou` (Note: This `object-type` attribute refers to an organizational unit)	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `businessCategory` `destinationIndicator` `fax` `internationalISDNNumber` `l` `physicalDeliveryOfficeName` `postalAddress` `postalCode` `postOfficeBox` `preferredDeliveryMethod` `registeredAddress` `seeAlso` `st` `street` `telephoneNumber` `telexNumber` `x121Address`
`room`	`abstractOrg`	All values for the `attribute-id` attribute of the `abstractOrg` object-type (listed earlier in this table). `roomNumber` `seeAlso` `telephoneNumber`
`abstractRole`	NA	`costCenterOrg_id` `description` `displayName` `eligibilityRule` `isDelegatable` `locationOrg_id` `membershipRule` `relevantAttributes` `reportingOrg_id` `roleType` `simpleDynamic` `socHierarchy_id` `status` (Note: This `attribute-id` attribute is not used from this release onward) `uniqueName`
`approverRole`	`abstractRole`	All values for the `attribute-id` attribute of the `abstractRole` object-type (listed earlier in this table). `roleOwner_id`
`businessRole`	`abstractRole`	All values for the `attribute-id` attribute of the `abstractRole` object-type (listed earlier in this table). `approverId` `approverType` `oimUserGroupId` (Note: This value is available only if the Integration Library is installed) `responsibility` `roleOwner_id`
`itRole`	`abstractRole`	All values for the `attribute-id` attribute of the `abstractRole` object-type (listed earlier in this table). `isFinanceRelated` `isHighRisk` `isNpiRelated` `isSoxRelated` `oimAccessPolicyId` (This value is available only if the Integration Library is installed) `roleOwner_id`
`systemRole`	`abstractRole`	All values for the `attribute-id` attribute of the `abstractRole` object-type (listed earlier in this table). `roleOwner_id`

A.2 Hierarchy Expressions

As discussed in the preceding chapter, the hierarchy-expression element contains the hierarchy-member element. This element in turn contains the aliased-reference element.

The aliased-reference element uses the attributes object-type and attribute-id. The object-type attribute can take the values abstractOrg and its inherited object types. For a corresponding list of values that these object-type attributes can take, see Table A-1.

A.3 Relative Object Expressions

You can use the relative-object-expression element to determine approver roles. It contains the attributes subject-type, relationship-path-id, and relative-object-type. The subject-type and relative-object-type attributes take the values organization, person, and role. However, the relationship-path-id attribute takes a value depending on the subject-type and relative-object-type attributes. You can have various subject-type and relative-object-type combinations such as person-person.

Table A-2 lists the values that the relationship-path-id attribute takes when a person-person combination is used.

Table A-2 Attribute Values for relationship-path-id

Combination	relationship-path-id Attributes
`person-person`	`managedPeople` `manager` `secretarialClients` `secretary`
`person-organization`	`headedOrgs`
`person-itRole`	`ownedITRoles`
`person-systemRole`	`ownedSystemRoles`
`person-businessRole`	`ownedBusinessRoles`
`person-approverRole`	`ownedApproverRoles`
`abstractOrg-abstractOrg`	`parent_reporting_organization` `parent_location_organization` `parent_cost_center_organization`

A.4 Role Membership Expressions

As discussed in the preceding chapter, the role-member-expression element contains the aliased-reference element.

The aliased-reference element uses the attributes object-type and attribute-id. The object-type attribute can take the values abstractRole and its inherited object types. For a corresponding list of values that these object-type attributes can take, see Table A-1.