Sun Identity Manager 8.1 Resources Reference

Chapter 24 Oracle

The Oracle resource adapter is defined in the com.waveset.adapter.OracleResourceAdapter class.

Note –

Identity Manager also provides an Oracle ERP resource adapter that supports Oracle E-Business Suite (EBS). For detailed information about this adapter, see Chapter 25, Oracle ERP.

Use this adapter to support user accounts for logging into Oracle. If you have a custom Oracle table, see Chapter 10, Database Tablefor information about using the Resource Adapter Wizard to create a custom Oracle table resource.

Adapter Details

Resource Configuration Notes


Identity Manager Installation Notes

The Oracle resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the Oracle Resource Adapter

  1. To add an Oracle resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.


  2. If you are connecting to Oracle Real Application Clusters (RAC) using a thin driver, specify a value in the following format in the Connection URL on the Resource parameters page:

  3. If you are using the JDBC thin driver in an environment that does not use Oracle Real Application Clusters, copy the JAR file that contains the JDBC thin driver classes to the $WSHOME$/WEB-INF/ lib directory. The JAR file must be compatible with the JDK version of your application server.

  4. If you are using a different driver, specify the driver and connection URL on the Resource Parameters page.

Usage Notes

This section describes dependencies and limitations related to using the Oracle resource adapter, including information about user types and cascade deletes.

User Types

The Oracle database permits the following types of users:

If you are managing external or global users, you should place the Oracle resource in a resource group that also includes the machine upon which it is installed or the directory service.

Cascade Deletes

The noCascade account attribute indicates whether to perform cascade drops when deleting users. By default, cascade drops are performed. To disable cascade drops:

ProcedureDisabling Cascade Drops

  1. Add an entry to updatableAttributes section of System Configuration Object:

    <Attribute name=’Delete’>
          <Attribute name=’all’>
  2. Add a field to the deprovision form:

    <Field name=’resourceAccounts.currentResourceAccounts
       <Display class=’Checkbox’>
          <Property name=’title’ value=’Do NOT Cascade MyOracleResource Delete’/>
          <Property name=’alignment’ value=’left’/>
  3. Add the noCascade account attribute to Oracle Resource schema.

    If the user owns objects and the do not cascade option is selected, Oracle will throw an error. The user will not be deleted.

  4. Add a noCascade field to the user form so that the attribute can be disabled. For example:

    <Field name=’global.noCascade’>

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager can use one of the following drivers to communicate with the Oracle adapter:

Required Administrative Privileges

To create an Oracle user, the administrator must have CREATE USER, ALTER USER, and DROP USER system privileges.

For Oracle and Oracle Applications, administrators must have SELECT permissions on the following database views:

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.



Enable/disable account 


Rename account 


Pass-through authentication 


Before/after actions 


Data loading methods 

Import directly from resource 

Account Attributes

The following table lists the Oracle database user account attributes. All attributes are Strings. All attributes are optional.

Resource User Attribute  



Indicates whether to perform a cascade delete for a user. 


Must be one of the following values: 

  • LOCAL (default value)




Name of the default tablespace for objects that the user creates. 


Maximum amount of default tablespace the user can allocate. 


Global name of a user. (Applicable only when oracleAuthentication is set to GLOBAL.) 


This attribute is applicable for local Oracle accounts only. 


One or more privileges assigned to the user. 


One or more profiles assigned to the user. 


One or more roles assigned to the user. 


Name of the tablespace for the user’s temporary segments. 


The maximum amount of temporary tablespace the user can allocate. If the attribute appears in the schema map, the quota is always set on the temporary tablespace. If the attribute is removed from the schema map, no quota will be set on the temporary tablespace. The attribute must be removed for adapters that communicate with Oracle 10gR2 resources. 

Resource Object Management


Identity Template


Sample Forms




Use the Identity Manager debug pages to set trace options on the following classes: