Skip Headers
Oracle® Fusion Middleware User's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)

Part Number E14316-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

14 Creating and Searching Requests

A User in Oracle Identity Manager can manage Requests by creating, searching, or performing other operations on requests from Oracle Identity Manager Advanced Administration if the user belongs to "REQUEST ADMINISTRATORS" group.

This chapter describes the request management feature in the following sections:

See Also:

"Managing Requests" for information about request management concepts and tasks

14.1 Creating Requests by Using Oracle Identity Manager Advanced Administration

You can log in to Oracle Identity Manager Advanced Administration and create requests for yourself and for others if your role has the appropriate privileges. You can also create requests by using Oracle Identity Manager Self Service.

Creating requests is described with the help of the following scenarios:

14.1.1 Creating a Request To Create a User

To create a request to create a user:

  1. In Oracle Identity Manager Advanced Administration, click the Administration tab, and then click Requests.

  2. From the Actions menu on the left pane, select Create Request. Alternatively, you can also click the Create Request icon on the toolbar. The Select Request Template page of the Create Request wizard is displayed.

    Note:

    The steps in the Create Request wizard are dynamically generated based on the selection of the request template in the first step.

  3. From the Request Template list, select the request template based on which you want to create the request. The dropdown list shows all the default request templates as well as the custom templates that are created based on the request types. In this example, select Create Contractor, and then click Next.

    Note:

    • The Create Contractor request template is not a default request template and is available for selection when a request template with the same name is created based on the privileges you have. For the purpose of this scenario, this request template has been created based on the Create User request type for creating user accounts for contract employees. For information about creating this request template, see "Creating a Request Template Based on the Create User Request Type"".

    • The Create Role, Modify Role, and Delete Role request templates are not available in the Request Templates list. This is because request creation by using any request template that are based on the Create Role, Modify Role, and Delete Role request types are supported from the APIs, but not in the UI. However, you can search for these request templates in the Request Templates tab. In addition, the Create Role, Modify Role, and Delete Role request types can be used to create approval policies and new request templates.

  4. In the Enter Details page, specify values for the user attributes. The fields for the user attributes are displayed as defined in the Create Contractor request template. For example, the Middle Name attribute is not displayed if you have already specified a value for it at the template level. For the Organization attribute, an LOV is available, whose values are also defined at the template level. For details about specifying these values, see "Creating a Request Template Based on the Create User Request Type".

    After specifying values for the user attributes, click Next.

  5. In the Enter Additional Data page, enter the value of the attribute that is specified as additional data in the request template that you are using to create this request. In this example, Date of Birth is specified as an additional attribute in the request template. Enter a value in the Date of Birth field, and then click Next.

    Note:

    The Enter Additional Data page is displayed dynamically based on the additional data specified in the request template.

  6. In the Confirm page, specify values for the Effective Date and Justifications fields. Effective date is the date from which the request will be active after approval. For example, after a create user request is approved, the user is created in Oracle Identity Manager on the date specified in the Effective Date field. The Justification field is a justification for creating the request that might help the approver in approving or rejecting the request.

    On clicking Finish, a request to create a user based on the Create Contractor request template is created.

14.1.2 Creating a Request to Provision a Resource to Users

To create a request to provision a resource to one or more users:

Note:

The following request types are similar in nature in terms of request creation and execution:

  • Provision Resource

  • Modify Provisioned Resource

  1. In Oracle Identity Manager Advanced Administration, click the Administration tab, and then click the Requests tab.

  2. From the Actions menu on the left pane, select Create Request. The Select Request Template page of the Create Request wizard is displayed. The steps in this wizard are dynamically generated based on the selection of the request template in the first step.

  3. From the Request Template list, select the request type or request template based on which you want to create the request. In this example, select Provision E-Business Resource, and then click Next.

    Note:

    The Provision E-Business Resource request template is not a default request template and is available for selection when a request template with the same name is created based on the privileges you have. For the purpose of this scenario, this request template has been created based on the Provision Resource request type for provisioning an E-Business resource to a user. For information about creating this request template, see "Creating a Request Template Based on the Provisioning Resource Request Type"

  4. In the Select Users page, specify a search criteria in the fields to search for the users that you want to provision the resource, and then click Search. A list of users that match the search criteria you specified is displayed in the Available Users list.

  5. From the Available Users list, select one or more users to whom you want to provision the resource. You can select one or more users that are your direct reports. In other words, you can select one or more users for whom you are the manager as specified in the user's profiles.

    Click Move to include your selection in the Selected Users list, and then click Next.

    Note:

    In this page, available users list is shown based on the authorization policies for user entities. The users cannot be restricted from the request templates.

  6. In the Select Resources page, search for the available resources. From the Available Resources list, select the resources that you want to provision, click Move to include the selected resources in the Selected Resources list. In this example, select E-Business RO as the resource to be provisioned, and then click Next.

    Note:

    Only the E-Business RO resource is displayed in the Selected Resources list because the Provision E-Business Resource request template is created only for provisioning the E-Business resource. The resources are displayed in the Available Resources list based on the resource selection in the request template.

  7. In the Resource Details page, specify values for the attributes of the resource.

    In this example, you can select the life span of the E-Business resource being provisioned to the selected user or users. In the Life Span Type lookup, select a life span type, such as Short term, Mid term, or Long term. In the Server lookup, select the name of the E-Business server to connect to. For the Oracle Apps User Responsibilities parent attribute, you can enter multiple sets of values for the Responsibility Start Date, Responsibility End Date, and Responsibility Name child attributes. To do so, select values in the fields, and then click Add. Repeat entering another set of values in the Responsibility Start Date, Responsibility End Date, and Responsibility Name fields, and then click Add. For information about defining parent and child attributes, see "Creating a Request Template Based on the Provisioning Resource Request Type".

    Note:

    In this page, the attributes are picked up from the request dataset. See "Step 1: Creating a Request Dataset for the Resources" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about request datasets.

    Specify values for all other resource attributes, and then click Next.

    If you select multiple resources in the Select Resources page, then the Resource Details page for each selected resource is displayed one by one. For instance, in the Select Resources page, you select the E-Business and Active Directory resources. The Resource Details page for the E-Business resource is displayed. Enter values for all attributes of the E-Business resource, and click Next. Then, the Resource Details page for the Active Directory resource is displayed. Specify values for all attributes of the Active Directory resource, and click Next.

  8. If the selected resource has dependent resources, then the steps to select the dependent resources are displayed. Select the dependent resources, click Next.

    A resource object can have a dependency on other resource objects. During creation of provision resource request (for self or others), if the dependent resources are not already provisioned, then these dependent resources are automatically added to the request. This is applicable to the Provision Resource and Self Provision Resource request types.

    Dependent resources can of the following types:

    • Single beneficiary: During creation of a provision resource request for single user, if the dependent resources are not already provisioned, then those dependent resources are automatically added to the request.

      Suppose the resource objects DB, AD, and Exchange are created in such a way that Exchange has dependency on AD, and AD has dependency on DB. Single beneficiary dependent resources is described with the help of the following examples:

      • Example 1: User Jane does not have any of the resources. During self provision resource request, Jane selects Exchange as a resource in the Select Resources step. Because Jane does not have the dependent resources AD and DB, the request UI automatically adds the resource details collection steps for the resources AD and DB along with the resource Exchange.

      • Example 2: User John has DB resource provisioned. You want to provision the resource Exchange to John. During the provision resource request, you select John in the Select Users step and Exchange in the Select Resources step. Because John does not have the dependent resource AD provisioned, the request UI automatically adds the resource details collection step to the resource AD along with the resource Exchange. Resource DB is not added because John already has DB provisioned.

      • Example 3: User Brad does not have any resources. During self provision resource request, Brad selects DB as a resource in the Select Resources step. Resource details collection step for only the resource DB is shown because the DB resource does not have any dependency.

    • Multiple beneficiary: During creation of a provision resource request for multiple users, if any of the users doesn't have dependent resources provisioned, then those dependent resources will be automatically added to the request. These dependent resources will be added to only to those beneficiaries that doesn't already have these resources provisioned.

      Suppose the resource objects DB, AD, and Exchange are created in such a way that Exchange has dependency on AD, and AD has dependency on DB. Multiple beneficiary dependent resources is described with the help of the following examples:

      • Example 1: Users Jane and John do not have any resources provisioned. You want to provision the resource Exchange to Jane and John. During the provision resource request, you select Jane and John in the Select Users step and Exchange in the Select Resources step. Because both the beneficiaries do not have the dependent resources AD and DB provisioned, the request UI automatically adds the resource details collection step to the resources AD and DB along with the resource Exchange. In this request, the resources AD and DB are added to both the beneficiaries Jane and John.

      • Example 2: User Jerry does not have any resource provisioned. User Katie has resource DB provisioned. You want to provision the resource Exchange to Jerry and Katie. During the provision resource request, you select Jerry and Katie in the Select Users step and Exchange in the Select Resources step. Because Jerry (one of the beneficiaries) does not have the dependent resources AD and DB provisioned, the request UI automatically adds the resource details collection step for the resources AD and DB along with the resource Exchange. In this request, the resource AD is added to both the beneficiaries Jerry and Katie. However, the resource DB is added to only Jerry but not to Katie because Katie already has the resource DB provisioned.

  9. In the Justification page, you can specify values for the following fields, and then click Finish to submit the request.

    • Effective Date: Enter the date when you want the underlying operation of the request to be executed after approval. For example, if you specify September 15 as the effective date for provisioning a laptop to a user, then the laptop is not provisioned to the user before September 15 even if the request is approved. The resource is provisioned on September 15. If the request is approved after September 15, then the resource is provisioned with immediate effect.

    • Justification: Enter a justification for creating the request.

    If you have selected a user to provision the resource, then the request is available for approval. If you have selected multiple users to provision the resource, then the request is broken into multiple child requests for operation level approval, and each child request can be approved or rejected independently.

14.1.3 Creating a Request to Deprovision Resources

To create a request to deprovision one or more resources:

Note:

The following request types are similar in nature in terms of request creation and execution:

  • Enable Provisioned Resource

  • Disable Provisioned Resource

  • De-Provision Resource

  1. In the Welcome page of Oracle Identity Manager Advanced Administration, under Administration, click Search Requests. Alternatively, you can click the Administration tab, and then click Requests.

  2. From the Actions menu, select Create Request. Alternatively, you can click the create request icon on the toolbar. The Select Request Template page of the Create Request wizard is displayed. The steps in this wizard are dynamically generated based on the selection of the request template in the first step.

  3. From the Request Template list, select De-Provision Resource. Then, click Next.

  4. In the Select Users page, search for the users. Select one or more users from the Available Users list from whom you want to deprovision a resource. Click Move to move the users to the Selected Users list, and then click Next.

  5. In the Select Resources page, search for the resources. Select one or more resources that you want to deprovision. Click Move to move the resources to the Selected Resources list. Then, click Next. The Justification page is displayed.

  6. In the Effective Date field, specify a date on which you want the resource to be deprovisioned.

  7. In the Justification field, enter a justification for the deprovisioning operation.

  8. Click Finish. The request to deprovision one or more resources is created.

Note:

Resource search in Select Resources page lists all the resources provisioned to user selected in Select Users page. If multiple users are selected, then search shows common resources provisioned to all selected users.

14.2 Searching and Tracking Requests

You can login to Oracle Identity Manager Administration and search for requests to view a list of requests. You can perform simple search and advanced search for requests. You can also view the details of each request.

This section contains the following topics:

14.2.1 Searching Requests

To perform a simple search for requests:

  1. Login to Oracle Identity Manager Advanced Administration.

  2. In the Welcome page, under Administration, click Search Requests. Alternatively, you can click the Requests subtab under the Administration tab.

  3. In the left pane, click the icon next to the Search field. A list of available requests are displayed in the search results table in the left pane with details such as request ID, request type, and request status. You can sort the requests based on Request ID and Request Type.

    Note:

    • Sorting on Request ID is string-based and not number-based.

    • For request search based on the Requester/Beneficiary fields, enter requester/beneficiary user login ID.

To perform an advanced search for requests:

  1. In the left pane of the Requests section in Oracle Identity Manager Advanced Administration, click Advanced Search. The Advanced Search page is displayed.

  2. Select any one of the following matching options:

    • All: On selecting this option, the search is performed with the AND condition. This means that the search result shows requests with all the search criteria specified are matched.

    • Any: On selecting this option, the search is performed with the OR condition. This means that the search result shows requests with any search criteria specified is matched.

  3. Specify values in the fields as search criteria. For each field, select an operator, such as Equals, Contains, or Begins with.

  4. To include a field in your search criteria, click Add Fields, and then select the field from the list. A cross icon is displayed only for the field added by using Add Fields. To discard such a field from your search, click the cross icon next to the field.

  5. Click Search. The search results table is displayed with details about request ID, request type, status, date requested, and requester, as shown in Figure 14-1. You can sort the requests based on request ID, request type, request status, and date requested.

    Note:

    Sorting on Request ID is string-based and not number-based.

    Figure 14-1 Advanced Search Results

    Description of Figure 14-1 follows
    Description of "Figure 14-1 Advanced Search Results"

14.2.2 Viewing Request Details

From the search results tables of the simple and advanced search, you can view the details of the requests for tracking. To do so, select a request in the search results table. From the Actions menu, select Open Request Detail. The Request Details page for the selected resource is displayed.

Figure 14-1 lists the fields in the Request Information section of the Request Details page:

Table 14-1 Fields in the Request Details page

Field Description

Request ID

An ID to uniquely identify the request

Request Type

The type of request or the request type based on which the request is created

Status

The status in which the request is currently in

Note: Status shows the current request status. A link is displayed if the status is Request Failed or Request Completed with Errors, which can be clicked to see the reason for the failure.

Date Requested

The date of creation of the request

Effective Date

The date from which the operation requested will be active

Requester

The user who created the request

Beneficiary

The user for whom the request is created

Justification

The reason for creating the request

Parent Request ID

The request ID of the parent request if the request whose details is displayed is a child request


Note:

From the Request Details page, you can close the request by selecting Close Request from the Actions menu at the top of the page. For information about closing requests, see ""Closing Requests"".

The Request Details page displays the following tabs:

14.2.2.1 The Requested Resources or Users or Requested Roles Tab

This tab is displayed in the Request Details page depending on the type of request. For example, the Requested Resources tab is displayed in the Request Details page when the request type is Provision Resource. Similarly, the Users or Requested Roles tabs are displayed when the request types are Create User or Assign Roles respectively.

Figure 14-2 shows the Requested Roles tab:

Figure 14-2 The Requested Roles Tab

Description of Figure 14-2 follows
Description of "Figure 14-2 The Requested Roles Tab"

In the Requested Resources tab that is displayed for the resource request types, you can view the details of the resources associated with the request. The details include beneficiary, resource name, and resource details. To view resource details, click the View Details link for a particular resource. The Resource Details window is displayed, as shown in Figure 14-3:

Figure 14-3 The Resource Details Window

Description of Figure 14-3 follows
Description of "Figure 14-3 The Resource Details Window"

14.2.2.2 The Request Comments Tab

This tab displays any comments provided with the request that can help the approver take actions on the request. This tab also allows you to add a new comment to the request. To add a comment:

  1. In the Request Comments tab, from the Actions list, select Add Comment. The New Comment dialog box is displayed.

  2. In the Comments field, enter the comment for the request.

  3. Click Save. The comment is added and is displayed in the Request Comments tab, as shown in Figure 14-4:

    Figure 14-4 The Request Comments Tab

    Description of Figure 14-4 follows
    Description of "Figure 14-4 The Request Comments Tab"

14.2.2.3 The Request History Tab

This tab displays the history of the request, such as the request status, the date when the request is updated, and by whom the request is updated.

Figure 14-5 shows the Request History tab.

Figure 14-5 The Request History Tab

Description of Figure 14-5 follows
Description of "Figure 14-5 The Request History Tab"

Note:

If an approver is not specified for a request, then the Updated By column in the Request History tab displays Internal User. This is the OIMINTERNAL user, which is an Oracle Identity Manager system user. All the internal request status updates are performed as Internal User.

14.2.2.4 The Approval Tasks Tab

This tab shows the status of tasks that have been assigned to people in connection with the request.

Figure 14-6 shows the Approval Tasks tab. Two tasks are shown: Requester manager approval for Request ID 82 and Beneficiary manager approval for Request ID 82. Note that for tasks that are assigned to multiple approvers in a sequence (that is, Assignee 1, then Assignee 2), the Assignee column only shows the name of the person who currently has the task assigned (or, if the task sequence has been completed, then it shows the name of the last person who worked on the task).

Figure 14-6 The Approval Tasks Tab

Description of Figure 14-6 follows
Description of "Figure 14-6 The Approval Tasks Tab"

14.2.2.5 The Child Requests Tab

This tab is displayed only for a bulk/parent request. It displays the child requests that are created for the bulk/parent request.