Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11g Release 2 (11.1.2)

Part Number E27149-16
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

33 Managing Identity and Resource Information

This chapter describes managing users in Oracle Identity Manager Design Console. It contains the following sections:

33.1 Overview of User Management

The User Management folder provides tools to create and manage information about a company's organizations, users, roles, and resources.

This folder contains the following forms:

33.2 Managing Organization Information

The Organizational Defaults form is in the User Management folder. You use this form to view records that reflect the structure of your organization and to enter and modify information related to organizational entities. An organization record contains information about an organizational unit, for example, a company, department, or branch.

A suborganization is an organization that is a member of another organization, for example, a department in a company. The organization that the suborganization belongs to is referred to as a parent organization.

You use the Organizational Defaults tab to specify default values for parameters on the custom process form for resources that can be provisioned for the current organization. Each process form is associated with a resource object that is allowed for the organization, or with a resource that has the Allow All option on the associated Resource Objects form selected.

The values that you provide on the Organizational Defaults tab become the default values for all users in the organization. Oracle recommends that you do not specify default values for passwords and encrypted parameters.

Figure 33-1 shows the Organizational Defaults form.

Figure 33-1 Organizational Default Form

Description of Figure 33-1 follows
Description of "Figure 33-1 Organizational Default Form"

Table 33-1 describes the fields of the Organizational Default form.

Table 33-1 Fields of the Organizational Defaults Form

Field Name Description

Organization Name

Name of the organization.

Type

The classification type of the organization, for example, Company, Department, Branch.

Status

The current status of the organization (Active, Disabled, or Deleted).

Parent Organization

The organization to which this organization belongs. If a parent organization is displayed in this field, this organization is displayed on the Sub Organizations tab for the parent organization. If this field is empty, this organization is a top-level organization.


33.3 Viewing Resources Allowed or Disallowed for Users

You use the Policy History form to view information about the resources that are allowed or disallowed for a user.

There are two types of users in Oracle Identity Manager:

Table 33-1 shows this form.

Figure 33-2 Policy History Form

Description of Figure 33-2 follows
Description of "Figure 33-2 Policy History Form"

Table 33-2 describes the fields of the Policy History form.

Table 33-2 Fields of the Policy History Form

Field Name Description

User ID

The user's Oracle Identity Manager login ID.

First Name

The user's first name.

Middle Name

The user's middle name.

Last Name

The user's last name.

Email Address

The user's e-mail address.

Start Date

The date on which the user's account will be activated.

Status

The current status of the user (Active, Disabled, or Deleted).

Organization

The organization to which the user belongs.

User Type

The user's classification status. Valid options are End-User and End-User Administrator. Only end-user administrators have access to Oracle Identity Manager Design Console.

Employee Type

The employment status of the user at the parent organization (for example, full-time, part-time, intern, and so on).

Manager ID

The user's manager.

End Date

The date on which the user's account will be deactivated.

Created on

The date and time when the user record was created.


33.3.1 Policy History Tab

Use this tab to view resource objects that are allowed or disallowed for a user, based on the following:

  • Access policies for the user group to which the user belongs

  • Resource objects that are allowed by the organization to which the user belongs

The Policy History tab contains a Display Selection region. To organize the contents of this tab, go to the uppermost box in this region and select an item from one of its menus, as follows:

  • Resource Policy Summary: Displays resource objects that are allowed or disallowed based on the user's organization and applicable access policies.

  • Not Allowed by Org: Displays only resource objects that are disallowed, based on the user's organization.

  • Resources by Policy: Displays a second box that contains the access policies for the user groups to which the user is a member.

    Select an access policy from this box to display the resource objects that are allowed or disallowed for the user, based on this access policy.

A tracking system enables you to view resources that are allowed or disallowed for a user, based on the organizations the user is a member of and the access policies that apply to the user.

The resource objects that are allowed for the user are displayed in the Resources Allowed list. This list represents resource objects that can be provisioned for the user. It does not represent the resource objects that are provisioned for the user.

The resource objects that are disallowed for the user are displayed in the Resources Not Allowed list.

To view the tracking system:

  1. Go to the Policy History tab.

  2. Find the Display Selection region on this tab.

  3. Click Policy History.

From the User Policy Profile History window, you can view resources that are allowed or disallowed for a user for the date and time you selected, as follows:

  • From the History Date box, you can select a date.

  • From the Display Type box, you can display resources that are allowed or disallowed based on the organizations the user is a member of, the access policies that apply to the user, or both.

  • From the Policy box, you can display the access policy that determines what resource objects are allowed or disallowed for the user.

33.4 Assigning Role Entitlements

The Group Entitlements form is displayed in the User Management folder. You use it to create and move forms, and to designate the forms and folders that members of a role can access through the Explorer.

To designate forms and folders to roles by using the Group Entitlements form:

  1. In the Explorer, double-click Group Entitlements.

    The User Group Information page is displayed, as shown in Figure 33-3:

  2. In the Group Name field, enter the name of the role.

  3. Click Assign.

    The User Form Assignment lookup table is displayed.

  4. From the lookup table, select the user form for this role.

    Use the arrow buttons to either add or delete from the Assigned Forms list.

  5. Click OK.

    The newly added user forms are listed in a Group Entitlements table. The Group Entitlements Table displays all available roles. This table shows the name of the user form and the type. In the Group Entitlements table, there are two types, javaform and folder. A javaform is a Java-based, graphical interface. A folder is a container of one or many javaforms.

See Also:

"Default Roles" for information about pre-existing roles in Oracle Identity Manager