Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager
11g Release 2 (11.1.2)

Part Number E27152-02
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
PDF · Mobi · ePub

Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  R  S  T  U  V  W 

A

access rights, 2.3.1
accordions
Administration, 3.4.3
Home, 3.4.1
Reports, 3.4.2
accounts, privileged
access issues, C.1.3
access rights, 2.3.1, 2.3.2
adding, 5.1.3.2, A.2.2, B.2.1
administration roles, 2.3.1
assigning policies, 5.1.1.8.1
auditing, 6.1
checking out/in, 2.4.2.1, 5.1.3.6, 5.1.3.7, A.2.4, B.2.10, B.2.11
deployment report, 3.4.2
description, 1.1, 5.1.3.1
display listing, A.2.5
granting to groups, 5.1.4.3, A.2.14
granting to users, 5.1.4.2, A.2.15
managing, 1.2.4, 5.1.3.1
mapping, 5.1.3.2, 5.1.3.2, 5.1.3.2.3
opening, 5.1.3.4
removing, 5.1.3.8, A.2.17, B.2.6
removing access, A.2.18, A.2.20, B.2.8
resetting passwords, 1.2, 5.1.1.3, 5.1.1.3, 5.1.3.5.2, 5.1.3.5.2
retrieving, A.2.22, B.1.8, B.2.3
searching, 3.4.4, 5.1.3.3, A.2.27, B.3.1
securing shared, 2.4.2, 2.4.2.2
shared, 2.4.2.2, 5.1.3.2.1
sharing, 2.4.2.2, 5.1.3.1.3, 5.1.3.2.1
showing checked out, 5.2.4, A.2.9, B.3.2
status, 3.4.4, 5.1.3.3
updating, B.2.5
verifying, B.2.2
accounts, service, 1.2.1, 5.1.2.2, Glossary
accounts, unattended, 1.2.1, 5.1.2.2, Glossary
activating
Password Policies, 5.1.1.5
Usage Policies, 5.1.1.6
adding
CSF mappings, 5.1.3.2.3
grantees, 5.1.3.2.2
identity providers, 7.2.2.3
new connectors, 3.2.4
Password Policies, 5.1.1.5
privileged accounts, 5.1.3.2, 5.1.3.2, B.2.1
targets, 5.1.2.2, A.2.2, B.1.2, C.1.4
Usage Policies, 5.1.1.5
ADF
authentication, 2.2
definition/purpose, Glossary
Oracle Privileged Account Manager Console, 1.2.3
Admin Roles, Common, 2.3.1, 2.3.1
Administration accordion, 3.4.3
administrators
configuring OIM, 7.1.4
default, 2.3.1
agents, WebGate, 7.2
APIs, REST, B
application accounts
managing, 5.1.3.1
targets, 5.1.2.1
Application Configurator role
access rights, 2.3.1
assigning, 3.3.3
Application Development Framework, Oracle
See ADF
applications
configuring access to multiple, 7.2.2.4
default URLs, 3.1
deploying client, 2.2.1
roles, 2.3.1
storing credentials, 1.2.4
unattended, 1.2.2
writing custom, 1.2.3
architecture
diagram, 1.2.3
Oracle Privileged Account Manager server, 4.1
assigning policies, 5.1.1.8.1
attended accounts, 1.2.1
attributes, retrieving target, B.1.1
audit logs
default file location, 6.1.1
saving, 6.1.1
audit reports
configuring, 6.1.1.1
default report types, 6.1.2
deploying, 6.1.1.3
example, 6.1.2
audit schema, 6.1.1.2
auditing
event types, 6.1
example audit report, 6.1.2
file-based, 6.1.1.1
logging levels, 6.1.1.4
managing, 6
password management actions, 5.1.3.5
privileged accounts, 6.1
saving audit logs, 6.1.1
shared accounts, 2.4.2.2
authentication
ADF-based, 2.2
framework, 2.1
JAAS support, 1.2.3, 2.1
modes, 2.2
Oracle Privileged Account Manager command line tool client, 2.2.2
Oracle Privileged Account Manager server, 2.2.2
SAML-based token, 2.2
schema, 7.2.2.1
user, 2.2.1
authorization
Common Admin Roles, 2.3
end users/enterprise users, 2.3.2
framework, 2.1
mapping users to Admin Roles, 2.3.1
weblogic or bootstrap user, 2.3.1

B

basic logging, configuring, 6.2.1
BI Publisher
audit reports, 6.1.1.2, 6.1.2
configuring connection to server, 6.1.1.3
deploying audit reports, 6.1.1.3
example audit report, 6.1.2
features, 1.2.1
bootstrap user, 2.3.1, Glossary

C

catalogs, 7.1.4
certificates, SSL, 3.3.2
channels, secure versus unsecure, 2.4.1.1
checking out/in
privileged accounts, 5.1.3.6, 5.1.3.7, A.2.4, B.2.10, B.2.11
shared accounts, 2.4.2.2
troubleshooting, C.1.6
clients, third-party, 1.2.3
command line tool
adding Oracle Privileged Account Manager server, 4.1
commands, A.2
security, 2.2.2, 2.4.1.2
starting, A.1
using, A
command syntax, A.2.1
commands
importing SSL certificates, 3.3.2
launch command line tool, A.1
OPAM command line, A.2
WLST, 7.2.2.4
Common Admin Roles, 2.3.1, 2.3.1
configuring
access to multiple applications, 7.2.2.4
audit reports, 6.1.1.1
data sources, 6.1.1.3
external identity store, 4.3
OIM administrators, 7.1.4
Oracle HTTP Server, 7.2.2.2
Oracle Internet Directory authenticator, 4.3.1
shared accounts, 5.1.3.2.1
connecting to Oracle Privileged Account Manager server, 3.4.3, C.1.1
connectors
adding new, 3.2.4
bundle location, 3.2.2
connecting to target systems, 2.4.1.1
deploying, 3.2
description, 3.2, 3.2
Identity Connector FrameWork, 1.2.1
installing, 3.2
LDAP, 7.1.3
opam-config.xml file, 3.2.3, 3.2.4.1, 3.2.4.2
opam-config.xsd file, 3.2.3, 3.2.3, 3.2.4.2, 3.2.4.2
shipped with Oracle Privileged Account Manager, 3.2.1
storing, 3.2.2
supported database types, 5.1.2.2
writing, 3.2.1
Console
configuring SSO, 2.2.1
description, 1.2.3
securing, 2.4.1.2
troubleshooting issues, C.1.2
user authentication, 2.2.1
converting LDIF files, 4.3.2
creating
Password Policies, 5.1.1.5, B.7.1
schema, 6.1.1.2, Glossary
Usage Policies, 5.1.1.6, B.6.1
Credential Store Framework
See CSF.
credentials
managing application, 1.2.4.3
provisioning through Oracle Privileged Account Manager, 1.2.4.1
starting servers, 3.3.1
storing, 1.2.4, 1.2.4, 5.1.3.2.3
using CSF, 1.2.4
CSF
account mapping, 1.2.4.1, 5.1.3.2, 5.1.3.2, 5.1.3.2.3
definition/purpose, 1.2.1, Glossary
custom applications, writing, 1.2.3
custom connectors, adding, 3.2.4.2

D

data
exporting, A.2.12
importing, A.2.12
data sources
configuring, 6.1.1.3
defining JDBC, 6.1.1.3
default
administrator, 2.3.1
audit report types, 6.1.2
password requirements, setting, 5.1.1.3
ports, 3.1, 3.1, A.1
URLs, 3.1, 3.1
Default Password Policy, 5.1.1.1, 5.1.3.2.1
Default Usage Policy, 5.1.1.1, 5.1.3.2.1
defining
JDBC connections and data sources, 6.1.1.3, 6.1.1.3
policies, 2.1
roles, 2.1
deleting
grantees, 5.1.4.6
Password Policies, B.7.3
policies, 5.1.1.9
Usage Policies, B.6.4
deploying
audit reports in BI Publisher, 6.1.1.3
client applications, 2.2.1
connectors, 3.2, 3.2.4.2
Oracle Privileged Account Manager in Oracle Fusion Middleware, 1.3
Deployment Reports, 5.1.5.1
diagnosing problems, C.2
diagnostic logs, 6.2
disabling
Password Policies, 5.1.1.5
Usage Policies, 5.1.1.6
displaying
checked out accounts, A.2.9, B.3.2
domain tree, A.2.10
group listing, A.2.6
privileged accounts list, A.2.5
target listing, A.2.7
target type tree, A.2.11
user listing, A.2.8
domain tree, displaying, A.2.10
DOMAIN_HOME, 6.1.1, 6.1.1.1, 6.1.1.2, Glossary
duration, password, 5.1.1.3

E

end users
privileges, 2.3.2
self-service instructions, 5.2
enterprise roles
creating, 4.3.2
populating resource catalog, 7.1.3
entitlements
populating resource catalog, 7.1.3
requesting access, 7.1.4
exporting data, A.2.12
external identity store, configuring, 4.3

F

Failure Reports, 5.1.5.3
file-based auditing, configuring, 6.1.1.1
files
audit logs, 6.1.1
connector bundles, 3.2.2
converting LDIF, 4.3.2
jps-config.xml, 6.1.1.1, 6.1.1.2, 6.1.1.4
mod_wl_ohs.conf file, 7.2.2.2
opam_product_BIP11gReports_11_1_1_6_0.zip, 6.1.1.3
opam-config.xml file, 3.2.3, 3.2.4.1, 3.2.4.2
opam-config.xsd file, 3.2.3, 3.2.3, 3.2.4.2, 3.2.4.2
Repository Creation Utility zip, 6.1.1.2
firecall requests, 7.1.4
framework
ADF, Glossary
authentication and authorization, Preface, 2
Oracle Privileged Account Manager, 2
Framework, Credential Store
See CSF.
Framework, Identity Connector
See ICF.

G

generating audit reports, 6.1.1.1
generic logs, default location, 6.2
grantees
adding to privileged accounts, 5.1.3.2.2
granting accounts, 5.1.4.2, 5.1.4.3, A.2.14, B.2.7
opening, 5.1.4.5
removing, 5.1.4.6
retrieving, A.2.23, B.2.9
searching, 5.1.4.4
groups
display listing, A.2.6
retrieving, B.5.1
searching, A.2.28, B.5.2
groups, granting accounts, 5.1.4.3

H

Home accordion, 3.4.1
HTTP Basic-Authorization, 2.2, 2.2.2

I

ICF, 1.2.1, Glossary
ID Store, OPSS, 1.3
Identity Connector FrameWork
See ICF.
identity propagation, 2.2.1, Glossary
identity providers, adding, 7.2.2.3
identity store
configuring, 4.3
Oracle Internet Directory, 4.3.1, 7.2.1
Oracle Virtual Directory, 4.3.1
importing
data, A.2.12
SSL certificates, 3.3.2
integrating with
Oracle Access Management Access Manager, 7.2
Oracle Identity Manager, 7.1
Oracle Identity Manager workflows, 7.1.5
Oracle technologies, 1.2.1
interfaces
configuring SSO, 2.2.1
Oracle Privileged Account Manager, 1.2.3
securing, 2.4.1.2

J

JAAS authentication support, 1.2.3, 2.1
jar files, connector, 3.2.2
JavaScript Object Notation
See JSON.
JDBC connections and data sources, 6.1.1.3
jps-config.xml file, 6.1.1.1, 6.1.1.2, 6.1.1.4
JSON Representations
description, Glossary
Oracle Privileged Account Manager architecture, 1.2.3
RESTful APIs, B

L

launching the command line tool, A.1
LDAP connectors, 7.1.3
LDAP groups, 7.1.1, 7.1.2
LDIF files, converting, 4.3.2
ldifmigrator, 4.3.2, 4.3.2, Glossary
loading audit schema, 6.1.1.2
logging
audit logger, 6.1
audit logs location, 6.1.1
configuring basic, 6.2.1
diagnosing problems, C.2.1
exceptions, C.2.2
generic logger, 6.2
generic logs location, 6.2
setting audit logging levels, 6.1.1.4
setting basic logging levels, 6.2.1

M

managing
account credentials, 1.2.4
application credentials, 1.2.4.3
Oracle Privileged Account Manager audit logging, 6
passwords, 1.2, 5.1.3.5
public key security, 1.2.1
mapping, CSF, 1.2.4.1, 5.1.3.2, 5.1.3.2.3
metadata, storing, 2.2
Migration Tool, Oracle Internet Directory, 4.3.2
mod_wl_ohs.conf file, 7.2.2.2
modifying
Default Password Policy, 5.1.1.3
default Usage Policy, 5.1.1.4
policies, 5.1.1.1
My Oracle Support, C.3

N

network channel, securing, 2.4.1

O

opam_product_BIP11gReports_11_1_1_6_0.zip file, 6.1.1.3
opam-config.xml file, 3.2.3, 3.2.4.1, 3.2.4.2
opam-config.xsd file, 3.2.3, 3.2.3, 3.2.4.2, 3.2.4.2
opam-logging.xml file, 6.2.1
opening
grantees, 5.1.4.5
policies, 5.1.1.2
privileged accounts, 5.1.3.4
targets, 5.1.2.4
OPSS
description, Glossary
ID Store, 1.3
Policy Store, 1.2.1
providing authentication, 2.2, 2.2.1
Security Store, 1.3
Trust Service, 1.2.1
OPSS Trust Service, 2.2.1, Glossary
OPSS-Trust Service Assertions, 2.2
OPSS-Trust tokens, 2.1
Oracle Access Management Access Manager
integration with, 7.2
Oracle Application Development Framework
See ADF.
Oracle Fusion Middleware
deploying Oracle Privileged Account Manager, 1.3
Oracle Fusion Middleware Audit Framework, 1.2.1
Oracle HTTP Server, 7.2.2
configuring, 7.2.2.2
Oracle Identity Manager
configuring administrators, 7.1.4
enterprise roles, 7.1.3
entitlements, 7.1.3, 7.1.4
integration, 7.1, 7.1.5
resource catalog, 7.1.3
rules, 7.1.4
workflow support, 7.1.5
Oracle Internet Directory
configuring authenticator, 4.3.1
Data Migration Tool (ldifmigrator), 4.3.2, Glossary
identity store, 4.3.1, 7.2.1
Oracle Platform Security Services
See OPSS
Oracle Privileged Account Manager
architecture and topology, 1.2.3
command syntax, A.2.1
default connectors, 3.2.1
interfaces, 1.2.3
managed server, starting, 3.3.1
securing, 2.4
Oracle Privileged Account Manager Console
about, 1.2.3
adding Oracle Privileged Account Manager server, 4.1
ADF, 1.2.3
configuring SSO, 2.2.1
securing, 2.4.1.2
Oracle Privileged Account Manager server
architecture, 4.1
authentication, 2.2.2
connecting to, 3.4.3, C.1.1
description/purpose, 4.1
Oracle Virtual Directory
identity store, 4.3.1
Oracle Wallet, 1.2.1

P

packet sniffing, 2.4.1.1
Password Complexity Rules, 5.1.1.3
Password Policies
activating, 5.1.1.5
assigning to accounts, 5.1.1.8.1
creating, 5.1.1.5, B.7.1
deleting, B.7.3
description/purpose, 5.1.1.1
disabling, 5.1.1.5
modifying, 5.1.1.1, 5.1.1.3
resetting passwords, 5.1.1.3, 5.1.1.3, 5.1.3.5.2
retrieving, B.7.2
searching, 5.1.1.7
specifying password durations, 5.1.1.3
updating, B.7.4
Password Policy, Default, 5.1.3.2.1
passwords
defining requirements, 5.1.1.3
managing, 1.2, 5.1.3.5
privileged, 1.2
propagating, 2.4.1
resetting, 2.4.3, A.2.21, B.2.4
resetting automatically, 1.2, 5.1.1.3
resetting manually, 5.1.1.3, 5.1.3.5.2
showing, 5.1.3.5, A.2.31, B.2.13
specifying duration period, 5.1.1.3
storing, 1.2
policies
assigning to accounts, 5.1.1.8.1
creating, 5.1.1.5, 5.1.1.6, B.6.1, B.7.1
default, 5.1.3.2.1
defining, 2.1
deleting, 5.1.1.9, B.6.4, B.7.3
description/purpose, 5.1.1.1
disabling, 5.1.1.5, 5.1.1.6
making active, 5.1.1.5, 5.1.1.6
modifying, 5.1.1.3, 5.1.1.4
opening, 5.1.1.2
retrieving, B.6.2, B.7.2
searching, 5.1.1.7
searching for, B.8.1
types, 5.1.1.1
updating, B.6.3, B.7.4
verifying, 5.1.1.8.1, 5.1.1.8.1
viewing, 5.1.1.2
Policy Store, OPSS, 1.2.1
ports
default, 3.1, A.1
SSL, 4.1, A.1
privileged accounts
access rights, 2.3.1, 2.3.2
adding, 5.1.3.2
administration roles, 2.3.1
assigning policies, 5.1.1.8.1
auditing, 6.1
checking out/in, 5.1.3.6, 5.1.3.7
deployment report, 3.4.2
description, 1.1, 5.1.3.1
display listing, A.2.5
granting to groups, 5.1.4.3
granting to users, 5.1.4.2
managing, 5.1.3.1
mapping, 5.1.3.2, 5.1.3.2, 5.1.3.2.3
opening, 5.1.3.4
removing, A.2.17
removing from target, 5.1.3.8
removing group access, A.2.18
resetting passwords, 1.2, 5.1.1.3, 5.1.3.5.2
searching, 3.4.4, 5.1.3.3
searching for, A.2.27
securing shared, 2.4.2
sharing, 2.4.2.1, 5.1.3.1.3, 5.1.3.1.3, 5.1.3.2.1
showing checked out, 5.2.4, A.2.9, B.3.2
status, 3.4.4, 5.1.3.3
privileged passwords, 1.2
privileges
administrators, 2.3.1
end users, 2.3.2
propagating passwords, 2.4.1
propagation, identity, 2.2.1
provisioning
credentials, 1.2.4.1
process diagram, 1.2.4.1
public key security, managing, 1.2.1

R

registered accounts, retrieving, B.1.9
removing
accounts from targets, 5.1.3.8
grantees, 5.1.4.6, A.2.18, A.2.20
privileged accounts, A.2.17, B.2.6
required Admin Role, 2.3.1
targets, 5.1.2.5, A.2.19, B.1.6
reporting
BI Publisher, 6.1.1.2, 6.1.2
example audit report, 6.1.2
reports
audit, 6.1.1.3
configuring, 6.1.1.1
default audit, 6.1.2
Deployment, 5.1.5.1
example audit, 6.1.2
Failure, 5.1.5.3
Usage, 5.1.5.2
viewing, 5.1.5
Reports accordion, 3.4.2
Repository Creation Utility, 6.1.1.2, Glossary
Representational state transfer service
See REST (Restful).
resetting passwords, 1.2, 2.4.3, 5.1.1.3, 5.1.3.5.2, A.2.21, B.2.4
resource catalog, 7.1.3
REST (RESTful)
APIs, Preface
definition/purpose, Glossary
interface, B
service, 1.2.3
retrieving
available accounts, B.1.8
grantees, A.2.23, B.2.9
groups, B.5.1
Password Policies, B.7.2
privileged accounts, A.2.22, B.2.3
registered accounts, B.1.9
target types, B.1.10
targets, A.2.25, B.1.4
Usage Policies, B.6.2
users, A.2.26, B.2.12, B.4.1
retrieving target attributes, B.1.1
roles
administration, 2.3.1
application, 2.3.1
Application Configurator, 2.3.1
defining, 2.1
enterprise, 4.3.2, 7.1.1
Security Administrator, 2.3.1
User Manager, 2.3.1
rules, configuring OIM, 7.1.4

S

SAML
definition/purpose, Glossary
SAML-based token authentication, 2.2
saving audit logs, 6.1.1
schema
authentication, 7.2.2.1
creating, 6.1.1.2, Glossary
for opam-config.xml, 3.2.3
loading, 6.1.1.2
validating, 3.2.4.2
Search Results tables, using, 3.4.5
searching
for grantees, 5.1.4.4
for groups, A.2.28, B.5.2
for policies, 5.1.1.7, B.8.1
for privileged accounts, 3.4.4, 5.1.3.3, A.2.27, B.3.1
for targets, 5.1.2.3, A.2.29, B.1.7
for users, A.2.30, B.4.2, B.4.3
securing
command line tool, 2.2.2, 2.4.1.2
Console, 2.4.1.2
network channel, 2.4.1
Oracle Privileged Account Manager, 2.4
public keys, 1.2.1
shared accounts, 2.4.2, 2.4.2.3
Security Administrator role, 2.3.1
Security Store, OPSS, 1.3
self-service, 5.2.1
servers
BI Publisher, 6.1.1.3
connecting to Oracle Privileged Account Manager server, 3.4.3, C.1.1
Oracle Privileged Account Manager architecture diagram, 4.1
starting, 3.3.1
service accounts, 1.2.1, 5.1.2.2, Glossary
shared accounts
auditing, 2.4.2.2
configuring, 5.1.3.2.1
description, 2.4.2, 5.1.3.1.3
limitations, 5.1.3.1.3
securing, 2.4.2.2
security limitations, 2.4.2.2
showing passwords, 5.1.3.5, A.2.31, B.2.13
SSL
communication, 1.2.3, 2.2.2
default ports, 4.1, A.1
enabling, 5.1.2.2
importing certificates, 3.3.2
specifying endpoint, 4.1, A.1
specifying the port, 4.4.1
using, 2.2, 4.1, A.1
SSO
configuring for user interface, 2.2.1
enabling, 7.2.2
starting
command line tool, A.1
Oracle Privileged Account Manager managed server, 3.3.1
WebLogic Admin Server, 3.3.1
status, privileged accounts, 3.4.4, 5.1.3.3
storing
connectors, 3.2.2
credentials, 1.2.4, 5.1.3.2.3
CSF mappings, 1.2.4.1
metadata, 2.2
passwords, 1.2
sudo authorization, 5.1.2.2
Support, My Oracle, C.3
system accounts
managing, 5.1.3.1
targets, 5.1.2.1
systems, connecting to target, 2.4.1.1

T

target type tree, displaying, A.2.11
target types, retrieving, B.1.10
targets
adding, 5.1.2.2, A.2.2, B.1.2
connecting to, 2.4.1.1, C.1.3
display listing, A.2.7
opening, 5.1.2.4
removing, 5.1.2.5, A.2.19, B.1.6
removing accounts, 5.1.3.8
retrieving, A.2.25, B.1.4
searching for, 5.1.2.3, A.2.29, B.1.7
target types, 5.1.2.2
updating, B.1.5
verifying, B.1.3
third-party clients, 1.2.3
tokens, OPSS Trust, 2.1
topology and architecture diagram, 1.2.3
troubleshooting common problems, C
Trust Service, OPSS, 1.2.1

U

unattended
accounts See service accounts.
applications, 1.2.2
unsecure channels, 2.4.1.1
unshared accounts, 2.4.2
updating
accounts, B.2.5
Password Policies, B.7.4
targets, B.1.5
Usage Policies, B.6.3
URIs, B
URLs, default application, 3.1
Usage Policies
activating, 5.1.1.6
assigning to accounts, 5.1.1.8.1
creating, 5.1.1.6, B.6.1
deleting, B.6.4
description/purpose, 5.1.1.1
disabling, 5.1.1.6
modifying, 5.1.1.1, 5.1.1.4
retrieving, B.6.2
searching, 5.1.1.7
updating, B.6.3
Usage Policy, Default, 5.1.3.2.1
Usage Reports, 5.1.5.2
user authentication, 2.2.1
User Manager role, 2.3.1
users
bootstrap, 2.3.1, Glossary
display listing, A.2.8
granting accounts, 5.1.4.2, B.2.7
removing access, A.2.20, B.2.8
retrieving, A.2.26, B.2.12, B.4.1
searching for, A.2.30, B.4.2, B.4.3
self-service, 5.2.1
sharing accounts, 2.4.2.1, 5.1.1.4
utilities, Repository Creation Utility, 6.1.1.2

V

validating opam-config.xml, 3.2.4.2
verifying
OID configuration, 4.3.1
policies, 5.1.1.8.1, 5.1.1.8.1
privileged accounts, B.2.2
targets, B.1.3
viewing policies, 5.1.1.2
viewing reports, 5.1.5

W

WebGate agents, 7.2
WebLogic
SSL port, 4.1, A.1
starting Admin Server, 3.3.1
weblogic user, 2.3.1
WLST commands, 7.2.2.4
workflows
administrator, 5.1
integrating with Oracle Identity Manager, 7.1.5
Oracle Identity Manager support, 7.1.5
self-service, 5.2.1