2 Working with Domains and Administrators

This section covers the following topics:

2.1 About Domains and Administrators

A domain is the top-level administrative component of Oracle IRM. It contains all other Oracle IRM components.

Within a domain there are four administrator types:

  • Domain administrators create other administrators. They also create roles and context templates, and can create contexts from those templates.

  • Domain managers create contexts from the templates created by domain administrators.

  • Inspectors can be given permission to view user and group rights for previously created contexts, and to run audit reports.

  • Context managers manage user and group rights within previously created contexts.

The four administrator types can each see and use a different combination of pages and tabs on the Oracle IRM Server administration console. See Section A.2, "Visibility of Pages and Tabs to Administrator Types".

A user can have multiple administrative roles. For example, domain administrators should normally also be made inspectors. However, because domain administrators have all the privileges of a domain manager, domain managers are prevented from also being domain administrators.

The administrative roles are not hierarchical. For example, domain administrators cannot perform context manager functions, unless a particular user is both a domain administrator and a context manager.

Note:

Users who are domain administrators should also be set up as inspectors. This will let them see all contexts, and therefore be able to assess the impact of changes they make to context templates. For the same reason, contexts should normally be made visible to inspectors.

Although Oracle IRM Server supports groups (both users and groups can be given rights), groups cannot be given administrative roles.

Note:

There is no correspondence between Oracle IRM domains and WebLogic server domains.

2.2 Creating Domain Administrators, Domain Managers, and Inspectors

Notes:

Only domain administrators can perform this procedure.

This procedure requires access to the external directory of users that was referenced during installation of Oracle IRM Server. See Section 1.2, "Access to User Details".

The first user to log in to the Control Console (see Section 1.3.2, "Oracle Enterprise Manager Fusion Middleware Control Console ("The Control Console")") is made a domain administrator.

Use the following procedure to create a domain administrator, a domain manager, or an inspector.

  1. Click the Domain tab to reveal the Domain page.

  2. Click the Administrators tab.

  3. Click the New Administrator icon to open the New Administrator dialog.

  4. In the Administrator Type box, select the type of administrator to create.

  5. In the Search box, enter part of the name of a known user, then click the Search button. Alternately, to generate a list of available users, leave the box blank and click the Search button.

    The available users are shown in the Available Users box. Selecting an item in the Available Users box will reveal its details in the Details area.

  6. Move the user that is to be assigned as an administrator to the Selected box.

  7. To assign the user to be an administrator of the type shown in the Administrator Type box, click OK.

Note:

If you want a user to be more than one administrator type, repeat the above procedure, selecting a different administrator type in step 4.

2.3 Creating Context Managers

The domain administrator or domain manager who creates a context is automatically assigned as a manager for that context.

Other users can be assigned as context managers for a context, either in addition to or instead of the automatically assigned manager. Once a context has a deliberately assigned context manager, it is usual for that manager to remove the automatically assigned managers from the context.

Assigning and unassigning users as context managers is done using the Managers tab of the Contexts page (see Section 5.7, "Adding a Context Manager").