8 Using the Access Request Catalog

Oracle Identity Manager supports requesting for entities such as roles, application instances, and entitlements. You can request for these entities by using an access request catalog. All entities that can be requested are published to the catalog, using which you can request for the entities. Publishing is a term used for making an entity available for requesting or provisioning by the users of a particular organization. Users of that organization with Viewer admin role, can request for the entity through the request catalog. In addition, users can request for entities that are published to the home organization.

This section discusses the following topics:

Note:

At some places in this guide, access request catalog has been referred to as catalog or request catalog.

8.1 Viewing and Modifying the Access Request Catalog for Catalog Items

Based on permissions, you can view and modify catalog items in a request catalog as follows:

  1. Log in to Oracle Identity Self Service.

  2. In the left pane, under Requests, click Catalog. The Catalog page is displayed.

  3. Search for a catalog item that you want to view or modify as follows:

    In the Catalog field, enter a search keyword, and click the search icon on the right. The search results are displayed. The catalog items that match the search condition are listed in the Catalog Items section. Search results are filtered and displayed depending on the authorization policy granted to the user that is performing the search. See "Supported Search Operators" for more information about supported search operators.

  4. To view the catalog item, from the search results, select a catalog item. The details of the catalog item are displayed in the Detailed Information section.

  5. To modify the catalog item, in the Detailed Information section, modify the attributes of the catalog item and then click Apply to save the changes. Table 8-1 lists the fields in the Detailed Information section.

    Note:

    • You can modify attribute values if the fields are editable. If you do not have the required permission to modify the details, then these fields are displayed as read-only.

    • To see the edit changes, you must log out and relogin to the Catalog edit page.

    Table 8-1 Fields in the Detailed Information Section

    Fields Description

    Name

    Base entity name

    Display Name

    Base entity display name

    Description

    Description of the base entity

    Category

    Category of the catalog item

    By default, category can be either Role, Entitlement, or Application Instance. You can edit the value of this field to create a new user-defined category. This is illustrated by the following example:

    Suppose the category is Role. If you want to specify a new category (for example, My_Roles) for the current catalog item, then change the value of this field to My_Roles.

    Audit Objective

    A text field in which any relevant value or description that is use for Oracle Identity Analytics (OIA) certification

    Risk Level

    Level of risk for the entity

    The values that you can set for this field are Low Risk, Medium Risk, and High Risk.

    User Defined Tags

    Any value that describes the catalog item and used for searching the entity in future

    Approver User

    User who can approve the catalog item

    This is used at the time of processing the request for the catalog item or during attestation

    Approver Role

    Role that can approve the catalog item

    Certifier User

    User that can certify the catalog item

    Certifier Role

    Role that can certify the catalog item

    Fulfillment User

    User that can complete or fulfill the request for the catalog item

    Fulfillment Role

    Role that can complete or fulfill the request for the catalog item

    Certifiable

    Specifies whether a catalog item is certifiable


  6. If you want to revert the changes made, then click Revert.

8.1.1 Refining Search Results

After searching for catalog items, as described in "Viewing and Modifying the Access Request Catalog for Catalog Items", you can refine your search results to make it more precise. To do so, in the Refine Search section of the Catalog page, select one or more categories to display the catalog items of those categories. You can select or deselect the Select All checkbox to display or hide all items belonging to the categories.

Categories are a way of organizing entities in a request catalog. Each catalog item is associated with one and only one category. Categories of a catalog can be roles, entitlements, or application instances. For example, you can refine your search result to display catalog items belonging to the entitlements category only by selecting Entitlements in the Categories section.

8.1.2 Supported Search Operators

You use the Catalog field to specify a keyword to search or browse through the request catalog for catalog items. A search keyword is case insensitive. Here are the supported search operators:

  • One or more keywords: You can specify one or more keywords as a search condition.

    Sample value for one keyword: administrator

    This search condition finds all catalog items that contain the term "administrator."

    Sample value for more than one keyword: web administrator

    This search condition finds all catalog items that contain the terms web and administrator. This search automatically applies the AND operator to the search keywords. This is because a space character between keywords behaves as an AND operator. Alternatively, you can use an & operator to denote an AND relationship explicitly.

    For example, web administrator and web & administrator return catalog items that contain both web and administrator .

  • Phrase search: To search for catalog items that contain the exact phrase that you enter, you must specify the search condition within double quotes (").

    For example, searching for "web administrator" returns catalog items containing the phrase "web administrator"

  • OR [|] search: Use the OR [|] operator to search for catalog items containing any of the search keywords.

    Sample value 1: web | administrator

    This search condition returns catalog items containing the term web or administrator.

    Sample value 2: "vision purchasing" | administrator

    This search condition returns catalog items containing the phrase "vision purchasing" or the term administrator.

  • Wildcard search: You can use the asterisk (*) symbol as the wildcard to perform search operations. However, the catalog search does not support a search condition that begins with or contains only the asterisk (*) symbol.

    For example, admin* returns catalog items beginning with admin such as administrator and administration.

Note:

  • If the number of records are huge in the catalog table, and if you use the hash symbol (#) and add the asterisk (*) symbol to it, you get an error.

  • You must use only double quote while performing search.

8.2 Adding and Removing Catalog Items to and from the Cart

A request cart, also known as a cart, contains a set of catalog items that the user selects from the request catalog. Users can add catalog items to the request cart to submit a request for entities such as roles, entitlements, and application instances. The request cart does not persist across user sessions.

To add catalog items to the cart:

  1. Log in to Identity Self Service.

  2. Search for the catalog items that you want to add to the cart. See "Viewing and Modifying the Access Request Catalog for Catalog Items" for the procedure to search for catalog items.

  3. If required, narrow down your search result by selecting or deselecting one or more categories in the Refine Search section. You can select or deselect the Select All checkbox to display or hide all the items belonging to the categories.

  4. Select a catalog item that you want to request, and then click Add to Cart. The information of the selected catalog item is displayed in the Detailed Information section.

    You can also select multiple items by pressing Ctrl and clicking the items, and the clicking Add Selected to cart.

  5. Click Edit. The Request Cart dialog box is displayed with a list of catalog items in the cart, as shown in Figure 8-1:

    Figure 8-1 The Request Cart

    Description of Figure 8-1 follows
    Description of "Figure 8-1 The Request Cart"

  6. Select a catalog item to display detailed information about the item. Review the details, and if required, you can remove the item from the cart by clicking Remove for the corresponding item.

    Alternatively, you can click Remove All to delete all items from the cart.