6 Requests

Oracle Identity Manager enables you to create and track requests for resources you have requested for users and organizations. In addition, if you are an administrator, you will be able to create requests to provision the users you manage with resources. If you are an approver, you will be able to view and act on (for example, approve, reject) the tasks assigned to you. If you are both an approval and an administrator, you will be able to perform the functions associated with both roles.

This chapter includes the following subsections

• Creating and Managing Requests

• Tracking Requests

For a list of the various roles and their associated Oracle Identity Manager capabilities refer to Understanding User Roles and Capabilities.

Creating and Managing Requests

Oracle Identity Manager enables you to create and manage requests for the provisioning of resources to yourself and other users as well as organizations. Additionally, you can search on the following criteria:

• User IDs

• Request ID

• Date the request was created

• Resource Name

• Status of the request

The Resource option lets you choose the following options:

• Grant Resources – is used to allow resources to a target.

• Disable Resources – is used to temporarily disable resources.

• Re-enable Resources – after the resources are disabled, you can re-enable resources.

• Revoke Resources – is used to delete resources permanently. You cannot re-enable the resource back once you have revoked it.

This section includes the following subsections:

• Granting Resources

• Disabling Resources

• Re-enabling Resources

• Revoking Resources

Note: If you are a Oracle Identity Manager administrator, you will be able to create requests to provision other users with resources. Certain resources may be configured to allow users to request the resource for themselves. If a resource allows self-service requests, Oracle Identity Manager will not require you to be an administrator in order to request it for yourself. In addition, if the resource is set to be allowed for all users, Oracle Identity Manager will not require you to be an administrator in order to request it for another user. If a resource is not set as allowable for all users then only those users associated with departments or organizations for which it is allowed will be able to have the resource requested for them. To determine whether a resource may be requested for you, contact your Oracle Identity Manager administrator or the administrator of the particular resource.To enable, disable, and revoke a resource instance, the resource must be configured for these tasks.

Granting Resources

To create a request for the provisioning of resources, click Requests in the Explorer Menu, then click Resources. The Make a Request page appears.

1. This page defaults to the Grant Resource option. Use this option to grant a resource to a specific user or organization. Click Continue. The Create a Request To Provision Resource(s) – Step 1: Select Type page appears.

2. Click Users option to assign a resource to one or many users. Otherwise, select the Organization option to provision a resource to one or many organization(s).

   
   

   Note: Since requesting resources for an organization is similar to requesting resources for a user, this example will only includes the steps for requesting for resources for a user.

   
   

   In this case, the Users option is selected. Click Continue. The Create a Request To Provision Resource(s) – Step 2: Select User(s) page appears.

   The Results table displays the following information:

   Field	Description
   User ID	This is the login identification or user name.
   First Name	This is the first name of the user.
   Last Name	This is the last name of the user.

   
   

3. Select the User's checkbox then click Add to place the user name(s) in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Then click Continue. The Create a Request To Provision Resource(s) – Step 3: Provide Resource page appears.

   
   

   Note: If the request system form has any user-defined fields, then those fields are displayed on the STEP 2: Provide Additional Information page in the wizard. These fields are created using the User Defined Field Definition form for Form Name=Requests. For more information on this, refer to the Oracle Identity Manager Design Console Guide.

   
   

4. Select the resource name checkbox then click Add to place the resource name in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Then click Continue. The Create a Request To Provision Resource(s) – Step 4: Provide Resource Data page appears.

5. This page displays information about the resource and the user for this request. If the information is correct, then click Continue. Otherwise, click Back to make the appropriate corrections. Any associated Forms will be displayed in the next page.

6. Enter the information requested in the Forms field, then click Continue. Otherwise, click Back to make the appropriate corrections. The Create a Request To Provision Resource(s) – Step 5: Verify Information page appears.

   
   

   Note: You can provision the same resource multiple times if the resource is configured for such usage.

   
   

7. You can add a comment if desired. By clicking on the add a comment link, the Add Request Comment page appears.

8. After entering your comment in the Comment field, click Add Comment to insert your comment with your resource request. Otherwise, you can click Clear to erase the text in the Comment field or Close to dismiss this page.

   After adding a comment, this page now displays the added comment.

9. Once the information has been verified, click Submit Now to make the request active. If you click Submit Now, the Request Submitted page appears.

   This page shows the following information:

   Field	Description
   Status	This is the status (state) of the request.
   Requester	This is the name of the person who made the request.
   Action	This is the action taken for this request.
   Date	This is when the request was executed.

   
   

10. If you wish to activate this request at a later time, then click Schedule for Later to define a date when the request becomes active. You can only specify a date that is later than today's date. The Schedule for Later page appears.

    The Schedule for Later is commonly used for new employees that will start on some future date. Once you defined a date, the request is created, and the approval process will be initiated, approvers can approve the tasks, approval process can be complete. However, the provisioning process will not initiate until the scheduled date.

11. Use the calendar icon to define a date to activate your request, and then click Submit.

Disabling Resources

1. To disable a request for the provisioning of resources, click Requests in the Explorer Menu, then click Resources. The Make a Request page appears.

2. Select the Disabled Resource radio button. Click Continue. The Create a Request To Disable Resources – Step 1:Select Type page appears.

   This page lets you select one of the following options:

   • Users – You can disable resources from one or many users.

   • Organizations – You can disable resources from one or many organizations.

     In this example, the Users option is selected

3. Click Continue. The Create a Request To Disable Resources – Step 2: Select User(s) page appears.

4. Select the user's name(s) checkbox then click Add to place the user name(s) in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Then click Continue. The Create a Request To Disable Resources – Step 3: Provide Resources page appears.

5. Select the resource(s) checkbox that you wish to disable from the user, then click Add to place the resource(s) in the Selected list. Use the Remove button to delete any resources(s) in the Selected list. Click Continue. If multiple instances of a resource instance are provisioned for the user, the Create a Request To Disable Resources – Step 4: Resolution page appears. Otherwise, the Create a Request To Disable Resources – Step 5: Verify Information page appears.

6. If the Create a Request To Disable Resources – Step 4: Resolution page appears, select the resource instance you want to disable, and then click Continue. The Create a Request To Disable Resources – Step 5: Verify Information page appears.

7. The Create a Request To Disable Resources – Step 5: Verify Information page displays the information described in the following tables.

   The Users Selected table displays the following information:

   Field	Description
   User ID	This is the login identification or user name.
   First Name	This is the first name of the user.
   Last Name	This is the last name of the user.
   Resource Name	This is the name of the resource you are requesting/provisioning.
   Details	This is any additional detailed information about the resource.

   
   

8. You can add a comment if desired. By clicking on the add a comment link, the Add Request Comment page appears.

9. After entering your comment in the Comment field, click Add Comment to insert your comment with your resource request. Otherwise, you can click Clear to erase the text in the Comment field or Close to dismiss this page. The Verify Information page will now displays the added comment.

   You can still modify the information for this resource request by either clicking on the Change link to change the resource or add another comment by clicking on the Add link. These links will jump to the corresponding page where the initial information was entered, respectively.

10. Once the information has been verified, click Submit Now to make the request active. If you click Submit Now, the Request Submitted page appears.

    This page shows the following information:

    Field	Description
    Status	This is the status (state) of the request.
    Requester	This is the name of the person who made the request.
    Action	This is the action taken for this request.
    Date	This is when the request was executed.

    
    

11. If you wish to activate this request at a later time, then click Schedule for Later to define a date when the request becomes active. The Schedule for Later page appears. Use the calendar icon to define a date to activate your request, and then click Submit.

Re-enabling Resources

1. To create a request to re-enable a resources, click Requests in the Explorer Menu, then click Resources. The Make a Request page appears.

2. This page defaults to the Grant Resource option. Use the Re-enable Resource option to provide access to resources that were earlier disabled for this user. Click Continue. The Create a Request To Re-enable Resource(s) – Step 1: Select Type page appears.

3. Click Users to re-enable resources that were disabled for one or many users. Otherwise, select Organization to re-enable resources that were disabled for one or many organization(s). In this case, the Users option is selected. Click Continue. The Create a Request To Re-enable Resource(s) – Step 2: Select User(s) page appears.

   The Results table displays the following information:

   Field	Description
   User ID	This is the login identification or user name.
   First Name	This is the first name of the user.
   Last Name	This is the last name of the user.

   
   

4. Select the User's checkbox then click Add to place the user name(s) in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Then click Continue. The Create a Request To Re-enable Resource(s) – Step 3: Provide Resource page appears.

5. Select the resource name checkbox then click Add to place the resource name in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Click Continue. If multiple instances of a resource instance are provisioned for the user, the Create a Request To Re-enable Resources – Step 4: Resolution page appears. Otherwise, the Create a Request To Re-enable Resources – Step 5: Verify Information page appears.

6. If the Create a Request To Re-enable Resources – Step 4: Resolution page appears, select the resource instance you want to disable, and then click Continue. The Create a Request To Re-enable Resources – Step 5: Verify Information page appears.

7. You can add a comment if desired. By clicking on the add a comment link, the Add Request Comment page appears.

8. After entering your comment in the Comment field, click Add Comment to insert your comment with your resource request. Otherwise, you can click Clear to erase the text in the Comment field or Close to dismiss this page.

   After adding a comment, this page now displays the added comment.

9. Verify the information on the Create a Request To Re-enable Resources – Step 5: Verify Information page, and then click Submit Now to make the request active. If you click Submit Now, the Request Submitted page appears.

   This page shows the following information:

   Field	Description
   Status	This is the status (state) of the request.
   Requester	This is the name of the person who made the request.
   Action	This is the action taken for this request.
   Date	This is when the request was executed.

   
   

   If you wish to view the details of this request, click the Request ID link. The Request Details page appears. For more information on this page, see the Track (Resources) section.

10. If you wish to activate this request at a later time, then click Schedule for Later to define a date when the request becomes active. The Schedule for Later page appears.

11. Use the calendar icon to define a date to activate your request, and then click Submit.

Revoking Resources

1. To create a request for revoking access to resources, click Requests in the Explorer Menu, then click Resources. The Make a Request page appears.

2. Select the Revoke Resource radio button. Click Continue. The Create a Request To Revoke Resources – Step 1: Select Type page appears.

   This page lets you select one of the following options:

   • Users – You can disable resources from one or many users.

   • Organizations – You can disable resources from one or many organizations.

   In this example, the Users option is selected.

3. Click Continue. The Create a Request To Revoke Resources – Step 2: Select User(s) page appears.

4. Select the user's name(s) checkbox then click Add to place the user name(s) in the Selected list. Use the Remove button to delete any user(s) in the Selected list. Then click Continue. The Create a Request To Revoke Resources – Step 3: Provide Resources page appears.

5. Select the resource(s) checkbox that you wish to revoke access for from the user, then click Add to place the resource(s) in the Selected list. Use the Remove button to delete any resources(s) in the Selected list. Click Continue. If multiple instances of a resource instance are provisioned for the user, the Create a Request To Revoke Resources – Step 4: Resolution page appears. Otherwise, the Create a Request To Revoke Resources – Step 5: Verify Information page appears.

6. If the Create a Request To Revoke Resources – Step 4: Resolution page appears, select the resource instance you want to disable, and then click Continue. The Create a Request To Revoke Resources – Step 5: Verify Information page appears.

7. The Create a Request To Revoke Resources – Step 5: Verify Information page displays the information described in the following tables.

   The Users Selected table displays the following information:

   Field	Description
   User ID	This is the login identification or user name.
   First Name	This is the first name of the user.
   Last Name	This is the last name of the user.

   
   

   The Resources Selected table displays the following information:

   Field	Description
   Resource Name	This is the name of the resource you are requesting/provisioning.
   Details	This is any additional detailed information about the resource.

   
   

8. You can add a comment if desired. By clicking on the add a comment link, the Add Request Comment page appears.

9. After entering your comment in the Comment field, click Add Comment to insert your comment with your resource request. Otherwise, you can click Clear to erase the text in the Comment field or Close to dismiss this page. The Verify Information page will now displays the added comment.

   You can still modify the information for this resource request by either clicking on the Change link to change the resource or add another comment by clicking on the Add link. These links will jump to the corresponding page where the initial information was entered, respectively.

10. Once the information has been verified, click Submit Now to make the request active. If you click Submit Now, the Request Submitted page appears.

    This page shows the following information:

    Field	Description
    Status	This is the status (state) of the request.
    Requester	This is the name of the person who made the request.
    Action	This is the action taken for this request.
    Date	This is when the request was executed.

    
    

11. If you wish to activate this request at a later time, then click Schedule for Later to define a date when the request becomes active. The Schedule for Later page appears. Use the calendar icon to define a date to activate your request, and then click Submit.

Tracking Requests

Depending on the privileges that have been assigned to you within Oracle Identity Manager, you may be able to view requests for resources. Additionally, you may be able to edit details or approve tasks within those requests. This is referred to as tracking a request. The requests that you will be able to track are comprised of three categories:

• Requests created by other users to provision you with resources

• Requests you created to provision other users with resources

• Requests you created to provision yourself with resources

• Requests you created through self registration

• Requests you created by modifying your profile

The types of requests you can create, view, and edit will be governed by characteristics of your account within Oracle Identity Manager. In addition, if you are assigned to approve a task within a request, you will be able to approve any tasks assigned to you when tracking that request. For a list of the various roles and their associated capabilities refer to the Understanding User Roles and Capabilities section.

In this section, you will see how to perform the following tasks related to tracking requests:

• Searching for Requests

• Viewing Approval Details

• Viewing Provisioning Details

• Viewing Request Comments

• Viewing Request Status History

Searching for Requests

1. To track a request, click Requests in the Explorer Menu, then click Track. The Track Requests page appears. To locate the request you wish to track, you must first query for existing requests. You can search for existing requests according to the options listed as radio buttons. You may only select one of these options (for example, User ID or Request ID, not both). If your are unable to locate the desired request using one of the search options, select a different one or widen your search criteria to retrieve more results.

   Field	Description
   User ID	Enables you to track requests that were created for yourself or another user. Select Self or Other. If you select Other, you must click Find User ID and specify the user associated with the requests you wish to track. You can use the wildcard character (*) to perform searches for requests associated with user IDs beginning or ending with specific characters or numbers. You can also search by the organization to which the user belongs.
   Request ID	Enables you to track requests by the ID of the request (usually a numeric value). Select this option, and then enter the ID of the request. You can use a wildcard character (for example, *) to perform searches for requests beginning or ending with specific characters or numbers.
   Creation Date	Enables you to track requests by date on which they were created. Select this option, then enter the start and end dates for the range on which you wish to query. Oracle Identity Manager will then display all requests created between those dates.
   Resource Name	Enables you to track requests according to the resources to be provisioned (that is, the resources specified on the request). Select this option, and then enter the name of the resource. You can use a wildcard character (for example, *) to perform searches for requests containing a resource name that begins or ends with specific characters.
   Status	Enables you to track requests according to the request's status (for example, Request Initialized, Request Received, Approved, Not Approved, Request Cancelled, Request Closed, Object Approval Complete, Request Complete, or Provide Information). Select this option, and then select the desired status from the menu.

   
   
   
   

   Note: If you select a Request ID or Resource Name and leave the fields associated with that option blank, Oracle Identity Manager will display all requests.

   
   

2. Click Search to execute the search. Oracle Identity Manager will display all requests that match the criteria you entered (and the number of requests that match the query). If your query has retrieved several pages of requests, use the First, Previous, Next, and Last links to help you navigate through that result set.

3. To view the details of a request, click the request ID link in the Results table. The Request Details page appears.

   
   

   Note: You may cancel an entire request by selecting the checkbox next to it and clicking Cancel Request.

   
   

Viewing Approval Details

Search for a resource request, as described in Searching for Resource Requests, and then select Approval Details option from the Additional Details box. The Approved Task(s) page appears. The Approval Details shows all tasks associated with the approval processes.

This page displays all approvals for this request including process and pending task(s). The Request ID number is an active link that jumps back to the Request Details page for this request.

The Request Approval Task table displays the following fields:

Field	Description
Task	Name of the approval task.
Status	Current status of the request.
Assign To	This request is assigned to the user or proxy user. It can also be assigned to a user group or proxy group.
Action	Contains Approve, Deny, and Re-assign buttons that you select to determine the action for the request. The Action column has a checkbox for each request. The last row contains Approve, Deny, and Re-assign buttons. Selecting the requests and clicking on Approve or Deny takes the user to a confirmation page where the tasks selected are listed along with the Confirm and Cancel buttons. If the user clicks Re-Assign, the console displays a list of all the users that the logged-in user can see to whom the task can be re-assigned by the user. That page also has a radio button which, when selected, lists all the groups that the logged in user can see to whom the task can be re-assigned.

Viewing Provisioning Details

Search for a resource request, as described in Searching for Resource Requests, and then select Provisioning Details option from the Additional Details box. The Provisioning Task(s) page appears. The Provisioning Details shows all tasks associated with the provisioning processes.

You can choose to view the provision tasks either by User/Organization (depending on whether the request was created for a user or organization) or Resource. Select the desired radio button and the page will display the appropriate information.

Viewing by User/Organization

When selecting the User/Organization button, the page will display all the tasks for users/organizations who will be provisioned. If a request has multiple users/organizations, then the page will display a corresponding table for each user.

The information table shows:

Field	Description
Resource Name	This is the name of the resource object to be provisioned.
Resource Status	Current Status of the resource request.
Process Instance Name	This name is either an Approval process or a Provisioning process.
Data	This text is a link to the Process Form for this user.
Descriptive Data	This is a number that uniquely identifies the process.

Viewing by Resource

When selecting Resource (radio button), the page will display all the resources and information related to this resource. If a request has multiple resources, then the page will display a corresponding table for each user.

The information table shows:

Field	Description
User/Organization	This is the name of the user or organization that has been provisioned with this resource object.
Resource Status	Current Status of the resource request.
Process Instance Name	This name of the provisioning process.
Data	This text is a link to the Process Form for this user.
Descriptive Data	This is a number that uniquely identifies the process.

Viewing Request Comments

Search for a resource request, as described in Searching for Resource Requests, and then select Request Comments option from the Additional Details box. Clicking on the Request ID number jumps back to the Request Details page. If there is no comment on this page, then you can add a comment by clicking on the add a comment link.

The request is viewed by any user who has privileges. To allow other users to understand the specific request, the request comments are used in providing in-depth information about the request. Users, as well as the System, can add comments to the request so that other can see how the request has been processed.

If there is a comment added to this request, then the Request Details >> Request Comments page appears with the comment.

This page displays the following information in the table:

Field	Description
Comment	This is the actual comment that was added.
Date	The date that the comment was added.
Add By	This user name that is logged into Oracle Identity Manager.

Viewing Request Status History

Search for a resource request, as described in Searching for Resource Requests, and then select Request Status History option from the Additional Details box. The Request History page is displayed. This page shows a table that depicts the workflow of the request. Users can make a request and a workflow is created. Until the request is completed or rejected, there are many steps and actions that needs to be executed, such as a user manual action (approval task) or a system action (an adapter).

Whenever an action is executed, the status of the workflow is changed and it transitions to the next state. Request History is a supplemental view of understanding the state of the current workflow.

This page displays the following information in the table:

Field	Description
Status	Current status of the resource request.
Date	The date that the request was created.
Create by	The name that created this request