| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
This chapter describes how to create and use access policies for users, organizations, and resources in Oracle Identity Manager.
This chapter discusses the following topics:
The Access Policy wizard helps you define an access policy for provisioning resources to user groups and users. When creating a policy, you can ensure that the policy issues a request for approval before provisioning a resource to a user. Or, when an access policy is applied, the resource can directly provisioned to the user without generating an approval request.
You can also determine if a user who is already part of a user group for which an access policy is being created will be provisioned with the resource specified by this access policy. This is called retrofitting the policy.
To create an access policy:
Click Create under Access Policies.
The Create Access Policy page appears.
Enter information in the required fields indicated with an asterisk (*).
You can specify whether this access policy should be provisioned Without Approval or With Approval. Select the With Approval option to require a defined approver (or proxy user) to approve the resource to be provisioned to the user or group. If no approval is required, select the Without Approval option.
Click the Retrofit Access Policy checkbox to retrofit this access policy when it is created.
If retrofit check box is not selected, existing group memberships are not taken into consideration.
Click Continue.
The Create Access Policy - Step 2: Select Resources (to provision) page appears.
In the Create Access Policy - Step 2: Select Resources (to provision) page, you can specify the resource to be provisioned for this access policy.
Search for resources using the filter search menu.
To select the name of the resource from the Results table, check the desired box and click Add.
The names of the desired resources to provision appear in the Selected list. If you want to create an access policy that only denies resources, click Continue without selecting a resource.
To un-assign the selected resources, highlight the resource in the Selected list and click Remove.
Click Continue. If there is a form associated with this resource, the subsequent pages display the required fields. Otherwise, the Create Access Policy - Step 2: Select Resources to Revoke page appears.
On the Create Access Policy - Step 2: Select Resources to Revoke page, you specify whether access policies are revoked if they no longer apply.
Select the checkboxes for the resources you want to revoke automatically in the Results table.
Click Continue. The Create Access Policy - Step 3: Selected Resources (to deny) page appears.
You use the Create Access Policy - Step 3: Selected Resources (to deny) page to select resources to be denied by this access policy.
To select resources to be denied, first select resources from the Results table by checking the corresponding checkbox. Click Add to place the resource in the Selected list. You must select at least one resource to deny if you have not selected any resources to be provisioned. Selecting the same resources to be denied as to be provisioned will automatically un-assign them from the resources to be provisioned selection. Similarly, in the previous step, assigning the same resources to be provisioned as you have already selected to be denied will automatically un-assign them from the resources to be denied selection. You can un-assign the selected resources to be denied by selecting the resources you have already selected in the Selected list and click Remove.
Click Continue.
The Create Access Policy - Step 4: Select Group page appears.
Use this page to associate a group to the access policy.
To associate a group with this access policy, select the name of the group from the Results table by checking the desired box and clicking Add.
The name of the desired group name appears in the Selected field. You can delete the group name by using the Remove button.
You can specify user groups for this access policy. You can search for your user groups by using the filter search dropdown menu.
Select the name of the user groups from the Results table by checking the desired box and clicking on the Add button. You must select at least one user group. The names of the desired user groups appear in the Selected list.
You can un-assign the selected user groups by highlighting the resource in the Selected list and click Remove. Click Continue.
The Create Access Policy - Step 5: Verify Access Policy Information page appears. Use this page to verify the information specified in the previous steps for the access policy.
Clicking on any of the Change link will jump to the corresponding step in the wizard where you can modify the information specified earlier.
After making modifications, click Continue to bring you back to this page (Step 5). Click Continue to create the access policy in Oracle Identity Manager. A success page appears and displays the name of the access policy and its successful creation.
The Oracle Identity Manager Administrative and User Console enables you to modify information in existing access policies.
To manage access policies
Click Manage under Access Policies.
The Manage Access Policies page appears.
Use the menu in the search criteria field to select an access policy attribute to search by. You can use the wildcard asterisk (*) as the criteria value to search for all access policy instances that has any value for the attribute selected. Click Search Access Policies.
The Manage Access Policies page appears with your search results.
To view the details of the Access Policy you want, click the Access Policy Name link.
The Access Policy Details page appears.
To make modifications to this access policy, use the Change link at the end of each selection category.
When you click the Change link, the page jumps to the corresponding page where the information was initially entered.
At this point you can make any modifications in this page. Once you have completed, click Update Access Policy.
This access policy is updated and the page jumps back to the Access Policy Details page with the updated information.
