| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
You use user groups to create and manage records of collections of users to whom you may assign some common functionality, such as access rights, roles, or permissions.
User groups can be organization-independent, spanning across multiple organizations, or they can contain users from a single organization.
A group enables you to accomplish the following for multiple users:
Designate the menu items that the users can access through the Oracle Identity Manager Administrative and User Console.
Assign users or sub-groups to the user groups
Designate the statuses to which the user can set process tasks.
Make modifications and request permissions for data objects.
Designate group administrators, for example, enable members of another user group to assign or remove members to or from the current user group and modify other characteristics of the group.
Designate provisioning policies for a user group.
These policies determine if a resource object is to be provisioned automatically to or requested for a member of the user group.
Assign or remove membership rules to or from the user group.
These rules determine which Oracle Identity Manager users can be assigned automatically to the user group.
Oracle Identity Manager provides three default user group definitions:
System Administrators
Operators
All Users
You may modify the permissions associated with these user groups, and you can create additional user groups.
Members of the System Administrators user group have full permission to create, edit, and delete records in Oracle Identity Manager, except for system records. These users can control the permissions of other users, change the status of process tasks even when the task is not assigned to them, and generally administer the system from the highest level.
Members of the Operators user group have access to the Organizations, Users, and Task List forms. These users can perform a subset of functions on these forms
Members of the All Users user group have minimal permissions, including but not limited to the ability to access one's own user record. By default, each user automatically belongs to the All Users user group.
This chapter includes the following sections:
Note:
A user cannot be removed from the All Users group.Important: A user group, SELF OPERATORS, is added to Oracle Identity Manager by default. This user group contains one user, XELSELFREG, who is responsible for modifying user privileges for performing self-registration in the Oracle Identity Manager Administrative and User Console. Oracle strongly recommends that you do not modify the permissions associated with this group and you do not assign users to this group.
When you first create a new user group, the Group Detail page only shows a group name. You add information using the Additional Detail menu as described in "Managing Groups".
To create a user group:
In the left navigation pane, click User Groups, the click Create.
The Create User Group page appears.
Enter the name of the user group in the Name field.
Click Create.
The Group Detail page appears.
Click Edit to modify the Group Name, or click Delete to delete the user group.
You can find user groups, add information to them, and perform other administrative functions for user groups.
This section describes the following topics:
To search for a user group:
In the left navigation pane, click User Group, then click Manage.
The Manage Group page appears.
Select the Group Name attribute the menu, then enter a value in the text box next to the menu.
You can use an asterisk (*) wildcard to query for all user groups.
Click Search.
The search results page appears. This page enables you to view and delete user groups.
To delete a user group:
Search for a group as described in "Searching for User Groups".
Select the Delete check box next to the group you want to delete, then click Delete.
The Confirmation page appears.
Click Confirm Delete to complete deleting this user group, or click Cancel.
After selecting the user group you that you want to view, you can view the details of that particular user group, including the following:
You can view and assign a member (a user) or a sub-group to a group. The Assign Users and Assign Sub-groups options are similar in functionality. In the following procedure, the Assign Users is used as an example.
To work with members and sub-groups:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Members and Sub-Groups.
The Group Detail >>Members and Sub-Groups page appears.
Click Assign Users.
The Group Detail >> Members and Sub-Groups >> Search Member Users page appears.
Click Search Users to display a list of user names, or click Clear.
The Results table appears.
To increase or decrease the priority of a member, click the radio button associated with the member in the Increase/Decrease Priority column of the Results table, and then click Increase or Decrease.
To remove a member, click the member's radio button in the Remove column of the Results table, and then click Remove Member.
Select the desired User ID(s) checkbox, then click Assign.
The Confirmation page appears with the User ID names that you have just selected.
If these are the correct user names you want to assign to this user group, then click Confirm Assigns.
Otherwise, click Cancel.
The Menu Items search criteria displays all menu items that are permitted for this user group. The Menu Items option enables you to assign a new menu item for the user group.
To work with menu items for this user group:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Menu Items.
The Group Detail >>Menu Items page appears
Click Assign Menu Items.
The Group Detail >> Menu Items >> Assign Menu Items page appears.
Select the desired menu item name checkboxes, then click Assign.
The Confirmation page appears.
If these are the correct menu item names you want to assign to this user group, then click Confirm Assign.
Otherwise, click Cancel.
The Result table appears with the menu items permitted for this user group. This page also enables you to delete the menu items you wish not to permit.
To delete a menu item, select the menu item name checkbox, then click Delete.
The menu item is no longer associated with this user group.
You can view all administrative groups associated with a user group. You can also do the following:
Assign an administrative group
Create a new administrative group
Update the permissions for the administrative group
Assigning an Administrative Group
This page also enables you to delete an administrative group from this user group.
To assign an administrative group:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Administrative Groups.
The Group Detail >> Administrative Groups page appears.
Click Assign Administrative Groups.
The Group Detail >> Administrative Groups >> Assign Administrative Groups page appears.
This page displays all administrative groups available to be associated with this user group.
Select the desired administrative group name checkbox and respective permission settings for write and delete accesses, then click Assign.
The Confirmation page appears.
Click Confirm Assign, or click Cancel.
The Result table is displayed with the administrative group that can administer this user group.
Creating a New Administrative Group
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Administrative Groups.
The Group Detail >> Administrative Groups page appears.
You can create a new administrative group for this user group by clicking Create New Group.
The Assign Administrators – Step 1: Assign Administrators page appears.
Select the user name checkbox for the user or users that you want to be in this new administrative group, and click Add.
The User Login names appear in the Selected list.
Click Continue, or click Back or Exit to end the wizard.
The Assign Administrators – Step 2: Specify Alias page appears.
Enter an alias name for the new administrative group, and click Continue.
Or, click Back to go to the previous page or Exit to end the wizard.
The Assign Administrators – Step 3: Specify Permissions page appears. By default the Read permission checkbox is activated.
If desired, activate the Write or Delete permission, then click Continue.
The Assign Administrators – Step 4: Verify Delegation Information page appears.
This page displays the alias of the administrative group, the users who belong to this administrative group, and the permissions for the group.
To modify this administrative group, use the Change link.
Clicking the Change link brings you back to the appropriate wizard page where you can make modifications. Otherwise, click Continue.
The Group Detail >> Administrative Groups page appears.
To update group permissions:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Administrative Groups.
The Group Detail >> Administrative Groups page appears.
To update the permission for the administrative groups associate with this user group, click Update Permission.
The Group Detail >> Administrative Groups >> Update Permissions page appears
This page displays the administrative group names and permissions for write and delete accesses.
To change the permission setting for an administrative group, click the desired checkboxes for Write Access and Delete Access, then click Update to make the modifications.
Otherwise, click Cancel.
The Confirmation page appears. This page displays the administrative group names that you have updated.
If this page contains the correct names, click Confirm Update.
Otherwise, click Cancel.
The Group Details >> Administrative Groups page appears.
The updated administrative group or groups are displayed with their modified write or delete access permissions.
To delete an administrative group, select the desired group name checkboxes and click Delete.
You can display all available access policies for this user group and assign and delete access policies for the user group.
To work with access policies:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Access Policies.
The Group Detail >> Access Policies page appears.
To assign a new access policy, click Assign.
The Group Detail >> Access Policies >> Assign Access Policies page appears.
This page displays the policy name and brief description of the policy.
Select the desired access policy(s) checkbox for this user group, then click Confirm Assign.
Otherwise, click Cancel.
The Confirmation page appears.
If this is the correct access policy you want to assign for this user group, then click Confirm Assign.
Otherwise, click Cancel.
The Group Detail >> Access Policies page appears.
To delete this access policy, select the desired policy name(s) checkbox and click Delete.
You can displays all available membership rules for this user group, assign a new membership rule for the user group, and delete membership rules.
To work with membership rules:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Membership Rules.
The Group Detail >> Membership Rules page appears.
To assign a new membership rule, click Assign Rules.
The Group Detail >> Membership Rules >> Assign Membership Rules page appears. This page displays the name of the membership rule.
Select the desired membership rules checkbox for this user group, then click Confirm Assign.
Otherwise, click Cancel.
The Confirmation page appears.
If this is the correct membership rule you want to assign for this user group, click Confirm Assign.
Otherwise, click Cancel.
The Group Detail >> Membership Rules page appears.
To delete this membership rule, select the desired membership rule checkboxes and click Delete.
You can view all available permissions for a user group, assign, and update new permissions for a user group.
To work with user group permissions:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Permissions.
The Group Detail >> Permissions page appears.
To assign a new permission, click Assign.
The Group Detail >> Permissions >> Assign Permissions page appears. This page displays the name of the permission and activated permission settings, Insert, Write, and Delete Access.
Select the desired permission name checkbox and respective permission settings, then click Assign.
Otherwise, click Cancel.
The Confirmation page appears.
lf this is the permission you want to assign to this user group, click Confirm Assign, otherwise, click Cancel.
The Group Detail >> Permissions page appears.
To delete a permission name, select the desired permission name(s) checkbox and click Delete.
To update the permissions, click Update Permissions.
The Group Detail >> Permissions >>Update Permissions page appears.
Select or de-select the desired permissions Allow Insert, Allow Update, or Allow Delete, and click Update, or click Cancel.
The Confirmation page appears. This page displays all the updated permissions.
If the information on this page is correct, then click Confirm Update, otherwise click Cancel.
The Group Detail >> Permissions page appears. The Group Detail >> Permissions page displays the fine-grained permission information for this user group. It also enables you to delete any permissions.
To delete a permission, select the desired permission name checkbox and click Delete.
You can list the reports that group members are allowed to run, and select reports for the group.
To work with reports permissions for a group:
Search for a group as described in "Searching for User Groups", then click the name of a group in the Results table.
The Group Detail page appears.
From the additional details box, select Allowed Reports.
The Group Detail >> Reports page appears.
To provide access to new reports for users, click Assign Reports.
The Group Detail >> Reports >> Assign Reports page appears. This page displays available report names and types.
Select the desired report checkbox and click Assign, or click Cancel.
The Confirmation page appears.
lf this is the correct report you want to assign for this user group, then click Confirm Assign, otherwise, click Cancel.
The Group Detail >> Reports page appears.
To delete a report, select the desired report name checkbox and click Delete.
