Oracle® Access Manager Customization Guide 10g (10.1.4.2.0) Part Number E10354-01 |
|
|
View PDF |
The Identity System ships with an interface that supports four types of users: End User, Delegated Administrator, Delegated Identity Administrator, and Master Administrator. Each user type has different rights and is limited to different levels of Oracle Access Manager functionality. When users log in to Oracle Access Manager, they will be presented with a series of screens, a navigation system, that is defined for their user type.
This system can be modified to:
Support new user types
Select the screens to be shown, and determine the order in which they are presented
Specify a default user type.
This Appendix describes obnavigation.xml, the configuration file that controls the navigation system, and explains how to work with it.
The Identity System uses the obnavigation.xml
file as a guide to build the OutPutXML. PresentationXML uses OutPutXML to build the Navigation Bar that appears at the top of each Oracle Access Manager page. It includes the application name, help and logout buttons, and the various tabs to select other modules within the application. The stylesheet of course provides the final definition of how to display this information, but the file described in "Obnavigation.xml File" determines its content. The interaction with the stylesheet is described in more detail.
When you installed the Identity System you put it into an Identity_install_dir directory, for example:
/var/coreid/identity/oblix (UNIX)
or
C:/coreid/identity/oblix (Windows NT)
The obnavigation.xml file is installed under this, in the directory:
Identity_install_dir/identity/oblix/apps/common/bin
The file is provided in an XML format, the schema for which is provided under "File Schema" .
The following is a part of the installed obnavigation.xml file showing all the element types. The elements are discussed in a table immediately after the example:
<?xml version="1.0" ?> <ObNavigation defaultUserType="systemAdmin"> <ObHierarchy name="oblix" elementName="ObNavbar" userType="endUser" obdisplayName="End User" bgcolor="CCCC66"> <ObCollection name="ObMisc"> <ObLink appName="common" name="T1help" /> <ObLink appName="common" name="T1about" /> ObLink appName="common" name="T1logout" /> </ObCollection> <ObCollection name="ObApps"> <ObLink appName="common" name="userservcenter_application_info" elementName="ObApplication"> <ObCollection name="ObTitle"> <ObLink appName="userservcenter" name="T1TABusermanager" /> </ObCollection> <ObCollection name="ObFunctions"> <ObLink appName="userservcenter" name="MyProfile" /> <ObLink appName="userservcenter" name="Report"> <ObCollection name="ObReportFunctions"> <ObLink appName="userservcenter" name="generateReport" /> <ObLink appName="userservcenter" name="viewPredefinedReports" /> </ObCollection> </ObLink> <ObLink appName="userservcenter" name="Workflow"> <ObCollection name="ObWorkflowFunctions"> <ObLink appName="userservcenter" name="wfOutgoingRequest" /> </ObCollection> </ObLink> </ObCollection> </ObLink> ... <ObLink appName="common" name="groupservcenter_application_info" elementName="ObApplication"> ... <ObLink appName="common" name="objservcenter_application_info" elementName="ObApplication"> ... <ObLink appName="common" name="corpdir_application_info" elementName="ObApplication"> ... </ObCollection> .... </ObHierarchy> .... </ObNavigation>
Elements in this file are the following:
Table C-1 ObNavigation.xml File
Element Name | Description | Example |
---|---|---|
|
This is the root element for the XML structure. It contains one attribute:
The |
<ObNavigation defaultUserType= "systemAdmin"> ... </ObNavigation> |
|
The ObHierarchy element defines the navigation structure, as a nested hierarchy, for a user type. It contains five attributes:
Each |
<ObHierarchy name="oblix" elementName="ObNavbar" userType="endUser" obdisplayName="End User" bgcolor="CCCC66"> ... </ObHierarchy> |
|
The It contains one attribute:
Each |
...
|
|
The Some Each ObLink contains the following attributes:
|
<ObLink appName="common" name=
...
|
Following is the schema describing the logical structure of the obnavigation.xml file. This schema definition is not provided as part of the Oracle Access Manager installation files. See the reference provided in Appendix A, "XML Background" for more information on XML schema structures.
<?xml version="1.0" encoding="UTF-8"?> <xsd:schema xmlns:xsd="http://www.w3.org/2000/10/XMLSchema" elementFormDefault="qualified"> <xsd:element name="ObCollection"> <xsd:complexType> <xsd:sequence> <xsd:element ref= "ObLink" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="name" use="required" type="xsd:string"/> </xsd:complexType> </xsd:element> <xsd:element name="ObHierarchy"> <xsd:complexType> <xsd:sequence> <xsd:element ref= "ObCollection" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="name" type="xsd:string" use="required"/> <xsd:attribute name="elementName" type="xsd:string" use="required"/> <xsd:attribute name="userType" type="xsd:string" use="required"/> <xsd:attribute name="obdisplayName" type="xsd:string" use="required"/> <xsd:attribute name="bgcolor" use="required"> <xsd:simpleType> <xsd:restriction base="xsd:binary"> <xsd:encoding value="hex"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> </xsd:complexType> </xsd:element> <xsd:element name="ObLink"> <xsd:complexType> <xsd:sequence> <xsd:element ref="ObCollection" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="appName" use="required"> <xsd:simpleType> <xsd:restriction base="xsd:NMTOKEN"> <xsd:enumeration value="common"/> <xsd:enumeration value= "groupservcenter"/> <xsd:enumeration value= "objservcenter"/> <xsd:enumeration value= "userservcenter"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> <xsd:attribute name="name" use="required"> <xsd:simpleType> <xsd:restriction base="xsd:NMTOKEN"> <xsd:enumeration value="Admin"/> <xsd:enumeration value="Create"/> <xsd:enumeration value= "FTABconfiguration"/> <xsd:enumeration value= "FTABcreatereports"/> <xsd:enumeration value= "FTABorgchart"/> <xsd:enumeration value= "FTABrequests"/> <xsd:enumeration value= "FTABviewreports"/> <xsd:enumeration value="MyProfile"/> <xsd:enumeration value= "T1TABgroupmanager"/> <xsd:enumeration value= "T1TABorgmanager"/> <xsd:enumeration value= "T1TABusermanager"/> <xsd:enumeration value="T1about"/> <xsd:enumeration value="T1help"/> <xsd:enumeration value="T1logout"/> <xsd:enumeration value="Workflow"/> <xsd:enumeration value= "adminDelegate"/> <xsd:enumeration value= "adminExpandGroups"/> <xsd:enumeration value= "adminPreWorkflowDef"/> <xsd:enumeration value= "adminProxy"/> <xsd:enumeration value= "adminSetContainmentLimit"/> <xsd:enumeration value= "adminSetSearchbase"/> <xsd:enumeration value= "adminWorkflowDef"/> <xsd:enumeration value="dashline"/> <xsd:enumeration value= "front_page_admin _application_info"/> <xsd:enumeration value= "groupservcenter _application_info"/> <xsd:enumeration value= "multipleObjectTabs"/> <xsd:enumeration value= "objservcenter _application_info"/> <xsd:enumeration value= "userservcenter _application_info"/> <xsd:enumeration value= "policyservcenter _application_info"/> <xsd:enumeration value= "wfCreateProfile"/> <xsd:enumeration value= "wfDeactivateProfile"/> <xsd:enumeration value= "wfIncomingRequest"/> <xsd:enumeration value="wfMonitor"/> <xsd:enumeration value= "wfOutgoingRequest"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> <xsd:attribute name="elementName" type="xsd:string"/> </xsd:complexType> </xsd:element> <xsd:element name="ObNavigation"> <xsd:complexType> <xsd:sequence> <xsd:element ref="ObHierarchy" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="defaultUserType" type="xsd:string" use="required"/> </xsd:complexType> </xsd:element> </xsd:schema>
You can make the changes to the obnavigation.xml file as described in the following procedure. The changes take effect the next time the Identity Manager Server is restarted.
To customize the obnavigation.xml file
Remove a link.
To remove access to functionality for a user type, remove the ObLink element associated with that functionality. This example shows the original file part revised to remove the about functionality for an end user.
<ObHierarchy name="oblix" elementName="ObNavbar" userType="endUser" obdisplayName="End User" bgcolor="CCCC66"> <ObCollection name="ObMisc"> <ObLink appName="common" name="T1help"/> <ObLink appName="common" name="T1logout"/> </ObCollection>
Add a link.
Use the ObHierarchy for the SystemAdmin user type as a template for this. It shows the full standard navigation possibilities. Determine the link to add. Find the ObCollection that you would like to add the link to, and add the link. In the revised file part example, an end user is now able to navigate to the page where new users are created.
Note:
The end user will still need to be granted create rights in order to work with the page.<ObCollection name="ObFunctions"> <ObLink appName="userservcenter" name="MyProfile"/> <ObLink appName="userservcenter" name="wfCreateProfile" <ObLink appName="userservcenter" name="Workflow"> <ObCollection name="ObWorkflowFunctions"> <ObLink appName="userservcenter" name="wfOutgoingRequest"/> </ObCollection> </ObLink> </ObCollection>
Remove a user type.
Remove all of the ObHierarchy elements associated with the user type. That user type will not be able to reach any pages.
Note:
Don't remove the default user type. If you must remove the user type that is the default user type, set another user type to be the default.Add a user type.
Add an ObHierarchy element, specifying the new user type. Use the systemAdminObHierarch y as a template and remove any links and collections not suitable for the new user type.
Append &userType=(the user type attribute value in ObHierarchy)
to the entry point URL when you first access the system. The user type information is stored in the cookie that is returned. It will be reset only if a new userType is used in the URL.
Set the default user type.
Change the ObNavigation
deafaultUserType
attribute value to the desired user type. This is used if the user type has not been previously set in a returned cookie and there is no user type specified in the URL.
The following tables show Identity System functionality by application, to be used in defining a valid ObLink
. For example, if you need to provide the User Manager functionality in User Manager then you would add:
<ObLink appname="userservcenter" name="T1TABUserManager"/>
In the tables, name values that are allowed to contain nested ObCollection elements are marked with an *.
Appnames
in the tables correspond to applications this way:
common: Help, About, and Logout buttons, and Applications. See Table C-2 for details.
userservcenter: User Manager. See Table C-3 for details.
groupservcenter: Group Manager. See Table C-4 for details.
objservcenter: Organization Manager Table C-5 for details.
Table C-2 Valid ObLink name Values for appName=common
Name | Description of function common to all applications |
---|---|
|
Help button |
|
About button |
|
Logout button |
|
User Manager |
|
Group Manager |
|
Access System |
|
Access System Configuration |
|
Identity System configuration |
|
Organization Manager |
Table C-3 Valid ObLink name Values for appName=userservcenter
Name | User Manager Function |
---|---|
|
User Manager |
|
My Identity |
|
Create User Identity |
|
Deactivated User Identity |
|
Substitute Rights |
|
Requests |
|
Incoming Requests |
|
Outgoing Requests |
|
Monitor Requests |
|
Configuration |
|
adminAccessControl |
|
Delegate Administration |
|
Workflow Definition |
|
Set Searchbase |
Table C-4 Valid ObLink name Values for appName=groupservcenter
Name | Group Manager function |
---|---|
|
Group Manager |
|
My Groups |
|
Create Group |
|
Requests |
|
Incoming Requests |
|
Outgoing Requests |
|
Monitor Requests |
|
Configuration |
|
adminAccessControl |
|
Delegate Administration |
|
Workflow Definition |
|
Expand Dynamic Groups |
Table C-5 Valid ObLink name Values for appName=objservcenter
Name | Org. Manager function |
---|---|
|
Organization Manager |
|
The set of tabs configured for Organization Manager |
|
Create Organization Profile |
|
Requests |
|
Incoming Requests |
|
Outgoing Requests |
|
Monitor Requests |
|
Configuration |
|
Attribute Access Control |
|
Delegate Administration |
|
WorkflowDefinition |
|
Container Limits |