6 Delegated Administration

This chapter describes a special role with permissions to manage a specified set of applications, so that only that role can view, access, and have administrator privileges to artifacts in the set of applications.

This chapter is divided into the following sections:

6.1 Delegated Administrators

A delegated administrator is a role that can administer a given set of applications. A delegated administrator (and only a delegated administrator) can view or modify policies for that set of applications. Oracle Authorization Policy Manager allows you to specify delegated administrator roles, to determine which applications it can manage, and to map external roles to it. All these functions are available in the System Configuration tab.

The Browser tab in the Navigation Panel displays only the set of application stripes that the logged in user is authorized to administer. All stripes that a delegated administrator cannot administer are also hidden in other pages, such as the page that displays how an external role maps to application roles in multiple stripes.

6.2 Managing Delegated Administrators

The System Configuration tab, partially illustrated in Figure 6-1, displays the current list of delegated administrator roles, the application stripes managed by a delegated administrator (in the Applications tab), and the external roles mapped into it (in the External Role Mapping tab). This page also allows creating a delegated administrator and modifying an existing one, as explained in the following sections:

Figure 6-1 The System Configuration Tab

Surrounding text describes Figure 6-1 .

6.2.1 Managing Delegated Administrators

To add a delegated administrator, proceed as follows:

  1. Click the System Configuration tab.

  2. In the Administrator Roles area, click New to display the New Administrator Role dialog.

  3. In that dialog, enter a name, a display name, and (optionally) a description for the role being created, and then click Save. The table in the Administrator Roles area is updated to include the new role.

To remove a delegated administrator, proceed as follows:

  1. Click the System Configuration tab.

  2. In the Administrator Roles area, select an administrator from the list and click Delete.

6.2.2 Managing the Applications Assigned to a Delegated Administrator

To add an application to the set of applications managed by a delegated administrator, proceed as follows:

  1. Click the System Configuration tab.

  2. Select a delegated administrator role from the table in the Administrator Roles area.

  3. Click the Applications tab, to display the current list of applications managed by the selected role.

  4. Click Add to display the Add Application dialog showing the list of applications.

  5. In that dialog, select the application(s) to include, and click Add. The list of applications in the Applications table is updated with the items you have selected.

To remove an application from the set of applications managed by a delegated administrator, proceed as follows:

  1. Click the System Configuration tab.

  2. Select a delegated administrator role from the table in the Administrator Roles area.

  3. Click the Applications tab, to display the current list of applications managed by the selected role.

  4. Select an application from the table, and click Remove.

6.2.3 Managing the External Roles Mapped to a Delegated Administrator

To map external roles to a delegated role, proceed as follows:

  1. Click the System Configuration tab.

  2. Select a delegated administrator role from the table in the Administrator Roles area.

  3. Click the External Role Mapping tab, to display the current list of external roles mapped by the selected role.

  4. Click Add to display the Add a Role dialog.

  5. In that dialog, search and select the external roles to add to the map, and click Map Roles. The list of roles in the External Role Mapping table is updated with the items you have selected.

To remove an external role from the list of external roles mapped to a delegated role, proceed as follows:

  1. Click the System Configuration tab.

  2. Select a delegated administrator role from the table in the Administrator Roles area.

  3. Click the External Role Mapping tab, to display the current list of external roles mapped by the selected role.

  4. Select a role from the table, and click Remove.