Glossary

access review

An audited process that enables managers or other responsible parties to review and certify user access privileges. User entitlement records can be automatically approved or rejected, or, they can be manually attested. Also see attestation.

account attribute

Account attributes provide a way for Waveset administrators to create a standard set of names that map to attributes on managed resources. For example, an Waveset attribute named fullname might map to the displayName attribute on Active Directory resources, and the cn attribute on LDAP resources. Any changes to the user’s fullname attribute in Waveset, is then passed to the user’s displayName and cn attributes on the user’s remote resource accounts.

admin role

Unique set of capabilities for each set of organizations assigned to an administrative user.

administrator

Person who configures Waveset or is responsible for operational tasks, such as creating users and managing access to resources.

administrator interface

User interface used by administrators to configure and manage Waveset.

Application (Role)

One of the four role types in Waveset, the Application role-type is a collection of resources, and/or resource groups, and/or specific applications on resources, that users need in order to do their jobs. Application roles cannot be assigned directly to users, but can be assigned to IT Roles and Business Roles.

approval

The process of granting or denying a user access request to a role, a resource, or an organization. An Waveset administrator with permission to view and respond to an approval work item is called an approver.

approver

User with administrative capabilities responsible for approving or rejecting access requests.

Asset (Role)

One of the four role types in Waveset, the Asset role-type is (typically) reserved for non-connected and/or non-digital resources that require manual provisioning, such as mobile phones and portable computers. Asset roles cannot be assigned directly to users, but can be assigned to IT Roles and Business Roles.

attest

An action performed by an attestor during an access review to confirm that a user entitlement is appropriate.

attestation

The process of certifying that a specific user has the appropriate privileges on the appropriate resources at a specific point in time. An Waveset user with permission to view and respond to an attestation work item is called an attestor. Waveset rules determine whether a user entitlement record needs to be manually attested, or if it can be automatically approved or rejected.

attestation task

A logical collection of user entitlement reviews requiring attestation. User entitlements are grouped into a single attestation task if they are assigned to the same attestor and produced from the same access review instance.

attestor

User who accepts responsibility for certifying (attesting) that a user entitlement is appropriate. An attestor has extended privileges in Waveset that are necessary to manage user entitlements requiring attestation.

business process editor (BPE)

Graphical view of Waveset forms, rules, and workflow provided with Waveset versions prior to 7.0. The BPE has been replaced by the Identity Manager IDE in the current versions of Waveset. See Glossary.

Business Role

One of the four role types in Waveset, Business Roles are used to organize into groups the access rights that people who do similar tasks in an organization need. The Business Role role-type is made up of one or more Asset roles, Application roles, and/or IT Roles. Business Roles are meant to be directly assigned to users.

capability

A group of access rights for user accounts that governs actions performed in Waveset; a low-level access control within Waveset.

delegation

The process of temporarily assigning future work items to one or more other users for a specified period of time.

directory junction

Hierarchically related set of organizations that mirrors a directory resource’s actual set of hierarchical containers. Each organization in a directory junction is a virtual organization.

entitlement

See user entitlement

escalation timeout

A time range specified for a work item request in which the assigned work item owner has to respond before the Waveset process sends it to the next assigned responder.

form

Object associated with a Web page that contains rules about how a browser should display user view attributes on that page. Forms can incorporate business logic, and are often used to manipulate view data before it is presented to the user.

Identity Manager IDE

The Identity Manager Integrated Development Environment (Identity Manager IDE) is an application that enables you to view, customize, and debug Oracle Waveset objects in your deployment. The Identity Manager IDE is available as a NetBeans plug-in.

identity template

Defines the user’s resource account name.

IT Role

One of the four role types in Oracle Waveset, the IT Role role-type is a collection of roles (Assets, Applications, and/or other nested IT Roles), as well as resources, and/or resource groups. In some configurations, IT Roles can be directly assigned to users, but usually IT Roles are assigned to Business Roles, which are assigned to users.

organization

Oracle Waveset container used to enable administrative delegation.

Organizations define the scope of entities (such as user accounts, resources, and administrator accounts) an administrator controls or manages. Organizations provide a “where” context, primarily for Oracle Waveset administrative purposes.

periodic access review

An access review that is performed at periodic intervals, for example, every calendar quarter.

policy

Establishes limitations for Oracle Waveset accounts.

Oracle Waveset policies establish user, password, and authentication options, and are tied to organizations or users. Resource password and account ID policies set rules, allowed words, and attribute values, and are tied to individual resources.

reconciliation

An Oracle Waveset feature that periodically compares resource accounts in Oracle Waveset with accounts that reside on the resources themselves. Reconciliation correlates account data and highlights differences.

remediation

The process of correcting compliance violations discovered by Oracle Waveset’s auditing feature. Oracle Waveset audits data across the enterprise to ensure compliance with internal and external policies and regulations. An administrator with permission to view and respond to policy violations is called a remediator.

remediator

An Waveset user specified as the assigned remediator for an audit policy.

When Waveset detects a compliance violation that requires remediation, it creates a remediation work item and sends the work item to the remediator’s work item list.

resource

In Oracle Waveset, a resource stores information about how to connect to a remote resource or system on which accounts are created. Remote resources to which Oracle Waveset provides access include mainframe security managers, databases, directory services, applications, operating systems, ERP systems, messaging platforms, and more.

resource adapter

Oracle Waveset component that provides a link between the Oracle Waveset engine and the resource.

This component enables Oracle Waveset to manage user accounts on a given resource (including create, update, delete, authenticate, and scan capabilities) as well as utilize that resource for pass-through authentication.

resource adapter account

Credentials used by an Oracle Waveset resource adapter to access a managed resource.

resource group

Collection of resources used to order the creation, deletion, and update of user resource accounts.

resource wizard

Oracle Waveset tool that steps through the resource creation and modification process, including setup and configuration of resource parameters, account attributes, identity template, and Oracle Waveset parameters.

role

A role is an Oracle Waveset object that allows resource access rights to be grouped and efficiently assigned to users. Roles are organized into four role types: Business Roles, IT Roles, Application Roles, and Assets. IT Roles, Applications, and Assets organize resource entitlements into groups. These three groups are then assigned to Business Roles so that users can access the resources they need to do their jobs.

rule

Object in the Oracle Waveset repository that contains a function written in XPRESS, XML Object, or JavaScript languages. Rules provide a mechanism for storing frequently used logic or static variables for reuse within forms, workflows, and roles.

schema

List of user account attributes for a resource.

schema map

Map of resource account attributes to Oracle Waveset account attributes for a resource.

Oracle Waveset account attributes create a common link to multiple resources and are referenced by forms.

service provider users

Extranet users, or customers of a service provider that are distinguished separately from the service provider company’s personnel or intranet users.

user

Person who holds an Oracle Waveset system account. Users can hold a range of capabilities in Oracle Waveset. Those with extended capabilities are Oracle Waveset administrators.

user account

Account created using Oracle Waveset.

Can refer to either an Oracle Waveset account, or an account on a remote resource managed by Oracle Waveset. The user account setup process is dynamic. Information or fields to be completed depend on the resources provided to the user directly or indirectly through role assignment.

user entitlement

In Oracle Waveset, an auditable access privilege granted to a user on a resource or system that enforces access restrictions.

user interface

In Oracle Waveset, the user interface allows users without administrative capabilities to perform a range of self-service tasks such as changing passwords, setting answers to authentication questions, and managing delegated assignments. Also known as the end-user interface

virtual organization

Organization defined within a directory junction. See directory junction.

work items

an action request generated by an Waveset workflow, form, or procedure. Approvals, change-approvals, attestations, and remediations are four kinds of work item.

workflow

A logical, repeatable process during which documents, information, or tasks are passed from one participant to another. Oracle Waveset workflows comprise multiple processes that control creation, update, enabling, disabling, and deletion of user accounts.