| Oracle® Fusion Middleware User's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) E14316-05 |
|
 Previous |
 Next |
| Oracle® Fusion Middleware User's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) E14316-05 |
|
Previous |
Next |
In the Welcome page of Oracle Identity Manager Self Service, when you click Tasks, the My Tasks page is displayed. This page displays the task instances of specific types. These types are associated with specific Oracle Identity Manager components. The task types are approvals, provisioning, and attestation. The My Tasks page can be used by both administrators and end-users. For example, an IT department personnel responsible for delivering a laptop to an employee may not be an Oracle Identity Manager administrator, but needs to view and change provisioning tasks.
The following task types are supported in Oracle Identity Manager:
Approval tasks: These tasks are instantiated by request service and correspond to associated requests that are in the user or administrator's queue to be approved. For more information about approval tasks, see "Managing Approval Tasks".
Provisioning tasks: These tasks correspond to either pending manual provisioning tasks or failed automatic provisioning tasks in the user or administrator's queue. For more information about provisioning tasks, see "Managing Provisioning Tasks".
Attestation tasks: These tasks correspond to outstanding attestation process in the user or administrator's queue. For more information about attestation tasks, see "Managing Attestation Tasks".
|
Note: Only approval tasks are fetched from BPEL and rest of the tasks come from Oracle Identity Manager. |
In Oracle Identity Manager, the Oracle BPEL request service is used to handle various aspects of human interaction in Oracle Identity Manager workflows. This request service is used to assign tasks to identities, such as users and roles. You can perform various operations upon tasks assigned to you. For example, you can approve, reject, or claim a task, or request for more information. The process flow in corresponding Oracle Identity Manager workflow is dependent on the outcome of given tasks.
|
See Also: "Approval Workflows" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information information about BPEL workflows |
When a request is submitted, the request service eventually utilizes the BPEL request service and initiates the approval as a task in Oracle BPEL server. This task is assigned to the approver. Further processing of this request by request service remains pending, which is subject to the outcome of the corresponding task. The approver must be able to access the Approvals tab in the All Tasks section that lists all the tasks assigned to the approver. The approver can now act upon this task and set its outcome, for example, approve or reject. After the task outcome has been set, the request service resumes the processing of the request that is based on the task outcome.
On successful submission of requests, the request service invokes request service, which creates BPEL Human Tasks and assigns them to users or roles in Oracle Identity Manager. Authenticated users can view the tasks waiting for action in the Approvals tab. When you click Tasks in Oracle Identity Manager Self Service, the Approvals tab is open by default.
In the first section of the Approvals tab page, you can search for requests based on task name, request ID, start date, and end date. The search results are displayed in a table in the lower part of the Approval tab page. From the View Tasks Assigned To list, you can select the following:
You Only: To sort only the approval tasks assigned to you
Roles You Have: To sort the requests assigned to the roles of which you are a member
You and Roles You Have: To sort the requests assigned to you and to the roles of which you are a member
Users You Manage: To sort the requests assigned to your reportees
The table in the lower part of the Approvals tab page lists all tasks that are assigned to you and Roles you have, by default. Using this table, you can perform operations on tasks and can also view the Task details. For information about task details, see "Viewing Task Details".
Table 9-1 describes the columns in the full tasklist view table:
Table 9-1 Columns in the Full Tasklist View Table
| Column | Description |
|---|---|
|
Request ID |
ID of the request associated with the approval task |
|
Request Type |
The type of request |
|
Beneficiary |
The beneficiary for the request |
|
Request Target |
The target entity associated with the request. It can be either role name or resource name or user name Example 1: For "Assign Roles" type of request, it is role name Example 2: For "Provision Resource" type of request, it is resource name Example 3: For "Modify User" type of request it is user display name |
|
Requester |
The user who created and submitted the request |
|
Assignee |
The user or role to whom the approval task is assigned |
|
Date Assigned |
The date when the task was assigned to you or the role |
You can perform the following tasks in the Approvals tab:
When you click on Request ID link of any of the approval tasks in the table, Task details are shown for that approval task.
The Task Details page displays a detailed view of the request in the Basic Details and Request Information sections. This view type lists the complete details of a selected task. It allows complete management of the listed task. To display the task details view, select a row in the full tasklist table, and then select Open Task Details from the Actions list.
If some attributes are marked as approver-only in request dataset, then there will be an additional section called "Additional Data From Approver". It is in this section, where approver can provide data, without which the approver will not be allowed to approve a request. In the next level of approval, the approver can modify the data, if required. Similarly, if the approver sends the task to another user for more information (using "Request For Information" operation), then the user to whom it is assigned can see an additional section called "Additional Request Information" in Task details and the user can send a response to the information requested.
In addition, the following tabs display details associated to the request:
Resources or User or Role: The Resources tab is dynamically generated based on the request type. It displays a list of beneficiaries, name of the target resources, and links to view the details about the target resources.
The User tab shows the user details that is part of a request. For example, in case of CreateUser, User tab displays the user name and "View Details" link will provide the attributes of the user provided during the request creation.
The Role tab shows the role details that is part of a request. For example, it can be a role name that you want to add or remove.
Request Comments: This tab displays any request comments associated with the request. The comments recorded are questions and responses for Request for Information. For example, the comments that an approver requests for additional information from the user and the response provided by the user to those queries are recorded in this section.
Request History: This tab displays the various changes the request has been through in the process of execution.
Modification of task details can only be performed in the Task Details page. Following modifications are supported:
An approver might need to fill in some mandatory request information before approving the corresponding task. For this, the Task Details page displays the "Additional Data From Approver" section, where approver can fill in the required information.
An approver can explicitly add comments in task. All the request comments are displayed in the Request Comments tab in the Task Details page. You can also add comments indirectly while requesting for more information or submitting information on a task. For information about requesting for more information and submitting information, see "Requesting for More Information" and "Submitting Information" respectively.
If a task is assigned to a group, then all users who belong to that group view the task in their queue. You can claim a task that is assigned to the roles you have, and approve it later. For example, when a request is created to provision a laptop to a user, the request-level approval is configured to be provided by the requester's manager, and the operation-level approval is configured to be given by a user who is a member of the resource IT administrator group. Therefore, after the request-level approval is obtained, the request is submitted for operational-level approval. For this, the user who is a member of the resource IT administrators group must first claim the task to be able to approve or reject it later.
To claim a task:
In the Welcome page of Oracle Identity Manager Self Service, click Tasks.
From the View Tasks Assigned To list, select Roles You Have. The tasks assigned to the roles to which you are a member are displayed in the search results table.
Select the task that you want to claim.
From the Actions list, select Claim Task. A message is displayed asking for confirmation.
Click OK.
The Approval Tasks displayed in the Approvals table can be of the following two levels of approval:
Request Level
Operational Level
To approve a request level task that is assigned to you:
Go to Tasks, Approvals and click Search. As an approver, if you are expected to provide some information before approving the task, then provide the information in the "Additional Data From Approver" section of the Task Details page.
|
Caution: If no information is provided before approving a task for which information is requested, then you are not allowed to approve the request until you provide some information in the "Additional Data From Approver" section. |
Select a request in the full tasklist view table.
From the Actions list, select Approve Task. The request is approved and is no longer displayed in the full tasklist view table.
To approve a operational level task that is assigned to you:
Go to Tasks, Approvals and click Search. The operational level requests are displayed.
Select a request in the full tasklist view table.
From the Actions list, select Approve. The request is approved and is no longer displayed in the full tasklist view table.
To reject a request that is assigned to you:
Go to Tasks, Approvals and click Search.
Select a request in the full tasklist view table.
From the Actions list, select Reject Task. The system prompts you to enter comments for rejecting the request.
Enter the comments and click Reject. The task is rejected and is no longer displayed in the full tasklist view table. The comments that you enter here are recorded in the "Request Comments" section of the Task Details page.
To reassign a request that is assigned to you:
Go to Tasks, Approvals and click Search.
Select a request in the full tasklist view table.
From the Actions list, select Re-Assign. The Re-Assign Task dialog box is displayed.
Search and select the user to whom you want to re-assign the task.
Click Re-Assign.
|
Note: The functionality supported by Oracle Identity Manager task list is a subset of functionality offered by SOA human workflow component. For example, Oracle Identity Manager task list does not support reassigning tasks to roles. However, SOA human workflow does support this feature functionality. |
An approver can request the Requester or some other user (in Oracle Identity Manager) for more information about the request associated with the task. After this action is performed, the task is converted to Request For Information (RFI) type of task and is assigned to the specified user. This action is only available on the task details view. The exchange of information between the approver and the user is added to the Comments tab of the Task Details page.
To request for more information about a task:
Go to Tasks, Approvals and click Search.
In the Task Details window for a task, from the Actions list, select Request More Information. The Request More Information dialog box is displayed.
In the Send to field, select Requester or search and select some other user from whom you want more information about the task.
Enter the details about the required information.
Click Submit Request. A message is displayed stating that the task is sent for additional information.
Click OK.
When the user to whom the information is requested views the request in the Approvals tab page of Oracle Identity Manager Self Service, RFI is added to the task preview, as shown in Figure 9-1:
When you select the task and expand the Actions menu, the Approve, Reject, Re-Assign, and Claim Task options are not available because you must provide the requested information before performing any of these actions. Only the Task Details option is available, as shown in Figure 9-2, so that you can view the details of the task and provide the requested information.
Figure 9-2 Available Option for an RFI Task
This action is only applicable on the RFI type of tasks. You can provide the requested information by using task comment(s), and then use this action to submit the requested information. After this action is performed, the task is converted to original approval task again. It is then reassigned back to the original user who had requested for more information and task approval flow continues from there. This action is only available on the task details view.
User can submit the additional info requested by approver using this action. The requested query will be shown and the user needs to provide the details. The exchange of information is recorded as comments.
To submit information:
In the Task Details: Approval tab, click on the Request ID link of the RFI task. Alternatively, you can select the RFI task, and from the Actions menu, select Task Details. The Task Details view for the RFI task is displayed, as shown in Figure 9-3:
In the Additional Request Information section, in the Response field, enter the information that is requested about the task.
Click Submit to Approver. A message is displayed stating that the additional information is submitted successfully.
Click OK.
The task is no longer displayed as RFI task in the Approvals tab. This task can now be approved, rejected, reassigned, or claimed.
All the additional information submitted for a request can be viewed in the Request Comments tab of the Task Details page.
This tab displays all provisioning tasks assigned to you or pending actions in your inbox. The list does not include automatic provisioning tasks, for example, the task for collecting a cell phone in the IT administrator's provisioning task queue. However, failed automatic provisioning tasks that you must review to take corrective action are displayed in your inbox. You must take corrective action, such as retry and manually complete, on those tasks.
The provisioning tasks feature is used by administrators as well as users. For example, the person in IT administration who is responsible for delivering a laptop computer to an employee may not be an administrator in Oracle Identity Manager, but must view and change provisioning tasks.
You can perform the following tasks in the Provisioning tab:
The first section in the Provisioning tab page allows you to search for the provisioning tasks assigned to you or on which your action is pending. Specify values in the following fields to search for the provisioning tasks:
Match: Select All if you want to match all the search criteria that you specify. Select Any if you want to match any search criteria that you specify.
Task Name: Specify a task name that you want to search. To do so, select any one of the equal, contains, begins with, or ends with search operations.
Resource Name: Specify a resource name whose provisioning task you want to search. To do so, select any one of the equal, contains, begins with, or ends with search operations.
Status: Select Pending or Rejected to search for tasks for which your action is pending or for rejected tasks respectively.
After specifying the search criteria, when you click Search, the search results table is displayed. Table 9-2 lists the fields in the search results table:
Table 9-2 Fields in the Provisioning Tasks Search Results Table
| Field | Description |
|---|---|
|
Task Name |
The name of the task |
|
Task Status |
The status of the task, which is Pending or Rejected |
|
Resource Name |
The name of the resource, which is affected by this task |
|
Beneficiary |
The user whose provisioned resource will get affected because of this task |
|
Date Assigned |
The date and time when the Provisioning task has been assigned to the Assignee |
|
Assignee |
The user to whom the task is assigned |
To view provisioning task details:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task whose detail you want to view.
From the Actions list, select Open Task Detail.
Table 9-3 lists the fields in the Task Details window:
Table 9-3 Fields in the Task Details Window
| Field | Description |
|---|---|
|
Task Name |
The name of the task |
|
Resource Name |
The name of the resource, which is affected by this task |
|
Description |
A description of the task |
|
User |
The beneficiary user name |
|
Status |
The status of the task, Pending or Rejected |
|
Response |
The response set by the user on the Set Response page Note: For information about setting response, see "Setting Response for a Task". |
|
Response Description |
The description of the response that is defined in the Response tab of the Task Definition section in Oracle Identity Manager Design Console |
|
Notes |
The additional comments entered by the approver |
|
Assigned to |
The user to whom or role to which the task is assigned Note: If the task is assigned to a role, this property will come as "Assigned to Role" with the role details. |
|
Error Details |
The error, if any, while setting the response |
|
Projected Start |
The date when the task is scheduled to start |
|
Projected End |
The date when the task is suppose to end |
|
Actual Start |
The date when the task was started |
|
Actual End |
The date when the task was ended |
|
Last Update |
The date when the task was last updated |
As an approver, you can set a response for the task while taking an action on the task. To set a response for a task:
|
Note: Response cannot be set if there are no response codes defined for the corresponding tasks. Response codes are defined by using Oracle Identity Manager Design Console. For more information about defining response codes, see Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager. |
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task whose detail you want to view.
From the Actions list, select Open Task Detail. The Task Details window is displayed.
In the Specify Task Responses page, select one of the multiple responses defined and click Set Response.
Notes are additional comments provided by the approver. These comments are optional.
To add notes to a task:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task whose detail you want to view.
From the Actions list, select Open Task Detail. The Task Details window is displayed.
In the Task Details window, click Add Notes. The Add Notes for Task window is displayed, as shown in Figure 9-4:
In the Enter Additional Notes field, enter the note that you want to add to the task.
Click Add Notes.
As the approver, you can reassign a task to another user or role for taking appropriate action on the task. When the task is reassigned to another user, the assignee becomes the approver. When the task is reassigned to a role, any one member of that role can approve or reject the task.
To reassign a task to another user or role:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task whose detail you want to view.
From the Actions list, select Open Task Detail. The Task Details window is displayed.
In the Task Details window, click Reassign. The Select User Assignee for Task window is displayed, as shown in Figure 9-5:
Figure 9-5 The Select User Assignee for Task Window
Select User or Role depending on what you want to search for. A list of users or roles is displayed, depending on your selection. You can also filter the search by specifying a criteria for filtering and entering a value in the Filter By field.
In the Reassign column, select a user or role to whom you want to assign the task.
Click Reassign.
In the Confirm Tasks to Reassign page, read the details of the action that you are performing and select Confirm Re-assign Task to reassign the task or select Cancel Re-assign Task to cancel the task reassignment.
Check whether the value in the Assigned to section is properly updated according to the above reassignment action.
To view the assignment history of a task:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task whose detail you want to view.
From the Actions list, select Open Task Detail. The Task Details window is displayed.
In the Task Details window, click Task Assignment History. The Task History window is displayed, as shown in Figure 9-6:
The task assignment history is displayed in the fields, as shown in Table 9-4:
Table 9-4 Fields in the Task History Window
| Field | Description |
|---|---|
|
Task Status |
The status of the task, Pending or Rejected |
|
Task Action |
The source details of the task, for example, when the task is first created it will be "Engine". If the user reassigns the task, it will be "User". |
|
Assign Type |
The type of the assignee of the task, for example, when the task is assigned for the first time, it is "Default Task Assignment". If the task is reassigned, then its value is either user or role. |
|
Assigned to User |
The user to whom the task is assigned |
|
Assigned to Role |
The role to which the task is assigned |
|
Assigned By |
The user who assigned the task |
|
Assigned Date |
The date when the task was assigned |
You can view the process form attached with a task. These are process forms associated with the underlying process definition. A task is embedded in the process definition.
To view the process form attached with a task:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task for which you want to view the process form.
From the Actions list, select Open Form. The View Form window is displayed.
To modify the process form details:
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task for which you want to modify the process form.
From the Actions list, select Edit Form.
Modify the required details and click Save.
As the approver, you can retry a task when an error was generated while setting the response in the first attempt. To retry a task:
|
Note: Only automated tasks can be retried, and an adapter must be attached to the task. Manual tasks cannot be retried. |
Go to Tasks, Provisioning and click Search.
In the search results table of the Provisioning tab. select a task that you want to retry.
From the Actions list, select Retry Task. A message is displayed stating the status, whether the task is successfully retried or not.
Attestation enables users designated as reviewers to be notified of reports they must review. These reports describe provisioned resources of other users. A reviewer can attest to the accuracy of the entitlements by providing a response. The attestation action, along with the response the reviewer provides, any associated comments, and an audit view of the data that the reviewer views and attests to, is tracked and audited to provide a complete trail of accountability. In Oracle Identity Manager, this process is known as an attestation task.
An attestation process is the mechanism by which an attestation task is set up. Input that an attestation process requires includes information about how to define the components that constitute the attestation task and how to associate the attestation task with a schedule at which the task must be run. This definition is also the basis on which the attestation task can be initiated when required.
The Attestation tab in Oracle Identity Manager Self Service displays all attestation processes assigned to you or pending your actions in your inbox. In the My Tasks section, when you click the Attestation tab, the Attestation page is displayed.
You can perform the following tasks in the Attestation tab:
To search for attestation tasks:
Go to Tasks, Attestation.
In the Search Task section of the Attestation tab, select All to search all the tasks that match the criteria you specify. Otherwise, select Any to search any task that matches your criteria.
In the Task Name field, enter the name of the task that you want to search. To do so, select the equals, contains, ends with, or begins with search operators.
In the Start Date field, specify a start date of the task by using the Start Date icon next to the field. To do so, select the after, equals, or before search operators.
Click Search. The attestation tasks that match the search criteria are displayed in a search results table. Table 9-5 shows the fields in the search results table:
Table 9-5 Fields in the Attestation Task Search Results Table
| Field | Description |
|---|---|
|
Task Name |
The name of the task. |
|
Process Code |
An unique identifier for the task that is entered by the user. |
|
Start Date |
The start date of the attestation task. |
|
Type |
The type of task. This is hard coded as 'Access Right'. |
|
Number of records |
The number of records displayed as the search result. |
To view attestation request detail:
Go to Tasks, Attestation.
In the Attestation tab, select an attestation task for which you want to view the request detail.
From the Actions list, select Attestation Request Detail. The Attestation Request Detail window is displayed, as shown in Figure 9-7:
|
Note: Multiple users, designated as reviewers can view the attestation request details. However, only one user, whoever does it first, can submit the attestation. |
Figure 9-7 The Attestation Request Detail Window
Table 9-6 lists the fields in the Attestation Request Detail window:
Table 9-6 Fields in the Attestation Request Detail Window
| Field | Description |
|---|---|
|
Process |
Name of your attestation process created. |
|
Request Time |
The time when the request is created. |
|
Hide records where action has already been specified |
Whether or not the records for which action has been specified must be hidden from the list of attestation requests. |
|
User |
User whose entitlement is being attested. The data is displayed as a link. When you click the link, the user profile page is displayed with the user details for the attestation date. |
|
Resource |
Resource that is the basis for the entitlement being attested. The data is displayed as a link. When you click the link, a page is displayed with the process form data of the entitlement for the attestation date. |
|
Descriptive Data |
Description of the provisioned resource instance. |
|
Last Attested |
Last response that was provided for the attestation. |
|
Comments |
Reviewer comments. The comments will be updated in this field, when you click Update Existing Comments and Delegation Information. Long comments are truncated, and tooltips are used to show the full text of the comments. |
|
Actions |
Action to be performed on the request. The value can be one of the following:
|
|
Submit Attestation |
Click this button to submit the attestation request. |
|
Save |
Click this button to save the attestation request for future submission. |
|
 Copyright © 1991, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
