JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
search filter icon
search icon

Document Information


1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

Understanding Role Mining, Role Consolidation, and Entitlements Discovery

Role Mining

Role Consolidation

Entitlements Discovery

Performing Role Mining

Setting Role Mining Attributes

To Set Role Mining Attributes

Creating a Role Mining Task

To Create a Role Mining Task

Using the Role Mining Wizard Display Controls

Using the Mining Criteria Page

Using the Role Engineering Data Preview Page

Running or Scheduling a Role Mining Task

To Run or Schedule a Saved Role Mining Task

Validating and Saving Role Mining Results

To Validate and Adjust Role Discovery Results

Using the Role Mining Results Page

Using the Roles Tab

Using the Mining Statistics Tab

Using the Classification Rules Tab

Using the Users in Roles Tab

Performing Role Consolidation

To Consolidate Roles

Performing Entitlements Discovery

To Perform Entitlements Discovery

Creating and Using Role Provisioning Rules

To Create New Rules

To Approve/Reject Role Provisioning Rules

To Deactivate or Decommission Rules

To Preview Role Provisioning Rules Job

To Run Role Provisioning Rules Job

To Manage Lifecycle of Rules

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

8.  Oracle Identity Analytics Identity Audit

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Performing Entitlements Discovery

This module analyzes legacy roles in order to define, re-evaluate, and refine the content of these roles. Entitlements Discovery can also be used for role consolidation if you need to include more applications in the role entitlement mix.

Once roles have been defined for critical applications, you might not want to add new roles or change the makeup of a role, but instead introduce a larger domain of application entitlements in those roles. In this case, select the relevant attributes of the new application as minable only and run Entitlements Discovery on the existing roles.

The Role Entitlements Discovery process can also be applied to top-down roles that are already defined in the organization in order to expedite the hybrid, best-practice role definition process.

To Perform Entitlements Discovery

  1. Log in to Oracle Identity Analytics.

  2. Choose Role Management > Entitlements Discovery.

    The Choose Attribute Type Strategy page opens.

  3. Select Evaluate Minable attributes and click Next.

  4. Select the desired role from the Available Roles panel on the left.

    The Available Users panel on the right displays the users that belong to that role.

  5. Select one or more users.

  6. Do one of the following:

    • Click the Display drop-down menu at the bottom of the panel to view more users on the page.

    • Select Page at the top of the panel to select all the users on the current page, or select clear Page to deselect the users on the current page.

    • Select All to select all users across all pages, or clear All to deselect all users.

  7. Click Next.

  8. On the left side of the screen, select a Role and click View Details.

  9. Select a cut-off percentage for each policy and click Save Policies.

    The cut-off slider at the bottom of the page can be set to a percentage so that only the users that have an equal or higher similarity-percentage will appear in the result.

  10. Choose Identity Warehouse > Policies to view the time-stamped policies.

    The access (attributes) related to these policies can be evaluated and added or removed as required. Policies, once renamed and finalized, can be re-associated to the original role.

Note - Before changing policies (or the associated access attributes), consult with the business owner or role owner.