Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Identity Analytics Business Administrator's Guide 11g Release 1 |
1. Oracle Identity Analytics Identity Warehouse
2. Oracle Identity Analytics Importing
3. Oracle Identity Analytics ETL Process
4. Oracle Identity Analytics Data Correlation
5. Oracle Identity Analytics Role Engineering and Management
Understanding Role Mining, Role Consolidation, and Entitlements Discovery
Setting Role Mining Attributes
Using the Role Mining Wizard Display Controls
Using the Mining Criteria Page
Using the Role Engineering Data Preview Page
Running or Scheduling a Role Mining Task
To Run or Schedule a Saved Role Mining Task
Validating and Saving Role Mining Results
To Validate and Adjust Role Discovery Results
Using the Role Mining Results Page
Using the Mining Statistics Tab
Using the Classification Rules Tab
Performing Entitlements Discovery
To Perform Entitlements Discovery
Creating and Using Role Provisioning Rules
To Approve/Reject Role Provisioning Rules
To Deactivate or Decommission Rules
To Preview Role Provisioning Rules Job
6. Oracle Identity Analytics Workflows
7. Oracle Identity Analytics Identity Certifications
8. Oracle Identity Analytics Identity Audit
9. Oracle Identity Analytics Reports
10. Oracle Identity Analytics Scheduling
11. Oracle Identity Analytics Configuration
Organizations are in a constant state of flux. Any change in an employee's responsibility also means assigning or revoking user access. To meet this challenge, Oracle Identity Analytics enables you to create role provisioning rules.
Role provisioning rules automatically assign roles to a user, if the user meets the rule condition. The condition can include HR attributes or entitlement-related information.
Log in to Oracle Identity Analytics.
Choose Role Management > Rules.
Click New Rule, complete the form, and click Next.
Create the condition for the rule and click Next.
Select the Object (four options are provided: User, Role, Business Unit, and Resource Types), an attribute, a condition, and a value.
Select AND or OR from the menu in the Operation column to add additional conditions.
Select two or more rules and use the Group and Ungroup buttons to create complex conditions.
Click Select Role, choose a role from the roles listed, and click Next.
If the user meets the condition, the user is assigned the chosen role.
Click Add Owners, select the user who should own this role, and click Next.
Use the quick or advanced search options, as needed.
Select from the following options:
No Changes - If any change occurs to the attributes or its values, this option does not make any change.
Remove Role Immediately - If any change occurs to the attributes or its values, this option removes the role immediately.
Remove Role after days - If any change occurs to the attributes or its values, this option removes the role after the selected number of days.
Notify Administrator - If any change occurs to the attributes or its values, this option sends an e-mail based on the e-mail template to the concerned actor.
Click Finish.
The role provisioning rule is created and the rule state is marked as composing.
To send the rule for approval, select the rule and click Send for Approval.
The status of the rule is changed to Pending Approval.
Note - The current status of a newly created role provisioning rule is composing or pending approval until the rule is approved by the rule owner or the administrator. Thereafter, the rule becomes active. Action can only be taken on active rules.
Log in to Oracle Identity Analytics.
Choose My Requests > Pending Requests.
This page displays the pending role provisioning rule request.
Do one of the following:
To approve the rule, select the rule and click the Approve button.
To reject the rule, select the rule and click the Reject button.
The rule is displayed in the Completed Requests page. If approved, the rule's status (under the Role Management tab) is changed to active.
Note - Only approved roles become active.
- Note the following:
Decommissioning a rule makes the rule invalid permanently. It cannot be made active again, but it remains in the software to enable better rule lifecycle management.
De-activating a rule makes the rule invalid temporarily. It can be made active again by changing the state of the rule.
Log in to Oracle Identity Analytics.
Choose Role Management > Rules.
Click a rule to edit it.
The Edit Rule page opens.
Select a new status from the New Status drop-down menu.
Click Save.
After you save your changes, a new version of the rule is created. To make the changes effective, the new version needs to be approved. See To Approve/Reject Role Provisioning Rules for information.
You can preview the results of a role-provisioning rules job.
You can preview the results of rules in the composing state, however the results cannot be saved until the rule is active.
Log in to Oracle Identity Analytics.
Choose Role Management > Rules.
Click Preview in the Actions column.
Click the Selection Strategy drop-down menu and choose from the following:
All Business Structures - Selects users from all business structures.
Selected Business Structures - Selects the users from the selected business structures.
All Users - Selects all users in Oracle Identity Analytics.
Users criteria - Selects users based on the condition you create. Click Preview to get an idea of the users selected.
Selected Users - Selects users which you choose individually.
Click Next. Based on the user selection strategy in Step 4, select the desired business structures or users and click Next
A summary page opens.
Click Preview.
A Role Provisioning Jobs page opens and displays the status of the preview action.
Select the rule after the status is 100 percent complete.
The preview results appear.
Select one of the following:
Apply - Saves the results of the action.
Don't Apply - Does not save the results of the action.
Role provisioning rules can be run only if the rule is in the active state. See To Approve/Reject Role Provisioning Rules to change the rule state to active.
Log in to Oracle Identity Analytics.
Choose Role Management > Rules.
Select Run next to the rule that you want to run.
Click the Selection Strategy drop-down menu and choose from the following:
All Business Structures - Selects users from all business structures.
Selected Business Structures - Selects the users from the selected business structures.
All Users - Selects all users in Oracle Identity Analytics.
Users criteria - Selects users based on the condition you create. Click Preview to get an idea of the users selected.
Selected Users - Selects users which you choose individually.
Click Next. Based on the user selection strategy in Step 4, select the desired business structures or users and click Next
A summary page opens.
Choose one of the following:
To run now, click Run Now.
Click View Results to view the results.
To run the job later, click Run Later.
Complete the form, including name, description, and time and day for the task to start.
A summary page opens.
Click Schedule.
Note - To run multiple rules simultaneously, select the desired rule and click Run.
In Oracle Identity Analytics, rules play a pivotal part in role management. Therefore, every action taken on any role provisioning rule is saved in the software and can be referred to at any given point.
Log in to Oracle Identity Analytics
Choose Role Management > Rules.
All the rules and their states are displayed.
Select the desired rule.
The Edit Role Provisioning Rule page appears.
General tab - Displays information such as Rule Name, Description, Role (assigned to the rule), Current Status, New Status, Creation, and Update dates.
Conditions tab - Displays the condition associated with the rule.
Ownership tab - Displays the rule owner.
Versions tab - Displays all the previous versions of the rule. Any change, which occurs in the rule condition, rule owner, or status, is recoded in Rule Versions.
History tab - Displays the history of various changes made to the rule. All changes are recorded except rule condition, rule owner, or status changes.
Action tab - Displays the Unassign Rule Option.
Select the desired tab to make the required change in the rule.
Click Save.