JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

Understanding Role Mining, Role Consolidation, and Entitlements Discovery

Role Mining

Role Consolidation

Entitlements Discovery

Performing Role Mining

Setting Role Mining Attributes

To Set Role Mining Attributes

Creating a Role Mining Task

To Create a Role Mining Task

Using the Role Mining Wizard Display Controls

Using the Mining Criteria Page

Using the Role Engineering Data Preview Page

Running or Scheduling a Role Mining Task

To Run or Schedule a Saved Role Mining Task

Validating and Saving Role Mining Results

To Validate and Adjust Role Discovery Results

Using the Role Mining Results Page

Using the Roles Tab

Using the Mining Statistics Tab

Using the Classification Rules Tab

Using the Users in Roles Tab

Performing Role Consolidation

To Consolidate Roles

Performing Entitlements Discovery

To Perform Entitlements Discovery

Creating and Using Role Provisioning Rules

To Create New Rules

To Approve/Reject Role Provisioning Rules

To Deactivate or Decommission Rules

To Preview Role Provisioning Rules Job

To Run Role Provisioning Rules Job

To Manage Lifecycle of Rules

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

8.  Oracle Identity Analytics Identity Audit

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Creating and Using Role Provisioning Rules

Organizations are in a constant state of flux. Any change in an employee's responsibility also means assigning or revoking user access. To meet this challenge, Oracle Identity Analytics enables you to create role provisioning rules.

Role provisioning rules automatically assign roles to a user, if the user meets the rule condition. The condition can include HR attributes or entitlement-related information.

To Create New Rules

  1. Log in to Oracle Identity Analytics.

  2. Choose Role Management > Rules.

  3. Click New Rule, complete the form, and click Next.

  4. Create the condition for the rule and click Next.

    1. Select the Object (four options are provided: User, Role, Business Unit, and Resource Types), an attribute, a condition, and a value.

    2. Select AND or OR from the menu in the Operation column to add additional conditions.

    3. Select two or more rules and use the Group and Ungroup buttons to create complex conditions.

  5. Click Select Role, choose a role from the roles listed, and click Next.

    If the user meets the condition, the user is assigned the chosen role.

  6. Click Add Owners, select the user who should own this role, and click Next.

    Use the quick or advanced search options, as needed.

  7. Select from the following options:

    • No Changes - If any change occurs to the attributes or its values, this option does not make any change.

    • Remove Role Immediately - If any change occurs to the attributes or its values, this option removes the role immediately.

    • Remove Role after days - If any change occurs to the attributes or its values, this option removes the role after the selected number of days.

    • Notify Administrator - If any change occurs to the attributes or its values, this option sends an e-mail based on the e-mail template to the concerned actor.

  8. Click Finish.

    The role provisioning rule is created and the rule state is marked as composing.

  9. To send the rule for approval, select the rule and click Send for Approval.

    The status of the rule is changed to Pending Approval.

Note - The current status of a newly created role provisioning rule is composing or pending approval until the rule is approved by the rule owner or the administrator. Thereafter, the rule becomes active. Action can only be taken on active rules.

To Approve/Reject Role Provisioning Rules

  1. Log in to Oracle Identity Analytics.

  2. Choose My Requests > Pending Requests.

    This page displays the pending role provisioning rule request.

  3. Do one of the following:

    • To approve the rule, select the rule and click the Approve button.

    • To reject the rule, select the rule and click the Reject button.

      The rule is displayed in the Completed Requests page. If approved, the rule's status (under the Role Management tab) is changed to active.

Note - Only approved roles become active.

To Deactivate or Decommission Rules

- Note the following:

  1. Log in to Oracle Identity Analytics.

  2. Choose Role Management > Rules.

  3. Click a rule to edit it.

    The Edit Rule page opens.

  4. Select a new status from the New Status drop-down menu.

  5. Click Save.

After you save your changes, a new version of the rule is created. To make the changes effective, the new version needs to be approved. See To Approve/Reject Role Provisioning Rules for information.

To Preview Role Provisioning Rules Job

You can preview the results of a role-provisioning rules job.

You can preview the results of rules in the composing state, however the results cannot be saved until the rule is active.

  1. Log in to Oracle Identity Analytics.

  2. Choose Role Management > Rules.

  3. Click Preview in the Actions column.

  4. Click the Selection Strategy drop-down menu and choose from the following:

    • All Business Structures - Selects users from all business structures.

    • Selected Business Structures - Selects the users from the selected business structures.

    • All Users - Selects all users in Oracle Identity Analytics.

    • Users criteria - Selects users based on the condition you create. Click Preview to get an idea of the users selected.

    • Selected Users - Selects users which you choose individually.

  5. Click Next. Based on the user selection strategy in Step 4, select the desired business structures or users and click Next

    A summary page opens.

  6. Click Preview.

    A Role Provisioning Jobs page opens and displays the status of the preview action.

  7. Select the rule after the status is 100 percent complete.

    The preview results appear.

  8. Select one of the following:

    • Apply - Saves the results of the action.

    • Don't Apply - Does not save the results of the action.

To Run Role Provisioning Rules Job

Role provisioning rules can be run only if the rule is in the active state. See To Approve/Reject Role Provisioning Rules to change the rule state to active.

  1. Log in to Oracle Identity Analytics.

  2. Choose Role Management > Rules.

  3. Select Run next to the rule that you want to run.

  4. Click the Selection Strategy drop-down menu and choose from the following:

    • All Business Structures - Selects users from all business structures.

    • Selected Business Structures - Selects the users from the selected business structures.

    • All Users - Selects all users in Oracle Identity Analytics.

    • Users criteria - Selects users based on the condition you create. Click Preview to get an idea of the users selected.

    • Selected Users - Selects users which you choose individually.

  5. Click Next. Based on the user selection strategy in Step 4, select the desired business structures or users and click Next

    A summary page opens.

  6. Choose one of the following:

    • To run now, click Run Now.

      Click View Results to view the results.

    • To run the job later, click Run Later.

      1. Complete the form, including name, description, and time and day for the task to start.

        A summary page opens.

      2. Click Schedule.

Note - To run multiple rules simultaneously, select the desired rule and click Run.

To Manage Lifecycle of Rules

In Oracle Identity Analytics, rules play a pivotal part in role management. Therefore, every action taken on any role provisioning rule is saved in the software and can be referred to at any given point.

  1. Log in to Oracle Identity Analytics

  2. Choose Role Management > Rules.

    All the rules and their states are displayed.

  3. Select the desired rule.

    The Edit Role Provisioning Rule page appears.

    • General tab - Displays information such as Rule Name, Description, Role (assigned to the rule), Current Status, New Status, Creation, and Update dates.

    • Conditions tab - Displays the condition associated with the rule.

    • Ownership tab - Displays the rule owner.

    • Versions tab - Displays all the previous versions of the rule. Any change, which occurs in the rule condition, rule owner, or status, is recoded in Rule Versions.

    • History tab - Displays the history of various changes made to the rule. All changes are recorded except rule condition, rule owner, or status changes.

    • Action tab - Displays the Unassign Rule Option.

  4. Select the desired tab to make the required change in the rule.

  5. Click Save.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next