| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Identity Analytics 11gR1 Database Administrator's Guide |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Identity Analytics 11gR1 Database Administrator's Guide |
This chapter describes the tables that make up the Oracle Identity Analytics Roles module.
|
|
The roles that are designed in Oracle Identity Analytics are similar to the job functions in an organization. Each user can be associated with a role and assigned access levels. Roles are defined in the ROLES table and a unique Rolekey identifies each role. A role is assigned a ROLENAME, a ROLEDESCRIPTION, and a ROLECOMMENTS property. In addition, you can specify the department that a role is assigned to by populating the DEPARTMENT field. There are also 10 custom fields that can be used to add additional information about a role. For audit purposes, a role's CREATEUSER, UPDATEUSER, CREATEDATE, and UPDATEDATE fields are provided. The BUSINESSAPPROVER, TECHNICALAPPROVER, USERASSOCIATIONBUAPPROVER, and USERASSOCIATIONTECHAPPROVER fields are provided for Role Life Cycle Management Workflow process.
PK_ROLES - primary key on column ROLEKEY
None
None
|
|
Similar to Business Units, a hierarchy can exist between roles and these can be represented using the ROLEHIERARCHY table in Oracle Identity Analytics. Each role is associated with its parent in the PARENTROLEKEY field. This field contains the rolekey of the parent role.
PK_ROLEHIERARCHY - composite primary key on columns ROLEKEY, PARENTROLEKEY and ROLE_VERSION_ID
None
None
|
|
When a policy is added to or removed from a role in Oracle Identity Analytics, a role approval process is initiated by the System. A snapshot of the existing role is captured and saved into the ROLE_VERSIONS table prior to the initiation of the role approval process. This maintains the role's history, which can be accessed to compare previous versions.
Note - A new version of a role is not created when changes are made to the membership of the role (for example, if users are added or removed from the role).
PK_ROLE_VERSIONS - composite primary key on columns ID
None
IX_ROLE_VERSIONS - non-unique index on column ROLE_ID, VERSION_NUMBER
|
|
Similar to the Business Units, each role has a status that is stored in the ROLESTATUSES table. In Oracle Identity Analytics a role can have the following statuses depending on its stage in the Role Life Cycle:
Active
Inactive
Composing
Pending Approval
Decommissioned
The STATUSKEY field is used to reference the ROLES table and the LABEL describes the status of the role.
PK_ROLESTATUSES - primary key on column STATUSKEY
None
None
|
|
The ROLE_TYPES table is used to define a Role category. The available Role category or Role Types are -
Provisioning Role
Access Control Role
Organizational Role
PK_ROLE_TYPES - composite primary key on columns ID
None
None
|
|
This ROLE_OWNERS table defines the relationship between a role and its owner which can be either a Globaluser or a role in Oracle Identity Analytics. ROLE_ID refers to the role owned in the ROLES table, whereas OWNER_ID refers to the GLOBALUSERS table.
PK_ROLE_OWNERS - composite primary key on columns ID and ROLE_VERSION_ID
None
None
|
|
The ROLE_EXCLUSIONROLES table defines the segregation of duties (SOD) between roles. Each Role defined for SOD has its role key and the corresponding (SOD) role's rolekey defined in the EXCLUSIONROLEKEY column.
PK_ROLE_EXCLUSIONROLES - composite primary key on columns ROLEKEY, EXCLUSIONROLEKEY and ROLE_VERSION_ID
None
|
|
ROLE_POLICIES is the association table for roles and policies. The associations vary with the role and policy versions, thus the columns role_version_id and policy_version_id are also maintained in this table.
PK_ROLE_POLICIES - composite primary key on columns ROLEKEY, POLICYKEY, ROLE_VERSION_ID
None
None
|