8 Using the Access Request Catalog

Oracle Identity Manager supports requesting for entities such as roles, application instances, and entitlements. You can request for these entities by using an access request catalog.

This section describes the following topics:

• Requesting Access for Entities

• Viewing Hierarchical Attributes of Entitlements

• Adding and Removing Catalog Items to and from the Cart

Note:

At some places in this guide, access request catalog has been referred to as catalog or request catalog.

8.1 Requesting Access for Entities

Based on permissions, you can request for access as follows:

1. Log in to Oracle Identity Self Service.

2. In the left pane, under Requests, click Catalog. The Catalog page is displayed.

3. Search for a catalog item that you want to view or modify. You can search by selecting a type of catalog entity from the list and entering keywords, and by clicking the search icon or by pressing Enter.

4. To view the catalog item details, from the search results, click information icon against catalog item. The details of the catalog item are displayed in the Detailed Information dialog box.

5. To modify the catalog item, in the Detailed Information dialog box, modify the attributes of the catalog item and then click Apply to save the changes.

   Note:

   You can modify attribute values if the fields are editable. If you do not have the required permission (catalog administrator or system administrator) to modify the details, then these fields are displayed as read-only. Table 8-1 lists the read-only and modifiable attributes in the Detailed Information dialog box.

   Table 8-1 Read-Only and Modifiable Attributes

   Attribute Name	Read-only/Modifiable	Description
   Name	Read-only	This is the base entity name.
   Display Name	Read-only	This is the display name of the base entity.
   Description	Read-only	This is the description of the base entity.
   Category	Modifiable	This is the user-defined category, After catalog harvesting, category is either Role, Entitlement, or Application instance.
   Audit Objective	Modifiable	This user-editable field can have any relevant value.
   Risk Level	Modifiable	There can be a number of values in the backend. It is an LOV, and values are derived from the lookup.
   User Defined Tags	Modifiable	You can provide any value that can be used in the future for searching the item. This is the way of defining arbitrary tags.
   Approver User	Modifiable	The user who can approve the item.
   Approver Role	Modifiable	The role who can approve the item.
   Certifier User	Modifiable	The user who can certify the item. This field is used by Oracle Identity Analytics (OIA).
   Certifier Role	Modifiable	The role who can certify the item. This field is used by OIA.
   Fulfillment User	Modifiable	This field is used by OIA.
   Fulfillment Role	Modifiable	This field is used by OIA.
   Certifiable	Modifiable	This is a boolean field to indicate whether or not the item is certifiable. Currently, all the items are certifiable after catalog harvesting.

   
   

6. If you want to revert the changes made, then click Revert.

8.1.1 Refining Search Results

After searching for catalog items, as described in "Requesting Access for Entities", you can refine your search results to make it more precise. To do so, in the Refine Search section of the Catalog page, select one or more categories to display the catalog items of those categories. You can select or deselect the Select All checkbox to display or hide all items belonging to the categories.

Categories are a way of organizing entities in a request catalog. Each catalog item is associated with one and only one category. Default categories of a catalog item can be roles, entitlements, or application instances. You can also define new custom categories by changing or updating the category of a catalog item in its detailed information page. For example, you can refine your search result to display catalog items belonging to the entitlements category only by selecting Entitlements in the Categories section.

8.1.2 Supported Search Operators

You use the Catalog field to specify a keyword to search or browse through the request catalog for catalog items. A search keyword is case insensitive. Here are the supported search operators:

• One or more keywords: You can specify one or more keywords as a search condition.

  Sample value for one keyword: administrator

  This search condition finds all catalog items that contain the term "administrator"

  Sample value for more than one keyword: web administrator

  This search condition finds all catalog items that contain the terms web and administrator. This search automatically applies the AND operator to the search keywords. This is because a space character between keywords behaves as an AND operator. Alternatively, you can use an & operator to denote an AND relationship explicitly.

  For example, web administrator and web & administrator return catalog items that contain both web and administrator .

• Phrase search: To search for catalog items that contain the exact phrase that you enter, you must specify the search condition within double quotes (").

  For example, searching for "web administrator" returns catalog items containing the phrase "web administrator"

• OR [|] search: Use the OR [|] operator to search for catalog items containing any of the search keywords.

  Sample value 1: web | administrator

  This search condition returns catalog items containing the term web or administrator.

  Sample value 2: "vision purchasing" | administrator

  This search condition returns catalog items containing the phrase "vision purchasing" or the term administrator.

• Wildcard search: You can use the asterisk (*) symbol as the wildcard to perform search operations. However, the catalog search does not support a search condition that begins with the asterisk (*) symbol. Searching with only * returns all items based upon the option chosen in roles, entitlements, application instances, or all.

  For example, admin* returns catalog items beginning with admin such as administrator and administration.

Note:

You must use single or double quotes while performing search.

8.2 Viewing Hierarchical Attributes of Entitlements

If viewing additional attributes for entitlements is configured, then the request details screen displays the additional attributes. See "Configuring Hierarchical Attributes of Entitlements" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about configuring the display of additional attributes for entitlements.

To view the additional attributes for entitlements:

1. In the Catalog page, search for the catalog items that you want to view. The catalog items that are entitlements are displayed with an arrow icon. These are the entitlements that have XML files associated with them, as described in "Configuring Hierarchical Attributes" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.

   The arrow icon is not displayed for some catalog items because these catalog items do not have XML files associated with them.

2. Click the arrow icon. The additional details with the additional information or the technical glossary is displayed in a new tab. In the additional details tab, the child of the top node is shown. To view the details of the node, click the row.

3. Click the row to view the details. If additional details are present for the child node, then it is displayed on the right side.

   Breadcrumb icons are displayed at the top of the additional details popup. The texts in the breadcrumbs are hyperlinks. You can click the hyperlinks to navigate between the nodes.

8.3 Adding and Removing Catalog Items to and from the Cart

A request cart, also known as a cart, contains a set of catalog items that the user selects from the request catalog. Users can add catalog items to the request cart to submit a request for entities such as roles, entitlements, and application instances. The request cart does not persist across user sessions.

To add catalog items to the cart:

1. Log in to Identity Self Service.

2. Search for the catalog items that you want to add to the cart. See "Requesting Access for Entities" for the procedure to search for catalog items.

3. If required, narrow down your search result by selecting or deselecting one or more categories in the Refine Search section. You can select or deselect the Select All checkbox to display or hide all the items belonging to the categories.

4. Select a catalog item that you want to request, and then click Add to Cart.

   You can also select multiple items by pressing Ctrl and clicking the items, and then clicking Add Selected to cart. You can also select a series of items by pressing Shift and selecting the first and the last items in the series.

5. Click Edit. The Request Cart dialog box is displayed with a list of catalog items in the cart, as shown in Figure 8-1:

   Figure 8-1 The Request Cart

   
   Description of "Figure 8-1 The Request Cart"
   
   

6. Select a catalog item to display detailed information about the item. Review the details, and if required, you can remove the item from the cart by clicking Remove for the corresponding item.

   Alternatively, you can click Remove All to delete all items from the cart.