This appendix provides the list of Admin Role capabilities in Table B-1 and the list of Self capabilities in Table B-2.
Table B-1 Authorization Functional Capabilities
| Functional Type | Functional Capability | Description | Implied Capabilities |
|---|---|---|---|
|
Admin Role |
AdminRole - Create |
Allows a User to create an Admin Role |
Create Admin Role View or Search Admin Roles Assign Capabilities Assign Admin Role Members Set Organization Scope of Control Publish Admin Role to Organization |
|
AdminRole - Modify |
Allows a User to modify an Admin Role |
Modify Admin Role Attributes View or Search Admin Roles Assign Capabilities Assign or Unassign Admin Role Members Set Organization Scope of Control Publish Admin Role to Organization |
|
|
AdminRole - Delete |
Allows a User to delete an Admin Role |
Delete Admin Role View or Search Admin Roles |
|
|
AdminRole - View/Search |
Allows a User to view and search for Admin Roles |
View or Search Admin Roles View Capabilities View Admin Role Members View Organization Scope of Control View Organizations Published To |
|
|
Role |
Role - Create |
Allows a User to create a Role |
Create Role Assign Role Hierarchy Assign Access Policy Assign Role Members Publish Role to Organization |
|
Role - Modify |
Allows a User to modify a Role |
Modify Role Attributes Assign or Unassign Role Hierarchy Assign or Unassign Access Policy Assign or Unassign Role Members Publish Role to Organization |
|
|
Role - Delete |
Allows a User to delete a Role |
Delete Role View or Search Role |
|
|
Role - View / Search |
Allows a User to view and search for Roles |
View or Search Role View Role Hierarchy View Role Members View Role Access Policy View Organizations Published To |
|
|
User |
User - Create |
Allows a User to create another User |
Create User View or Search User |
|
User - Modify |
Allows a User to modify another User Note: After the Bundle Patch Release 11.1.2.3.180111 is applied, Request, Remove, or Modify Roles implied capability is not part of User-Modify capability. Two new functional capabilities, Grant Role Memberships and Revoke Role Memberships are introduced that will allow user to Remove and Revoke Roles for other users. |
Modify User Attributes View or Search User Request, Remove, or Modify Accounts Request, Remove, or Modify Roles Request, Remove, or Modify Entitlements View Direct Reports View Organizations View AdminRoles |
|
|
User - Delete |
Allows a User to delete another User |
Delete User View or Search User |
|
|
User - Enable |
Allows a User to enable another User |
Enable User View or Search User |
|
|
User - Disable |
Allows a User to disable another User |
Disable User View or Search User |
|
|
User - Lock |
Allows a User to lock an Oracle Identity Manager Account |
Lock User View or Search User |
|
|
User - Unlock |
Allows a User to unlock an Oracle Identity Manager Account |
Unlock User View or Search User |
|
|
User - Change Password |
Allows a User to change another User's password |
Change User Password View or Search User |
|
|
User - View/Search |
Allows a User to search for and view Users and their details |
View or Search User View Roles View Accounts View Entitlements View Direct Reports View Member Organizations View Admin Roles |
|
|
User - View Requests |
Allows a User to search for requests |
View User Requests View or Search Users |
|
|
User - View Role |
Allows a User to search for roles |
View User Roles View or Search Roles |
|
|
Relationships |
Provision Accounts |
Allows a User to provision Accounts, including start and end dates, on another User |
Request Account View or Search User View or Search Accounts Modify Accounts |
|
Deprovision Accounts |
Allows a User to deprovision Accounts on another User, including setting end dates |
Remove Account View or Search User View or Search Accounts Modify Accounts |
|
|
Modify Provisioned Accounts |
Allows a User to modify another User's provisioned Account, including start and end dates |
Modify Accounts View or Search User View or Search Accounts |
|
|
Enable Provisioned Accounts |
Allows a User to enable Account of another User |
Enable Account View or Search User View or Search Accounts |
|
|
Disable Provisioned Accounts |
Allows a User to disable Account of another User |
Disable Account View or Search User View or Search Accounts |
|
|
Change Provisioned Account Password |
Allows a User to change Account password for another User |
Change Account Password View or Search User View or Search Accounts |
|
|
View Provisioned Accounts |
Allows a User to see another User's provisioned Accounts |
View or Search User View or Search Accounts |
|
|
Grant Account Entitlements |
Allows a User to grant Entitlements, including start and end dates, for another User |
Request Entitlement View or Search User View or Search Account View or Search Account Entitlement Modify Entitlement |
|
|
Modify Account Entitlements |
Allows a User to modify Account Entitlements for another User |
Modify Entitlement View or Search User View or Search Account View or Search Account Entitlement |
|
|
Revoke Account Entitlements |
Allows a User to revoke Account Entitlements for another User, including setting end dates |
Remove Entitlement View or Search User View or Search Account View or Search Account Entitlement Modify Entitlement |
|
|
View Account Entitlements |
Allows a User to see another User's Entitlements |
View or Search Account Entitlement View or Search User View or Search Account Entitlement |
|
|
Grant Role Memberships |
Allows a User to grant Roles to another user Note: This capability is available after applying Bundle Patch Release 11.1.2.3.180111. |
View or Search Roles Request Roles Modify Roles |
|
|
Revoke Role Memberships |
Allows a User to revoke Roles for another User Note: This capability is available after applying Bundle Patch Release 11.1.2.3.180111. |
View or Search Roles Remove Roles Modify Roles |
|
|
Password Policy |
Password Policy - Create |
Allows a User to create a Password Policy |
Create Password Policy View or Search Password Policy |
|
Password Policy - Modify |
Allows a User to modify a Password Policy |
Modify Password Policy View or Search Password Policy |
|
|
Password Policy - Delete |
Allows a User to delete a Password Policy |
Delete Password Policy View or Search Password Policy |
|
|
Password Policy - View/Search |
Allows a User to view and search for Password Policies |
View or Search Password Policy |
|
|
Organization |
Organization - Create |
Allows a User to create an Organization |
Create Organization View or Search Organization View or Search User View or Search Password Policy Create Sub-Organization |
|
Organization - Modify |
Allows a User to modify an Organization |
Modify Organization Attributes View or Search Organization Disable Organization View Organization Members Set User Membership Rule View Available Roles View Available Accounts View Available Entitlements Provision Accounts Assign or Unassign AdminRoles |
|
|
Organization - Delete |
Allows a User to delete an Organization |
Delete Organization View or Search Organization |
|
|
Organization - View / Search |
Allows a User to view and search for Organizations |
View or Search Organization View Child Organizations View Members View Available Roles View Admin Roles View Provisioned Accounts |
|
|
Organization - View Organization Members |
Allows a User to see the members of an Organization |
View Organization Members View or Search Organizations |
|
|
Organization - View Organization Published Entitlements |
Allows a User to see the Entitlements published to an Organization |
View Available Entitlements View or Search Organizations |
|
|
Organization - View Organization Published Application Instances |
Allows a User to see the applications published to an Organization |
View Available Accounts View or Search Organizations |
|
|
Identity Audit Policy |
Identity Audit Policy - Create |
Allows a User to create an Identity Audit Policy |
Create Identity Audit Policy View or Search Identity Audit Policy Assign or Unassign Identity Audit Rule Create Identity Audit Scan Run View Identity Audit Configuration |
|
Identity Audit Policy - Modify |
Allows a User to modify an Identity Audit Policy |
Modify Identity Audit Policy View or Search Identity Audit Policy Assign or Unassign Identity Audit Rule Create Identity Audit Scan Run View Identity Audit Configuration |
|
|
Identity Audit Policy - Delete |
Allows a User to delete an Identity Audit Policy |
Delete Identity Audit Policy View or Search Identity Audit Policy |
|
|
Identity Audit Policy - Enable |
Allows a User to enable an Identity Audit Policy |
Enable Identity Audit Policy View or Search Identity Audit Policy |
|
|
Identity Audit Policy - Disable |
Allows a User to disable an Identity Audit Policy |
Disable Identity Audit Policy View or Search Identity Audit Policy |
|
|
Identity Audit Policy - Assign Rule |
Allows a User to assign Identity Audit Rules to an Identity Audit Policy |
Assign Identity Audit Rule View or Search Identity Audit Policy |
|
|
Identity Audit Policy - Unassign Rule |
Allows a User to unassign Identity Audit Rules from an Identity Audit Policy |
Unassign Identity Audit Rule View or Search Identity Audit Policy |
|
|
Identity Audit Policy - View / Search |
Allows a User to view an Identity Audit Policy |
View or Search Identity Audit Policy View Identity Audit Rule |
|
|
Identity Audit Rule |
Identity Audit Rule - Create |
Allows a User to create an Identity Audit Rule |
Create Identity Audit Rule View or Search Identity Audit Rule |
|
Identity Audit Rule - Modify |
Allows a User to modify an Identity Audit Rule |
Modify Identity Audit Rule View or Search Identity Audit Rule |
|
|
Identity Audit Rule - Delete |
Allows a User to delete an Identity Audit Rule |
Delete Identity Audit Rule View or Search Identity Audit Rule |
|
|
Identity Audit Rule - Enable |
Allows a User to enable an Identity Audit Rule |
Enable Identity Audit Rule View or Search Identity Audit Rule |
|
|
Identity Audit Rule - Disable |
Allows a User to disable an Identity Audit Rule |
Disable Identity Audit Rule View or Search Identity Audit Rule |
|
|
Identity Audit Rule - View/Search |
Allows a User to view an Identity Audit Rule |
View or Search Identity Audit Rule |
|
|
Identity Audit Configuration |
Identity Audit Configuration - Modify |
Allows a User to modify the Identity Audit Configuration |
Modify Identity Audit Configuration View Identity Audit Configuration |
|
Identity Audit Configuration - View |
Allows a User to view the Identity Audit Configuration |
View Identity Audit Configuration |
|
|
Identity Audit Scan Definition |
Identity Audit Scan Definition - Create |
Allows a User to create an Identity Audit Scan definition |
Create Identity Audit Scan Definition View or Search Identity Audit Scan Definition Create Identity Audit Scan Run |
|
Identity Audit Scan Definition - Modify |
Allows a User to modify an Identity Audit Scan definition |
Modify Identity Audit Scan Definition View or Search Identity Audit Scan Definition Create Identity Audit Scan Run |
|
|
Identity Audit Scan Definition - Delete |
Allows a User to delete an Identity Audit Scan definition |
Delete Identity Audit Scan Definition View or Search Identity Audit Scan Definition |
|
|
Identity Audit Scan Definition - View |
Allows a User to view and search for Identity Audit Scan Definitions |
View or Search Identity Audit Scan Definition View User View Role View Application Instance View Entitlement View Organization View Requests View User Roles View User Accounts View User Entitlements View Identity Audit Policy View Identity Audit Configuration View Identity Audit Scan Run Search Catalog Item |
|
|
Identity Audit Scan Run |
Identity Audit Scan Run - Create |
Allows a User to create an Identity Audit Scan Run |
Create Identity Audit Scan Run View or Search Identity Audit Scan Run |
|
Identity Audit Scan Run - Delete |
Allows a User to delete an Identity Audit Scan Run |
Delete Identity Audit Scan Run View or Search Identity Audit Scan Run |
|
|
Identity Audit Scan Run - View |
Allows a User to view and search for Identity Audit Scan runs |
View or Search Identity Audit Scan Run View Identity Audit Policy Violation View Identity Audit Policy Violation Cause |
|
|
Identity Audit Policy Violation |
Identity Audit Policy Violation - Force Close |
Allows a User to force close an Identity Audit Policy Violation |
Force Identity Audit Policy Violation Close View or Search Identity Audit Policy Violation |
|
Identity Audit Policy Violation - Assign |
Allows a User to assign or reassign an Identity Audit Policy Violation |
Assign Identity Audit Policy Violation View or Search Identity Audit Policy Violation |
|
|
Identity Audit Policy Violation - Complete |
Allows a User to complete an Identity Audit Policy Violation |
Complete Identity Audit Policy Violation View or Search Identity Audit Policy Violation |
|
|
Identity Audit Policy Violation - View |
Allows a User to view and Identity Audit Policy Violation |
View or Search Identity Audit Policy Violation |
|
|
Identity Audit Policy Violation Cause |
Identity Audit Policy Violation Cause - Accept Risk |
Allows a User to accept the risk on an Identity Audit Policy Violation Cause |
Accept Identity Audit Policy Violation Risk View or Search Identity Audit Policy Violation Cause |
|
Identity Audit Policy Violation Cause - View |
Allows a User to view an Identity Audit Policy Violation Cause |
View or Search Identity Audit Policy Violation Cause |
|
|
Identity Audit Policy Violation Cause - Request Remediation |
Allows a User to request remediation on an Identity Audit Policy Violation Cause |
Request Identity Audit Policy Violation Remediation View or Search Identity Audit Policy Violation Cause |
|
|
Identity Audit Policy Violation Cause - Mark as Fixed |
Allows a User to mark an Identity Audit Policy Violation Cause as fixed |
Mark Identity Audit Policy Violation as Fixed View or Search Identity Audit Policy Violation Cause |
|
|
Certification |
Certification - Modify |
Allows a User to modify a Certification |
Modify Certification View Certification |
|
Certification - View |
Allows a User to view a Certification |
View Certification |
|
|
Certification - Modify Configuration |
Allows a User to modify the Certification Configuration |
Modify Certification Configuration |
|
|
Certification - View Configuration |
Allows a User to view the Certification Configuration |
View Certification Configuration |
| Functional Type | Functional Capability | Description | Implied Capabilities |
|---|---|---|---|
|
Self Service |
Self Service - Modify Profile |
Allows a User to modify their own user profile |
Modify Self View or Search Self |
|
Self Service - Modify Proxy |
Allows a User to add, modify, delete or view their own proxies |
Modify Self Proxy View or Search Self Add Self Proxy Delete Self Proxy View Self Proxy |
|
|
Self Service - Request Role Memberships |
Allows a User to request Roles published to their home organization |
Request Self Role Modify Self Role View Self Roles |
|
|
Self Service - Modify Roles Memberships |
Allows a User to modify Roles assigned to them |
Modify Self Role View Self Roles |
|
|
Self Service - Revoke Role Memberships |
Allows a User to delete Roles assigned to them |
Remove Self Role Modify Self Role View Self Roles |
|
|
Self Service - Request Accounts |
Allows a User to request Accounts published to their home organization, including start and end dates |
Request Self Account Modify Self Accounts View Self Accounts |
|
|
Self Service - Modify Accounts |
Allows a User to modify Accounts assigned to them |
Modify Self Accounts View Self Accounts |
|
|
Self Service - Change Account Password |
Allows a User to change password on Accounts assigned to them |
Change Self Account Password View Self Accounts |
|
|
Self Service - Revoke Accounts |
Allows a User to delete Accounts assigned to them now or on a specified end date |
Remove Account Modify Self Account View Self Accounts |
|
|
Self Service - Request Entitlements |
Allows a User to request Entitlements published to their home organization, including start and end dates |
Request Self Entitlement Modify Self Entitlement View Self Entitlements |
|
|
Self Service - Modify Entitlements |
Allows a User to modify Entitlements assigned to them |
Modify Self Entitlement View Self Entitlements |
|
|
Self Service - Revoke Entitlements |
Allows a User to delete Entitlements assigned to them now or at a specified end date |
Remove Self Entitlement Modify Self Entitlement View Self Entitlements |