In Oracle Identity Manager, you have access to entities, such as roles, entitlements, accounts, and admin roles. The entities to which you have access are displayed in the My Access section of the Oracle Identity Self Service. Typical tasks you perform in the My Access section are described in the following topics:
Tip:
Before you perform the steps to manage your access to entities, it is recommended that you see Chapter 6, "Requesting Access" for detailed information about requests in Oracle Identity ManagerThe Roles tab in the My Access section displays the roles assigned to you. For information on creating roles, see Creating Roles.
In this tab, you can perform the following:
To request for roles from the My Access page:
Log in to Identity Self Service.
Click Self Service. Self service Home page is displayed.
Click My Access box. The My Access page is displayed.
Click the Roles tab. A list of roles assigned to you are displayed.
Click the Granted tab to view the roles that are granted to you. This includes both direct and indirect roles.
Click the Pending tab to view the roles that are pending for approval.
Note:
In all the tabs in the My Access page, you can refine your search by using Query By Example. For information see, "Using Query By Example".From the Actions menu, select Request. Alternatively, click Request Roles on the toolbar. The Role Access Request page opens. Catalog tab is displayed.
Select a catalog item that you want to request. You can also select multiple items in the table.
If the user wants to see information about a catalog item then, click the i icon next to the Add to Cart button. A new tab with the details about the catalog item is displayed.
Click Add to Cart that is present against the catalog item.
The selected items are added to the request cart.
If you want to remove any requested catalog item from the cart, click the Cart icon. The Cart Details page is displayed. Click Remove button present against the request. If you want to remove all items from the cart then, click Remove All.
Click Checkout or click Next. The Cart Details page is displayed.
Enter Request Information.
Enter Grant Duration details such as Start Date and End Date or specify if grant is effective immediately by selecting the Grant will be effective immediately upon request completion option.
If you do not specify a value in the Start Date field, then the role is assigned immediately as soon as the role is created either directly or after role creation request approval.
If the Start Date is of future then grant will happen on that day, when the Process Pending Role Grants job is run, which is scheduled to run daily. On the End Date the grant on the role is revoked when the Process Pending Role Grants job is run.
Click Submit.
Note:
Roles that are waiting for approval are not listed in the Pending tab for roles in the My Access page. The Pending tab displays the already approved roles whose starting date is for the future. When the starting date arrives, after the Process Pending Role Grant scheduled job runs, these roles are processed and displayed in the Granted tab. Roles that are not yet approved are not displayed in the Pending tab. You can use track request to view the status and details of such roles.To remove roles assigned to you:
Log in to Identity Self Service.
Click Self Service. Self service Home page is displayed.
Click My Access box. The My Access page is displayed.
Click the Roles tab. A list of roles assigned to you is displayed. Select a role that you want to remove.
From the Actions menu, select Remove. Alternatively, click Remove Roles on the toolbar. The Remove Roles catalog page is displayed.
Submit the request to remove roles. The role will be removed after the request is approved.
To modify the grant duration of the role assigned to you or to be assigned to you:
Log in to Identity Self Service.
Click Self Service. Self service Home page is displayed.
Click My Access box. The My Access page is displayed.
Click the Roles tab. A list of roles assigned to you is displayed. Select a role for which you want to modify the grant duration.
The grant duration fields, Start Date and End Date, are displayed in the Roles tab.
From the Actions menu, select Modify Grant Duration. Alternatively, click Modify Grant Duration on the toolbar. The Modify Grant Duration dialog box is displayed.
In the Justification box, enter a justification for modifying the start date, or end date, or both.
Enter values in any one or both of the following fields:
Start Date: The start date when the role will be provisioned. This must be a future date. This field is not available for modification if the role is already assigned.
End Date: The end date when the role will be revoked.
Click OK.
The Start Date and End Date fields in the Roles tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
The Entitlements tab in the My Access page displays the entitlements assigned to you. In this tab, you can perform the following:
To request for entitlements:
In the My Access page, click the Entitlements tab. A list of entitlements assigned to you is displayed.
Note:
The Entitlements tab displays entitlements with the Provisioned status and Future Granted status. The status displayed here is entitlement status and not the account status.
In an upgraded deployment of Oracle Identity Manager 11g Release 2 (11.1.2.3.0), the entitlements provisioned to the users before the upgrade are not displayed in the Entitlements tab. To display the entitlements in the Entitlements tab after the upgrade, login to Oracle Identity System Administration, and run the Entitlement Assignments scheduled job. See "Predefined Scheduled Tasks" in the Oracle Fusion Middleware Administering Oracle Identity Manager for information about the Entitlement Assignments scheduled job.
From the Actions menu, click Request. Alternatively, click the Request Entitlements button on the toolbar or action from the Accounts tab. The Catalog page is displayed.
Note:
You can Request Entitlement after Application Instance is requested, otherwise the request for entitlement will fail.Select a entitlement item that you want to request. You can also select multiple items in the list.
Click Add Selected to Cart or click Add to Cart beside the item to be added.
You can add items one by one by clicking Add to Cart beside each item. The selected items are added to the request cart.
Click Checkout or click Next. The Cart Details page is displayed.
Enter Request Information.
Enter Grant Duration details such as Start Date and End Date or specify if grant is effective immediately by selecting the Grant will be effective immediately upon request completion option.
(Optional) For the requested entitlements, enter any additional information as needed. This additional information can be added using a form associated with the entitlement, provided the entitlement forms have been generated or re-generated by system administrators.
For example, you can enter effective start and end dates for the entitlement. Then, the approver can review and/or modify this additional information and decide whether the entitlements can be provisioned or not.
Note:
The corresponding application instance will also be displayed in the cart if the application instance is not already provisioned to the user.Click Submit. The entitlement will be assigned after the request is approved.
Note:
If you want to save the cart in the request for editing or submitting later, then click Save as Draft.To modify an entitlement assigned to you:
In the Entitlements tab, select the entitlement that you want to modify.
Click Modify Entitlement from the toolbar.
Modify and submit the request to modify entitlement. The entitlement will be modified after the request is approved.
To remove entitlements assigned to you:
In the Entitlements tab, select the entitlement that you want to remove.
From the Actions menu, select Remove. Alternatively, click Remove Entitlements from the toolbar. The Catalog page is displayed.
Submit the request. The entitlement will be removed after the request is approved. Removing an Entitlement can not be done for a future date. To remove a entitlement in future you need to set the end date field in Grant Duration to that date.
Note:
If an account is revoked, its entitlements will be revoked. However, if an account is disabled, then its entitlements will remain granted.If entitlements have end dates and the end dates are reached, then the entitlements that are not yet revoked will be revoked.To modify the grant duration of the entitlement assigned to you or to be assigned to you:
In the Entitlements tab of the My Access page, select an entitlement for which you want to modify the grant duration.
The grant duration fields, Start Date and End Date, are displayed in the Entitlements tab.
From the Actions menu, select Modify Grant Duration. Alternatively, click Modify Grant Duration on the toolbar. The Modify Grant Duration dialog box is displayed.
In the Justification box, enter a justification for modifying the start date, or end date, or both.
Enter values in any one or both of the following fields:
Start Date: The start date when the entitlement will be provisioned. This must be a future date. This field is not available for modification if the entitlement is already assigned.
End Date: The end date when the entitlement will be revoked.
Click OK.
The Start Date and End Date fields in the Roles tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
The Accounts tab in the My Access page displays the accounts assigned to you.
Note:
It is recommended not to update a field that is marked as an entitlement field in the child table. To update a field marked as an entitlement, you will have to revoke and grant an entitlement.In this tab, you can perform the following:
To request for accounts:
In the My Access page, click the Accounts tab. A list of accounts assigned to you is displayed.
From the Actions menu, click Request. Alternatively, click Request Accounts on the toolbar. The Catalog page is displayed.
Select a catalog item that you want to request. You can also select multiple items in the list.
Click Add to Cart that is present against the catalog item or Add Selected to Cart.
The selected items are added to the request cart.
Click Checkout or click Next and provide additional information, however this is not mandatory. Ensure to provide unique values for User Id and Password, else the request will fail.
Click Submit. The account will be assigned after the request is approved.
For more information, see "Requesting Access".
To modify accounts assigned to you:
In the Accounts tab, select an account that you want to modify.
From the Actions menu, select Modify. Alternatively, click Modify Accounts on the toolbar. The Catalog page is displayed.
Edit the attributes of the account. Provide the Effective Date for the modifications to be propagated to the account. If it is left blank the account will be modified when the account is approved.
Submit the request from the Catalog page. The account will be modified after the request is approved.
Note:
Changing the account password as part of the Modify operation in the Account form page will have no effect on the password. The account password can be changed using the Reset Password operation.As a workaround, you can hide the account password fields by customizing the UI.
To remove accounts assigned to you:
In the Accounts tab, select the account that you want to remove.
From the Actions menu, select Remove. Alternatively, click Remove Accounts from the toolbar. The Catalog page is displayed.
Submit the request to remove accounts. The accounts will be removed after the request is approved. Removing an Account can not be done for a future date. To remove a account in future you need to set the end date field in Grant Duration to that date.
To disable an account:
In the Accounts tab, select an account that you want to disable.
From the Actions menu, select Disable. Alternatively, select Disable on the toolbar. The Catalog Page is displayed.
Specify Effective Date. This is the date when the account will be disabled.
Submit the request to disable accounts. The accounts will be disabled after the request is approved.
To enable an account:
In the Accounts tab, select an account that you want to enable.
From the Actions menu, select Enable. Alternatively, select Enable on the toolbar. The Catalog Page is displayed.
Note:
The Enable icon will be active only when a disabled account is selected.Specify Effective Date. This is the date when the account will be enabled.
Submit the request to enable accounts. The accounts will be enabled after the request is approved.
To reset password for an account assigned to you, use one of the following ways:
Go to the Accounts tab of the My Access page. Then, select an account and click Reset Password.
If you are an admin user, go to the Accounts tab of the Users page. Then, select an account and click Reset Password.
To modify the grant duration of the account assigned to you or to be assigned to you:
In the Accounts tab of the My Access page, select an account for which you want to modify the grant duration.
The grant duration fields, Start Date and End Date, are displayed in the Accounts tab.
From the Actions menu, select Modify Grant Duration. Alternatively, click Modify Grant Duration on the toolbar. The Modify Grant Duration dialog box is displayed.
In the Justification box, enter a justification for modifying the start date, or end date, or both.
Enter values in any one or both of the following fields:
Start Date: The start date when the account will be provisioned. This must be a future date. This field is not available for modification if the account is already assigned.
End Date: The end date when the account will be revoked.
Click OK.
The Start Date and End Date fields in the Roles tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
The Admin Roles tab of the My Access page displays the admin roles you have. Admin roles determine the operations you can perform in Oracle Identity Manager.