View Access Details and Manage Account

As an Oracle Access Governance user, you can view your own accesses from the My Stuff, and then My Access page. You can view comprehensive details on granted roles, permissions, accounts, ownership, organizations, identity collections, identity attributes, cloud resources, and policies. You can also change your account password if the account is provisioned within Oracle Access Governance.

Identities

While exploring your access profile details, you can view your associated roles, permissions, accounts, ownership, organizations, identity collections, identity attributes, cloud resources, and policies.

For Identities, you can see the following information:

Table - Identity Access Profile Information

Access Component Description
Identity Collections Count and details of the identity collection associated with the identity. This can either be Oracle Access Governance identity collection or an ingested identity collection, such as OCI groups.
Permissions Count and access rights detail associated with this identity. It gives clarity of how this access was granted, for which resource this permission has been granted, and whether it is a role, permission, or a privilege assigned to the identity.
Organizations Count and details of Oracle Access Governance organizations associated with the selected identity.
Accounts Get count and account details associated with this identity. It gives you details like account name, the orchestrated system name associated with the account, resource name, how the access has been granted, password change status.

When viewing your own accesses using the My Access menu option, if the account is managed by Oracle Access Governance then you can reset your password. To do so, select Reset password. See Reset Password.

Roles Count and details of roles assigned to this identity using the Oracle Access Governance Access Control framework. If you want to see the ingested roles available from Managed Systems, then see the Permissions tab.
Policies Count and details of policies used for granting access to the selected identity. You can further browse a policy to view policy statement details by selecting the View details link. The policies assigned can either be Oracle Access Governance policies or cloud policies ingested from OCI.
Violations Count and details of violations triggered by access guardrails. This includes all or open violations related to access requests either made by you or assigned to you. Select the View details link to view insights into specific security risk associated with each violation. High-risk violations are flagged as Blocked while low-risk violations are temporarily snoozed for a limited number of days to allow for further review.
Cloud Resources Count and cloud resource details that specify resource name, its type, the associated privilege granted to the identity along with the policy name that granted this privilege.
Ownership Count and details of access controls components owned by this identity, such as identity collections, roles, policies,
Identity Attributes Core and custom Identity attributes along with its value. The attributes are logically sectioned under meaningful headings for relevancy.

Reset Password for Managed System Accounts

You can request password reset for an account. You can use the system generated password or create one manually, based on the configuration set by the administrator.

If enabled by the administrator, you can enter your own password, as long as it complies with the configured password policy settings. Additionally, specify the number of days you need the password, with the maximum allowed duration enforced by password policy.

To set password policy, see Configure Password Policy.

  1. In the Oracle Access Governance Console, select the Menu icon Navigation menu, and then go to My StuffMy Access.
  2. On the My Access, and then Accounts tab.
  3. For an account, click the Actions Actions icon and then select Reset password.
  4. Select the Reset password button. The Reset password pop-up window is displayed.
  5. Select one of the following:
    • Select Choose your own password to enter your desired password manually. This option is available only if configured by the administrator.
    • Copy the auto generated password if you wish to use the system generated password.
  6. Enter the number of days you need the password to be valid.
  7. Select Submit. The activity log displays
You'll not be able to re-request the password if the previous request is still in-progress. Check the activity logs for the orchestrated system to view the Update Account activity for password reset.

Manage Extension for Expiring Access

You can request an extension for access that is about to expire. If your request is approved, your access will be extended for the specified period. If the extension is not granted, your access will be removed upon expiry.

You must request extension before it expires. Use the Status:Soon Expiring to filter the accesses that is about to expire in the My Access → Permissions page. You can request an extension multiple times before your access expires.

If you are unable to request an extension, it is likely because an approval workflow has not been attached to the access bundle. Check your access bundle configuration.

  1. In the Oracle Access Governance Console, select the Menu icon Navigation menu, and then go to My StuffMy Access.
  2. On the My Access, and then Permissions tab.
  3. (Conditional) Select the Status:Soon Expiring suggested filter to view the accesses that are about to expire.
  4. For an access, click the Actions Actions icon and then select Manage extension.
    On the Manage extension page, you'll see the access expiry end date and time.
  5. Select the Request extension button. The Request extension pop-up window is displayed.
  6. Select the date or time until which you want to request an extension. You can request an extension only up to the maximum period allowed by the access bundle configuration.
  7. Enter justification and click Submit.
If approved, the access is granted for the requested period. You can view the Extension requested in the Access request trail and the approval workflow.