1. User Guide
  2. Role Manager
  3. About Roles
  4. Configuring Template and Property Roles

Configuring Template and Property Roles

Prerequisites for Configuring Template and Property Roles

Template roles are available as a way to maintain the same privileges (tasks) across multiple properties.

Property roles are then created from template roles. You can remove tasks from a property role based on a template role; however, tasks cannot be assigned to a property role if the template role does not already have those tasks assigned.

When the Property Roles without Template OPERA Control is active you can also configure property roles without the need for a template role.

An administrator can remove tasks from a property role; however, tasks cannot be added to a property role if the template role does not already them. The benefit of a template role is to maintain the same privileges across multiple properties.

Configuring Property Roles based on a Template Role

A property role can be based on a template role and these roles can be applied to one, multiple, or all properties.

When creating a new property role in Oracle Identity Manager (OIM) and a template of the same name exists, you can apply it to the role in OPERA Cloud. Otherwise, you can create a new template and apply it to the role when there is no template existing of the same name.

Creating a Template Role

  1. From the Side Menu, select Role Manager, select Manage Property Roles.

  2. Click New in the Template Roles section.

    Note:

    A template role cannot be created with the same name as a property role.

  3. From the Available Tasks panel, select the tasks to assign to the role. See Assigning Tasks to a Role.

  4. Click Save.

Applying Template to a Property Role

  1. From the Side Menu, select Role Manager, select Manage Property Roles.

  2. Enter or select an Organization (Property) and click Search to view all configured template roles and property roles for the property.

    Note:

    When a property role is created in Oracle Identity Manager (OIM) with the same name as a template role, it appears at the bottom panel with a red triangle and warning link to indicate that the template found and with action link Apply Template to Role.

  3. Click the vertical ellipsis for the property role and then select Apply Template to Role or click the link provided in the warning message.

  4. From the Available Tasks panel, select the tasks to assign to the role. See Assigning Tasks to a Role.

  5. An Inconsistent indicator is displayed when there is an inconsistency with the number of tasks assigned to the property role and the number of tasks assigned to the template role. Click Edit the Role to update the property role and add missing tasks. 

  6. Click Save.

Creating a Template and Applying to a Property Role

  1. From the Side Menu, select Role Manager, select Manage Property Roles.

  2. Enter or select an Organization (Property) and click Search to view all configured template roles and property roles for the property.

    Note:

    When a property role is created in Oracle Identity Manager (OIM) without a template role existing in OPERA Cloud, the role appears in the bottom panel with a red triangle and a "No corresponding template found" warning with Create Template and Apply to Role action link.

  3. Click the vertical ellipsis for the property role and then select Create Template and Apply to Role or click the link provided in the warning message.

  4. From the Available Tasks panel, select the tasks to assign to the role. See Assigning Tasks to a Role.

  5. Click Save.

Editing a Template Role

Note:

When the Activate Template Tasks on all Dependant Roles OPERA Control is active, amending the tasks on a template role will result in the tasks assigned to property roles (based on this template role) being updated accordingly. Deleted tasks on template results in deletion of tasks from property role. Addition of tasks on template results in addition of tasks to property role. When the OPERA Control is inactive, each property role must be manually updated to take advantage of the additional tasks added to the template.

  1. From the Side Menu, select Role Manager, select Manage Property Roles.

  2. Enter search criteria and click Search.

  3. Select the template role then click the vertical ellipsis and select Edit.

  4. From the Available Tasks panel, select the tasks to assign to the role. See Assigning Tasks to a Role.

  5. Click Save.

Configuring Independent Property Roles without Template

When the Property Role without Template OPERA Control is active an independent property role can be created which is not based on a template role.

The same property role can be configured in multiple properties and tasks assigned directly to the property role; each independent property role can therefore have different tasks granted in different properties.

When creating a new property role in Oracle Identity Manager (OIM), the name of the role must not be the same as a template role in OPERA Cloud.

You can then assign tasks to the role without inheriting tasks from any template. 

Assigning Tasks to Property Role without Template

  1. From the Side Menu, select Role Manager, select Manage Property Roles.

  2. Enter or select an Organization (Property) and click Search to view all configured template roles and property roles for the property.

    Note:

    When a Property Role is created in Oracle Identity Manager (OIM) and the role name doesn't match with any of the existing template roles, it appears at the bottom panel with a red triangle and Warning link to indicate that "No corresponding template found" and with action link Assign Tasks to Role Without Template.

  3. Click the vertical ellipsis button for the property role and then select Assign Tasks to Role Without Template or click the link provided in the warning message.

  4. From the Available Tasks panel, select the tasks to assign to the role. See Assigning Tasks to a Role.

  5. Click Save.

Parent topic: About Roles