5 Managing Access for Self
The tasks you perform in the My Access section are described in the following topics:
Tip:
Before you perform the steps to manage your access to entities, it is recommended that you see Requesting Access for detailed information about requests in Oracle Identity Manager
5.1 Managing Roles
Roles are used to define the access rights that an entity may have. Roles determine the links and menus that are available to users when they log in to Identity Self Service.
In the Roles tab, you can perform the following:
5.1.1 Requesting for Roles
When you submit your request for roles, it is submitted for approval. When the request is approved at all approval levels, the role is assigned to you.
To request for roles from the My Access page:
5.1.2 Removing Roles
When you submit your request for removing a role that is assigned to you, it is submitted for approval. The role is removed after the request is approved.
To remove roles assigned to you:
- Log in to Identity Self Service.
- Click Self Service. Self service Home page is displayed.
- Click My Access box. The My Access page is displayed.
- Click the Roles tab. A list of roles assigned to you is displayed. Select a role that you want to remove.
- From the Actions menu, select Remove. Alternatively, click Remove Roles on the toolbar. The Remove Roles catalog page is displayed.
- Submit the request to remove roles. The role will be removed after the request is approved.
5.1.3 Modifying Role Grant Duration
When you submit your request for change of role grant duration, the Roles tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
To modify the grant duration of the role assigned to you or to be assigned to you:
5.2 Managing Entitlements
An entitlement can be a role, responsibility, or group membership assigned to a user. The Entitlements tab in the My Access page allows you to manage the entitlements assigned to you.
In the Entitlements tab, you can perform the following:
5.2.1 Requesting for Entitlements
When you submit your request for entitlements, it is submitted for approval. When the request is approved at all approval levels, the entitlement is assigned to you.
To request for entitlements:
5.2.2 Modifying Entitlements
When you submit your request for modifying an entitlement that is assigned to you, it is submitted for approval. The entitlement is updated after the request is approved.
To modify an entitlement assigned to you:
- In the Entitlements tab, select the entitlement that you want to modify.
- From the Actions menu, click Modify.
- Modify and submit the request to modify entitlement. The entitlement will be modified after the request is approved.
5.2.3 Removing Entitlements
When you submit your request for removing an entitlement that is assigned to you, it is submitted for approval. The entitlement is removed after the request is approved.
To remove entitlements assigned to you:
- In the Entitlements tab, select the entitlement that you want to remove.
- From the Actions menu, select Remove. Alternatively, click Remove from the toolbar. The Catalog page is displayed.
- Submit the request. The entitlement will be removed after the request is approved. Removing an Entitlement can not be done for a future date. To remove a entitlement in future you need to set the end date field in Grant Duration to that date.
Note:
If an account is revoked, its entitlements will be revoked. However, if an account is disabled, then its entitlements will remain granted.If entitlements have end dates and the end dates are reached, then the entitlements that are not yet revoked will be revoked.
5.2.4 Modifying Entitlement Grant Duration
When you submit your request for change of entitlement grant duration, the Entitlements tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
To modify the grant duration of the entitlement assigned to you or to be assigned to you:
5.3 Managing Accounts
An account is granted to a user to give the user the ability to log in to Oracle Identity Manager and access its features. The Accounts tab in the My Access page allows you to manage the accounts assigned to you.
In the Accounts tab, you can perform the following:
Note:
It is recommended not to update a field that is marked as an entitlement field in the child table. To update a field marked as an entitlement, you will have to revoke and grant an entitlement.
5.3.1 Requesting for Accounts
When you submit your request for an account, it is submitted for approval. When the request is approved at all approval levels, the account is assigned to you.
To request for accounts:
5.3.2 Modifying Accounts
When you submit your request for modifying an account that is assigned to you, it is submitted for approval. The account is updated after the request is approved.
To modify accounts assigned to you:
- In the Accounts tab, select an account that you want to modify.
- From the Actions menu, select Modify. The Catalog page is displayed.
- Edit the attributes of the account. Provide the Effective Date for the modifications to be propagated to the account. If it is left blank the account will be modified when the account is approved.
- Submit the request from the Catalog page. The account will be modified after the request is approved.
Note:
Changing the account password as part of the Modify operation in the Account form page will have no effect on the password. The account password can be changed using the Reset Password operation.
As a workaround, you can hide the account password fields by customizing the UI.
5.3.3 Removing Accounts
When you submit your request for removing an account that is assigned to you, it is submitted for approval. The account is removed after the request is approved.
To remove accounts assigned to you:
- In the Accounts tab, select the account that you want to remove.
- From the Actions menu, select Remove. Alternatively, click Remove from the toolbar. The Catalog page is displayed.
- Submit the request to remove accounts. The accounts will be removed after the request is approved. Removing an Account can not be done for a future date. To remove a account in future you need to set the end date field in Grant Duration to that date.
5.3.4 Disabling an Account
When you submit your request to disable an account that is assigned to you, it is submitted for approval. The account is disabled after the request is approved.
To disable an account:
- In the Accounts tab, select an account that you want to disable.
- From the Actions menu, select Disable. The Catalog Page is displayed.
- Specify Effective Date. This is the date when the account will be disabled.
- Submit the request to disable accounts. The accounts will be disabled after the request is approved.
5.3.5 Enabling an Account
When you submit your request to enable an account that was assigned to you but is in disable state, it is submitted for approval. The account is enabled after the request is approved.
To enable an account:
5.3.6 Resetting Password for an Account
To reset password for an account assigned to you, use one of the following ways:
-
Go to the Accounts tab of the My Access page. Then, select an account and click Reset Password.
-
If you are an admin user, go to the Accounts tab of the Users page. Then, select an account and click Reset Password.
5.3.7 Modifying Account Grant Duration
When you submit your request for change of account grant duration, the Accounts tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.
To modify the grant duration of the account assigned to you or to be assigned to you: