3.5 Identity Lookup Dialog
Use to specify a user, group, or application role as a task owner.
The Identity Service enables the lookup of user properties, roles, and group memberships. User information is obtained from the user directory or repository that is configured with the identity store (Oracle Internet Directory, Oracle Virtual Directory, XML, or a third-party user store). For group assignments, the task must be performed by one of the members in the group. Therefore, the user must first claim the task in order to act on it.
Application roles consist of users or other roles grouped logically for application-level authorizations. These roles are application-specific and are defined in the application Java policy store rather than the identity store. These roles are used by the application directly and are not necessarily known to a Java EE container.
Application roles define policy. Java permission can be granted to application roles. Therefore, application roles define a set of permissions granted to them directly or indirectly through other roles (if a role is granted to a role). The policy can contain grants of application roles to enterprise groups or users.
In the jazn-data.xml file of the file-based policy store, these roles are defined in <app-role> elements under <policy-store> and written to system-jazn-data.xml at the farm level during deployment. You can also define these roles after deployment using Oracle Enterprise Manager Fusion Middleware Control Console, which updates system-jazn-data.xml.
To search for application roles, you must first create a connection to the application server. When searching, you must specify the application name in order to find the name of the role.
Note: Application roles that are already available in the policy store can be browsed.
| Element | Description |
|---|---|
|
Application Server |
Select the type of application server that contains the user, group, or application role or click the Create icon to launch the Create Application Server Connection wizard and create a new application server connection. You must select an application server connection configured with the complete domain name (for example, myhost.us.example.com). If you select a connection configured with only the host name (for example, myhost), the Realm list may not display the available realms. If the existing connection does not include the domain name, perform the following steps:
|
|
Realm |
Select the realm. A realm provides access to a policy store of users and roles (groups) and optionally provides administrative functionality. A policy store provides secure, centralized storage, retrieval, and administration of Java Authentication and Authorization Service (JAAS) policies (the roles and privileges of a user). |
|
Search Pattern |
Enter a search pattern for finding the user. Wild cards are supported. For example, entering j* finds users |
|
User Name or Group Name |
Select the attribute for which to search. You can search for the user name, first name, last name, email address, cell phone number, home phone number, work phone number, manager, and job title. Groups and application roles can be searched for by name. |
|
Lookup icon |
Click to search for the user, group, or application role. |
|
Select |
Click to move a selected user from the Search User section to the Selected User section. |
|
Hierarchy |
Click to view the reporting hierarchy of a selected user. |
|
Reportees |
Click to view the reportees of a selected user. |
|
Members |
Click to view the members of a group. |
|
Detail |
Click to view details about a selected user, group, or role. For example, if you select a user such as jcooper, information similar to the following appears:
|
|
Remove |
Click to remove a selected user, group, or application role from the Selected User list. |
|
Detail |
Click to view details about a selected user, group, or application role. |
Related Topics
Creating Human Tasks in Developing SOA Applications with Oracle SOA Suite