Oracle® Identity Management Guide to Delegated Administration
10g Release 2 (10.1.2) B14086-01 |
|
Previous |
Next |
This chapter describes the Oracle Internet Directory Self-Service Console, a ready-to-use application created by using Oracle Delegated Administration Services.
It contains these topics:
The Oracle Internet Directory Self-Service Console enables you to delegate administrative privileges to various administrators and to end users. It is a ready-to-use standalone application created by using Oracle Delegated Administration Services. It provides a single graphical interface for delegated administrators and end users to manage data in the directory.
Figure 2-1 shows how the Self-Service Console interacts with Oracle Delegated Administration Services.
Figure 2-1 Interactions of Oracle Internet Directory Self-Service Console with Oracle Delegated Administration Services
The Oracle Internet Directory Self-Service Console enables both administrators and end users, depending on their privileges, to perform various directory operations.
As an end user, you can manage elements in your personal profile, including password, photo, time zone, and resource access information. Table 2-1 lists the tasks you can perform as an end user, and points you to the corresponding information.
Table 2-1 Tasks of an End User
Task | Where to Find Instructions |
---|---|
Editing your profile | "Editing Your Profile"
|
Changing your own password | "Changing Your Own Password and Password Hint"
|
Resetting your password | "Resetting Your Password If You Forget It"
|
Viewing your organization chart | "Viewing Your Organizational Chart"
|
Changing time zone settings | "Changing Your Time Zone Setting"
|
Configuring resource access information | "Managing Your Own Resource Information"
|
As an administrator, you can perform all of the tasks of an end user, as well as those for which you have the necessary administrative privileges. Table 2-2 lists the administrative tasks, and points you to the corresponding information.
Table 2-2 Tasks of an Administrator
This section explains how to start, log in to, and stop the Self-Service Console.
To use the Self-Service Console, you need to start the Oracle Delegated Administration Services if it is not already running.
To start the Services by using the command line, enter:
ORACLE_HOME/dcm/bin/dcmctl start -co OC4J_SECURITY
To stop the Services by using the command line, enter:
ORACLE_HOME/dcm/bin/dcmctl stop -co OC4J_SECURITY
To start, stop, or restart a component from the Enterprise Manager Web site:
On the Oracle Enterprise Manager Web site, navigate to the Instance Home Page, and scroll to the System Components section.
In the Name column, select OC4J_SECURITY. This opens the home page for the component.
In the System Components section, choose Start, Stop, or Restart.
To log in to the Self-Service Console:
Visit the URL of the Self-Service Console. For example, if the Self-Service Console is installed on host1.acme.com
and the Oracle HTTP Server is running on port 7778, then the URL to the Self-Service Console is http://host1.acme.com:7778/oiddas/
In the upper right corner, select Login. This takes you to the Oracle Application Server Single Sign-On window.
In the Single Sign-On window, in the User Name field, enter your Self-Service Console user name--for example, jdoe
.
In the Password field, enter your Self-Service Console password.
If you are in a hosted environment in which there are multiple hosted companies, then the Company field appears. Otherwise, it does not appear. If the Company field appears, then enter the name of your company.
Choose Login.
The Self-Service Console enables you to search for both user and group entries.
To search for user entries:
In the Oracle Internet Directory Self-Service Console, select the Directory tab, then select Users.
In the Search for User field, enter the first few characters of one of the following:
First name
Last name
Login name
The e-mail identifier
The cn
attribute of the user
For example, if you are searching for Anne Smith, you could enter Ann
or Smi
.
To generate a list of all users in the directory, leave this field blank.
Choose Go to display the search results.
To search for a group entry:
Select the Directory tab, then select Groups. The Search for Groups window appears. This window is described in "Search for Groups".
In the Search Group Name text box, enter the first few characters of the name of the group for which you are searching.
To generate a list of all groups in the directory, leave this field blank.
Choose Go to display the entries that match the criteria you entered.
This section tells you, as an end user, how to manage elements in your personal profile, including password, photo, time zone, and resource access information.
This section contains these topics:
To edit your profile:
Select the My Profile tab page, then choose Edit My Profile. The Edit My Profile window appears.
Make your changes.
Choose OK.
Note: To refresh the My Profile tab page with the latest information in the server, choose Refresh My Profile. Do not use the refresh or reload button on your browser, which simply refreshes with information from the mid-tier cache and not from the server. |
You can use the Self-Service Console to change your own password to OracleAS Single Sign-On and other Oracle components. Changing your password for OracleAS Single Sign-On also changes your password for any applications that use OracleAS Single Sign-On for authentication.
To change your password, select the My Profile tab, then select Change My Password. This displays the Change My Password window. You can use this window to change your password to either OracleAS Single Sign-On or to another Oracle component.
To change your password to Oracle Application Server Single Sign-On:
In the Single Sign-On section, in the Old Password field, enter your current password.
In the New Password field, enter your new password, then confirm it by entering it again in the Confirm New Password field.
In the Password Reset section, in the Password Reset Hint field, enter a question—for example, your mother's maiden name. If you later forget your password, then you will be asked this question. If your answer is correct, then your password will be retrieved for you.
In the Answer to Password Hint field, enter the answer to the hint you just entered in the previous field.
Choose Submit.
Note: When you enter an answer to your password hint in the Answer to Password Hint field, be sure to remember the answer exactly as you entered it, including extra spaces, additional hyphens, or capitalizations. If you have to provide the answer later on, then any deviations from what you are now specifying will cause the password reset to fail. |
To change your password to another Oracle component that is not enabled for Oracle Application Server Single Sign-On:
In the Application Passwords section, select the Oracle component for which you want to specify a new password.
Choose Update Password. This displays the Change Application Password window.
In the New Password field, enter your new password, then confirm it in the Confirm New Password field. Note that the new password you specify must conform to any relevant password policy set by the component administrator.
Choose Submit.
If you forget your password, you can reset it. For security reasons, this requires you to answer the question you specified when you first established your password.
In the Self-Service Console home page, choose Forgot My Password. The Reset My Single Sign-On Password window appears.
In the Confirm Identity section, enter values for the fields. These fields are specific to your environment and are configured by the administrator. You must also enter the name of your company.
Choose Next. The Confirm Additional Personal Information window appears. This window is described in "Confirm Additional Personal Information".
If, in "Changing Your Own Password and Password Hint", you set your password hint, then the Confirm Additional Personal Information window asks you a question based on that hint. Enter the answer to the password hint you specified.
If you did not previously set a password hint, then the Confirm Additional Personal Information window prompts you for other personal data as configured by your administrator. This data is then used to validate your identity.
Choose Next. The Reset SSO Password window appears.
In the New Password field, enter your new password, then confirm it by entering it again in the Confirm New Password field.
Choose Submit.
The Self-Service Console includes an organization chart that displays your organization's hierarchy. The hierarchy is created automatically according to each employee's manager and title.
To locate yourself within the hierarchy of your organization, select the My Profile tab, then select View My Org Chart. To locate another employee within the hierarchy of your organization,perform the following steps:
Search for an employee by following the instructions described in "Searching for Entries by Using the Self-Service Console".
Click the employee's Job Title link to display the Organization Chart window.
The organization chart displays in a table that allows you to expand and collapse the entries beneath each manager. The organizational chart includes the following entries:
All managers above the currently selected employee
All peers of the currently selected employee
All employees who report to the currently selected employee
You can view a employee's profile by clicking his or her name in the organizational chart. You can also navigate the organizational hierarchy by clicking an employee's Job Title link.
To change your time zone setting this:
Select the My Profile tab, then select Change My Time Zone. This takes you to the Time Zone Settings window.
In the Time Zones Settings window, select your new time zone, then choose Submit.
To fulfill the requests of users, some Oracle components gather data from various repositories and services. To gather the data, these components require the following information:
Information specifying the type of resource from which the data is to be gathered. The type of resource could be, for example, an Oracle Database. This is called resource type information.
Information for connecting and authenticating users to the resources. This is called resource access information.
You can use the Self-Service Console to create, modify, and delete resource access information.
Note: The Preferences link mentioned in the following procedures appears only if the administrator has created resource access information for the user. |
You can manage your own resource access information only if the administrator has specified a resource type. If a resource type has been specified, then a Preferences link appears.
To specify resource access information:
Select the My Profile tab, then choose Preferences.
Choose Create. The Create Resource window appears.
In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.
From the Resource Type list, select the type of resource to be accessed. Default options are:
OracleDB: an Oracle9i Database Server
ExpressPDS: Oracle Express Pluggable Data Source
JDBCPDS: Java Database Connectivity Pluggable Data Source
Other resource types may appear in this list as specified by the administrator.
Choose Next. The Resource Access Information window appears.
In the Resource Access Information window, enter the appropriate information.
Choose Submit.
To modify resource access information:
Select the My Profile tab, then choose Preferences.
Select the resource whose information you want to modify, then choose Edit. The Edit Resource window appears.
In the Edit Resource window, enter the appropriate information.
Choose Submit.
To delete resource access information:
Select the My Profile tab, then choose Preferences.
Select the resource whose information you want to delete.
Choose Delete.
See Also: The section on resource information in the Concepts and Architecture chapter of the Oracle Internet Directory Administrator's Guide for a brief description of resource information |
You can use the Self-Service Console to configure a realm, modify those configurations, and create additional realms.
This section contains these topics:
Configuring an Identity Management Realm by Using the Self-Service Console
Viewing Configuration Settings for an Identity Management Realm
Modifying Configuration Settings for an Identity Management Realm
Creating an Additional Identity Management Realm by Using the Self-Service Console
If you have the correct administrative privileges, then you can specify the following for an identity management realm:
The attribute by which you want users to identify themselves when they log in
The root entries of the user search base and of the group search base—that is, the locations in the directory information tree containing entries for users and groups
The root entries for the user creation base and the group creation base—that is, the location in the DIT where users and groups are created. This can be the same as the user search base or a location under the user search base.
The display of realm and product logos
To configure an identity management realm:
Select the Configuration tab.
In the Identity Management Realm window, enter values for the various fields. These fields are described in "Identity Management Realm".
Choose Submit to save your changes.
Note: Although you can enter more than one value in the User Search Base field, doing so can degrade performance. |
To view the configuration settings of an identity management realm:
Select the Configuration tab.
At the top right of the Self-Service Console, choose the Realm Management icon. This displays the Identity Management Realms window. This window is described in "Identity Management Realms".
In the Identity Management Realms window, in the Search Identity Management Realm field, enter all or part of the name of the realm whose entry you want to view, then choose Go. This displays a list of realms that match your search criteria.
From the search results list, select the realm you want to modify, then choose View. This takes you to the Identity Management Realm window where you can view the configuration settings. This window is described in "Identity Management Realm".
You can modify the settings of an identity management realm for which you are the administrator. To do this:
Select the Configuration tab.
In the Identity Management Realm window, enter values for the various fields. These fields are described in "Identity Management Realm".
Modify the fields, then choose Submit.
You can specify one or more parent DNs for entries in a realm. If you specify more than one, then a delegated administrator can choose the one under which to place a new user entry.
There are two ways to specify parent DNs. The first is by specifying values for the user creation base, and the second is by specifying values for the organizational units (ou
) attribute. If you specify a different set of values for each, then those for the ou
attribute prevail.
To specify parent DNs by providing values for the User Creation Base:
Select the Configuration tab, then select Identity Management Realm.
In the User Creation Base field, enter one or more DNs, one line for each DN.
Choose Submit.
Alternatively, you can specify parent DNs by setting the value for the organizational unit (ou
) attribute. If you do this, then a delegated administrator can choose the organization unit under which to place user entries. To specify a parent DN by using this method:
Select the Configuration tab, then select User Entry.
Choose Next. The Configure User Attributes window appears.
Choose Add New Attribute. The Add New Attribute window appears. This window is described in "Add New Attribute".
In the Add New Attributes window, from the Directory Attribute Name list, select the ou
attribute.
From the UI Type list, select Predefined List.
In the LOV Values field, enter the display name of the parent DN, followed by three semicolons (;), followed by the DN itself.
For example:
Sales;;;cn=users,dc=us,dc=my_company,dc=com HR;;;cn=groups,dc=us,dc=my_company,dc=com
Following this example, when a delegated administrator chooses the organizational unit under which to place a user entry, she selects from a list displaying Sales
and HR
.
You can add more parents DNs, one line for each.
If you have administrative privileges, then you create an entry for an identity management realm as follows:
Select the Configuration tab.
At the top right of the Oracle Internet Directory Self Service Console, choose the Realm Management icon. This displays the Identity Management Realms window. This window is described in "Identity Management Realms".
In the Identity Management Realms window, choose Create. The Create Identity Management Realm window appears. This window is described in "Create Identity Management Realm".
In the Create Identity Management Realm window, enter the appropriate values in the fields.
Choose Submit.
You can use the Self-Service Console to establish the ways that users create user entries. You can also use it to create, modify, and delete user entries, change user passwords and assign privileges to users.
This section contains these topics:
Assigning Privileges to Users by Using the Self-Service Console
Changing the Password of a User by Using the Self-Service Console
When a user creates or edits a user entry, the Self-Service Console displays various categories—including, for example, basic information, password, and photo—each with its own set of attributes. You can specify which of these categories the console displays, and how it displays them and their corresponding attributes.
Specifically, the Self-Service Console enables you to:
Select from object classes now in the directory those you want to associate with user entries, and add and modify these object classes
Specify the categories of attributes you want to enable users to add or modify
Customize the way the Self-Service Console displays those categories and attributes
To configure user entries:
Select the Configuration tab, then select User Entry. This displays the Configure User Object Classes window listing the existing object classes associated with user entries. This window is described in "Configure User Object Classes".
To add an object class for user entries:
In the Configure User Object Classes window, choose Add Object Class. This displays the All Object Classes window.
Select from the list an object class you want to add, then choose Add. This returns you to the Configure Object Class window. The object class you just chose is now listed as an object class for user entries.
To add more object classes, repeat these steps, or, to move to the next step, choose Next to display the Configure User Attributes window. This window is described in "Configure User Attributes" .
The Configure User Attributes window lists some—but not all—of the attributes of the object classes you specified in Step 2. There may be other attributes belonging to those object classes as well. You can add as many of those other attributes as you wish by following the instructions in this step. You can modify how the attributes are displayed or delete attributes.
To add attributes to user entries:
In the Configure User Attributes window, choose Add New Attribute. This displays the Add New Attribute window. This window is described in "Add New Attribute".
In the Add New Attribute window, enter values for the fields.
Choose Done. This returns you to the Configure User Attributes window. The attribute you just chose is now listed in the attribute list.
To add more attributes, repeat these steps.
To modify the display of attributes:
In the Configure User Attributes window, in the Directory Attribute Name column, select the attribute you want to modify, then choose Edit. This displays the Editing Attribute window. This window is described in "Editing Attribute".
In the Editing Attribute window, enter values for the fields.
Choose Done. This returns you to the Configure User Attributes window. The attribute configurations you just made are now reflected in the Directory Attribute Name list.
To configure or modify more attributes, repeat these steps.
To delete attributes of user entries, in the Configure User Attributes window, in the Directory Attribute Name list, select the attribute you want to configure, then choose Delete.
To customize the display of categories, in the Configure User Attributes window choose Next to display the Configure Attribute Categories window. This window contains a table listing the existing categories, the name displayed to the user, and the display order of each category.
To add a new category, choose Create. This displays the Create window. In the UI Label field, enter the name of the category as you would like it displayed in the interface.
To modify the display name of a category, in the UI Label column, edit the field for each attribute you want to modify.
To set the display order of categories, choose Order Category. The Order Category window displays the various categories you just specified. This window is described in "Order Category". Use the up and down arrows to move the categories into the desired order.
To set the display order of attributes for each category, select the category, then choose Edit. In the Order Category window, use the arrow buttons to set the display order of the attributes, or to remove an attribute from being displayed.
To delete a category, select the category, then choose Delete.
When you have finished configuring attribute categories, choose Next to display the Configure Search Table Columns window. This window is described in "Configure Search Table Columns".
When a user performs a search, the results are displayed in a table. You can specify the number of columns in that table and their headings. To configure search table columns:
In the Configure Search Table Column window, in the All Attributes box, select one or more attributes that you want to be represented in the search results. These will serve as column headings in the search results table.
Use the left-right arrows to move the attributes to the Selected Attributes box.
In the Selected Attributes box, order the attributes by using the up-down arrows to the right of the box. The first attribute in the list represents the column farthest to the left in the search results table.
When you have finished configuring the search results table, choose Next to display the Configure Roles window.
To enable users to assign roles to users, in the Configure Roles window, in the Enable Roles category, select Enable Role assignment in the user management interface.
You can specify the roles that users can assign to other users.
To add a role that users can assign to other users:
Choose Add Role to display the Search and Select: Roles window.
In the Group Name Begins With field, enter the first few letters of the name of the administrative group you want to add.
From the search results, select the name of the administrative group you want to add, then choose Select. This returns you to the Configure Roles window. The administrative group you just selected appears in the Roles list.
To delete a role, select it from the table and choose Delete.
When you have finished configuring user entries, choose Finish.
To create a user entry:
Select the Directory tab, then select User.
Choose Create to display the Create User window. This window is described in "Create User".
In the Create User window, enter the appropriate information. Fields designated with an asterisk (*) are mandatory.
Note: You cannot use a tilde (~) in a user name. |
If resource access information is not specified, you can create it. To do this:
In the Resource Access Information section, choose Create. The Create Resource window appears.
In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.
From the Resource Type list, select the type of resource to be accessed. Default options are:
OracleDB: an Oracle9i Database Server
ExpressPDS: Oracle Express Pluggable Data Source
JDBCPDS: Java Database Connectivity Pluggable Data Source
Other resource types may appear in this list as specified by the administrator.
Choose Next. The Resource Access Information window appears.
In the Resource Access Information window, specify the username and password and the name of the database that you want the user to access.
Verify that you have entered all information correctly, then choose Submit.
To modify a user entry:
Select the Directory tab, and perform a search for the user whose entry you want to modify.
Select the user whose entry you want to modify, then choose Edit to display the Edit User window. This window is described in "Edit User".
In the Edit User window, enter the appropriate information. Fields designated with an asterisk (*) are mandatory. If resource access information is not specified, you can create it. To do this:
In the Resource Access Information section, choose Create. The Create Resource window appears.
In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.
From the Resource Type list, select the type of resource to be accessed. Default options are:
OracleDB: an Oracle9i Database Server
ExpressPDS: Oracle Express Pluggable Data Source
JDBCPDS: Java Database Connectivity Pluggable Data Source
Other resource types may appear in this list as specified by the administrator.
Choose Next. The Resource Access Information window appears.
In the Resource Access Information window, specify the username and password and the name of the database that you want the user to access.
Verify that you have entered all information correctly, then choose Submit.
Note: If you do not have the privileges to edit a user entry, then the Edit button does not appear, and you cannot perform this operation. |
To delete a user entry:
Select the Directory tab.
In the Delete User window, perform a search for the user whose entry you want to delete.
Select the user whose entry you want to delete, then choose Delete.
You can privilege a user to:
Create, edit, and delete users and groups
Assign privileges to other users and groups
You can also revoke privileges from a user.
To assign privileges to a user:
Select the Directory tab, and perform a search for the entry of the user to whom you want to assign privileges.
From the search results list, select the user to whom you want to assign privileges, then choose Assign Privilege. The Assign Privileges to User window displays a list of privileges. This window is described in "Assign Privileges to User".
Select the privileges you want to assign to this user.
Choose Submit, or, to assign privileges to another user, choose Specify Other User and repeat the process.
You can change the password of a user other than yourself if:
You have the necessary access rights
You have configured user entries so that the userpassword
attribute is available for modification. The steps for specifying a user attribute for modification is described in "Configuring User Entries by Using the Self-Service Console".
To change another user's password:
Select the Directory tab, then select User.
Perform a search for the entry of the user whose password you want to change.
From the results of your search, select the user entry, then choose Edit to display the Edit User window. This window is described in "Edit User".
In the Edit User window, enter and confirm the password you want to assign to the user.
Choose Submit.
Note: If you do not have the privileges to edit a user entry, then the Edit button does not appear, and you cannot perform this operation. |
The Self-Service Console allows users to specify a custom password hint that the user must successfully answer before a password is reset. Additionally, an administrator can specify an unlimited number of questions that a user must successfully answer before a password is reset.
To specify additional password reset validation questions:
Use Oracle Directory Manager to perform the following tasks:
Add custom attributes to the directory schema. You should create a separate attribute for each password reset validation question.
Create a new auxiliary object class and assign to it the custom attributes you created in the last step that represent each password reset validation question.
See Also: Oracle Internet Directory Administrator's Guide for information on how to administer Oracle Internet Directory object classes and attributes |
Restart the Self-Service Console by following the procedures described in "Starting and Stopping Oracle Delegated Administration Services". To make the new object class and attributes you created in Step 1 available in the Self-Service Console, restart the Console.
Add the new object class and attributes by following the procedures described in "Configuring User Entries by Using the Self-Service Console". In the Delete User window and Configure User Attributes window, be sure to select the Viewable and Password Reset Validation check boxes for each attribute that represents a password reset validation question. You can also select the Self Editable check box if you want to give users the ability to edit an attribute.
You can use the Self-Service Console to create, modify, and delete group entries and to assign privileges to groups.
This section contains these topics:
To create a group entry:
Select the Directory tab, then select Group.
Choose Create. This displays the Create Group window.
In the Create Group window, enter the values for the various fields. These fields are described in "Create Group".
Choose Submit.
To modify a group entry:
Select the Directory tab, select Group, then perform a search for the group entry you want to modify.
From the search results, select the group entry you want to modify.
Choose View Manage. This displays the Manage Group window. This window is described in "Manage Group".
Choose Edit. The Edit Group window appears.
In the Edit Group window, modify the fields as described in "Creating Group Entries by Using the Self-Service Console".
Choose Submit.
To delete group entries:
Select the Directory tab, and perform a search for the group whose entry you want to delete.
From the search results, select the group whose entry you want to delete.
Choose View/Manage. This displays the Manage Group window. This window is described in "Manage Group".
In the Manage Group window, choose Delete. The Confirmation of Deletion window appears.
In the Confirmation window, choose either Yes or No.
You can privilege a group to do one or more of the following:
Create, edit, and delete new users and groups
Assign privileges to users and to other groups
You can also revoke privileges from a group.
To assign privileges to a group:
Select the Directory tab, then select Groups.
Search for the entry of the group to which you want to assign privileges.
From the search results, select the group to which you want to assign privileges.
Choose Assign Privilege. The Assign Privileges to Groups window displays a list of privileges.
In the Assign Privileges to Group window, select the privileges you want to assign to this group. This window is described in "Assign Privileges to Group".
Choose Submit, or, to assign privileges to another user, choose Specify Other Group and repeat the process.
You can use the Self-Service Console to modify service properties and modify subscription information for service recipients.
This section contains these topics:
A service can be a single application or a bundle of applications that performs a coherent set of tasks. It is supplied by a service provider to either individuals or groups, called service recipients.
To access a service, a service recipient must be subscribed to it. In the subscription process, an administrator for either a subscriber or a service provider creates a subscription list. This list specifies which service recipient users can use the service and for how long.
Service recipients can be service providers in their own right, supplying services to other service recipients.
The administrative tasks you can perform with the Self-Service Console depend on whether you are an administrator for a subscriber or for a service provider. If you are an administrator for a subscriber, then you can:
Modify the entry for your subscriber
Create, modify, and delete subscription information for a service. For example, you can specify how long a user can use a service, then change or delete that information.
Manage the subscription list
If you are the administrator for a service provider, then, in addition to performing all of the tasks of an subscriber administrator, you can:
Create entries for subscribers
Provision applications and services in the application service provider environment
You can change the display name and the network address for a service. To do this:
Select the Directory tab, then select Services. The Services window displays a list of available services. This window is described in "Services".
In the Services window, select the service whose properties you want to modify.
Choose Edit Service. The Edit Service window appears.
In the Edit Service window, enter values for the fields you want to modify.
Choose Submit.
You can add or remove a user from a subscription list. You can also change a recipient's start or end date.
To modify subscription information:
Select the Directory tab, then select Service. The Services window displays a list of available services. This window is described in "Services".
In the Services window, select the service whose properties you want to modify.
Choose Edit Subscription. The Edit Subscription window appears.
Select the service recipient whose subscription information you want to modify.
Choose Edit. The Edit Service Recipient window appears.
In the Edit Service Recipient window, enter your modifications:
In the Service Recipient field, give this recipient a name.
In the Start Date field, specify the date on which the recipient can begin using the service, and, in the End Date field, the date on which that usage ends.
To add users to the subscription list:
Choose Add User. This displays the Search and Select window.
In the Search and Select window, perform a search for the user you want to add to the list.
From the search results, select the user you want to add, then choose Select. This returns you to the Add New Service recipient window. The user you just added now appears in the list.
To remove a user from the subscription list, select the user, then choose Remove.
When you have made your changes in the Edit Service Recipient window, choose Submit. This returns you to the Edit Subscription window.
Choose Submit.
Note: The format of the date ismm/dd/yyyy . This format cannot be customized.
|
You can unlock, enable, or disable user accounts.
This section contains these topics:
If a user's account has been locked for any reason—for example, they failed to change their password within the specified time limit—then you can unlock it without resetting the user password. This saves you from having to explicitly tell the user the new password. Instead, the user can simply log in by using the old password.
To unlock a user's account:
Select the Directory tab, then select Account. The Accounts window displays a list of locked accounts.
Select the account that you want to unlock.
Choose Unlock.
If a user's account has been temporarily suspended—that is, disabled—then you can enable it. To do this:
Select the Directory tab, then select Account.
Select Enable Accounts. This displays a list of disabled accounts.
Select the account that you want to enable.
Choose Enable.
You can use the Self-Service Console to specify a new resource type and to configure default resource access information.
This section contains these topics:
To specify a new resource type:
Choose the Configuration tab, then choose Preference.
In the Configure Resource Type Information section, choose Create. The Create Resource Type window appears.
In the Create Resource Type window, enter values in the appropriate fields. This window is described in "Create Resource Type".
When you have entered all of the appropriate information in the Create Resource Type window, choose Submit. This returns you to the Preferences window. The resource type you just specified now appears under the Resource Type Name column.
See Also: The section on resource information in the Concepts and Architecture chapter of the Oracle Internet Directory Administrator's Guide for a brief description of resource information |
If you have a large number of users, then, instead of specifying resource access information for each user entry, you can define commonly used resources that all users automatically inherit. To do this:
Select the Configuration tab, then choose Preferences.
In the Default Resource Access Information section, choose Create. The Create Resource window appears.
In the Resource Name field, specify the name of the resource or service to be accessed by the component on your behalf.
From the Resource Type list, select the type of resource to be accessed. Default options are:
OracleDB: an Oracle9i Database Server
ExpressPDS: Oracle Express Pluggable Data Source
JDBCPDS: Java Database Connectivity Pluggable Data Source
Other resource types may appear in this list as specified by the administrator.
Choose Next. The Resource Access Information window appears. Enter the appropriate information into the fields.
Verify that you have entered all information correctly, then choose Submit. This returns you to the Preferences window. The default resource access information you just created now appears in the Resource Name column.
See Also: The section on resource information in the Concepts and Architecture chapter of the Oracle Internet Directory Administrator's Guide for a brief description of resource information |