Deepak Dubey on Cloud, Big Data Analytics, Data Science, Machine Learning, DevOps, Full Stack, Java: Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0)

Monday, October 10, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Self-Service Capabilities

Oracle Identity Manager allows you to control what operations a user can perform for the self. For example, if a user belongs to a particular organization, then the user is allowed only to change self profile, and other operations in Oracle Identity Manager are restricted. This can be achieved by setting rules in the Self Service Capability Policy. In Self Service Capability Policy, you can define rules based on user attributes. You can set user attributes as denied attributes for the user who satisfies the rule. The user attributes marked as denied attributes cannot be viewed or edited. The return value of this rule is the capability assigned to the user and the denied attributes that are configured. Self Service Capability Policy is seeded with a default rule.

Default Self Service Capability Rule

The Self Service Capability Policy is seeded with a Default Self Service Capability rule. The default condition always evaluates to true. Therefore, if any other rule defined in the Self Service Capability Policy is not satisfied, the default rule is satisfied and provides the user with all the self service capabilities.

Example of Self Service Capability Rules and Rule Evaluation Order

If user type is Full Time and belongs to Sales department, then user is allowed to request roles and modify their profiles.

Creating a Rule in Self Service Capability Policy

Oracle Identity System Administration -> System Configuration -> Self Service Capabilities

Modifying a Rule in Self Service Capability Policy

Oracle Identity System Administration -> System Configuration -> Self Service Capabilities

Deleting a Rule in Self Service Capability Policy

Oracle Identity System Administration -> System Configuration -> Self Service Capabilities -> Delete