2 Replies Latest reply: Dec 23, 2012 6:44 AM by Meni-Oracle RSS

    more admin roles per organizations

    Meni-Oracle
      Hello experts.

      Using oim 11r2 I noticed we have predefined amin roles per org unit for which we can set authorization policies.
      I need additional admin roles to be defined.
      To the best of my understanding, those roles are not customizable. Please advise how to approach this kind of requirement..

      Additionally, how can I set authorization policies for oim roles that I define myself?, are those accessible from oes?

      Thanks
        • 1. Re: more admin roles per organizations
          Karthik Perath
          Meni wrote:
          Hello experts.

          Using oim 11r2 I noticed we have predefined amin roles per org unit for which we can set authorization policies.
          I need additional admin roles to be defined.
          To the best of my understanding, those roles are not customizable. Please advise how to approach this kind of requirement..
          You can not create new admin roles. But based on your requirement you can modify existing OES Auth policies which are associated with those admin roles..

          >
          Additionally, how can I set authorization policies for oim roles that I define myself?, are those accessible from oes?
          Yes. You can create new Auth polcies in APM console and add OIM Admin roles(as target), and actions according to your requirement.
          Thanks
          • 2. Re: more admin roles per organizations
            Meni-Oracle
            Hi,

            Thanks for the prompt reply.
            The approach suggested provides a solution for a limited scope.
            Additionally, this means that if I have a security officer that needs a set of auth. policies attached, from maintenance point of view, there is no such role "security officer" but a scattered set of auth. policies attached to the existing standard admin roles.
            having additional role added over time will cause the auth. policies to get much more complicated to maintain over time.

            If it possible to add a mapping for the OIM roles (not admin roles) as external roles in APM/OES so I can provide auth. policies based on standard roles membership ?
            If I remember correctly, this is possible in R1.

            Thanks !,
            Meni,