This content has been marked as final. Show 2 replies
Meni wrote:You can not create new admin roles. But based on your requirement you can modify existing OES Auth policies which are associated with those admin roles..
Using oim 11r2 I noticed we have predefined amin roles per org unit for which we can set authorization policies.
I need additional admin roles to be defined.
To the best of my understanding, those roles are not customizable. Please advise how to approach this kind of requirement..
Additionally, how can I set authorization policies for oim roles that I define myself?, are those accessible from oes?Yes. You can create new Auth polcies in APM console and add OIM Admin roles(as target), and actions according to your requirement.
Thanks for the prompt reply.
The approach suggested provides a solution for a limited scope.
Additionally, this means that if I have a security officer that needs a set of auth. policies attached, from maintenance point of view, there is no such role "security officer" but a scattered set of auth. policies attached to the existing standard admin roles.
having additional role added over time will cause the auth. policies to get much more complicated to maintain over time.
If it possible to add a mapping for the OIM roles (not admin roles) as external roles in APM/OES so I can provide auth. policies based on standard roles membership ?
If I remember correctly, this is possible in R1.