1 Reply Latest reply: Feb 17, 2013 8:11 AM by user4754967 RSS

    Changing some default admin roles for OIM11gR2  in OES / APM

    user4754967
      Hi,
      Is there anything special that should be done after having changed a policy in OES, beside saving the change by pushing the button "Apply", to make the policy active?
      I did make some policy changes in OES (via the OES console http://server:7001/apm) but it has no effect on OIM. I did try a restart of OIM but same result.
      I try to find out if my change is wrong in OES or if it is just not applied.
      Thanks.
      Did.

      PS: I'm trying to change the User Viewer admin role. I edited the policy "Default User Viewer Policy", and put some attributes in the obligations attribute "OrclOIMDenyAttributesDirect". Currently testing with the attribute "pager"
        • 1. Re: Changing some default admin roles for OIM11gR2  in OES / APM
          user4754967
          I activated traces (as described in the admin guide for OES) and found the answer to my question. Nothing more special needs to be done, except saving the change in APM. It looks however safer to log out / log in in OIM.
          I also found out that making change in the authorization policie is not trivial ... it is not enough to find the policies connected to a role, because a role might inherit others. Therefore you might also have to change many other policies.
          Sum up: if you want to restrict access to some attributes, actions, it's much easier to use the customization features in the UI/ADF.