This content has been marked as final. Show 6 replies
Karthik, there are multiple HelpDesk Administrators and each helpdesk desk admin should only manage users within his department.
Each Department has a help desk administrator
User can be a part of multiple departments at the same time.
For Ex: User A can be in Dept1 and User A can be in Dept B as well.
Now the HelpDesk Admin of Dept1 and Dept2 should be able to manage User A. How will you achieve it in OIM R2?
In OIM model, Organizations are containers of users. Delegated Administrators can be assigned as administrators of Organizations, therefore of all the users in it.
For example, if you want a single Delegated Administrator to manage users UserA, UserB and UserC as shown below, you must then assign him as Delegated Administrator of Org1 and Org2
You mentioned that a user can be at a time in multiple "departments".
If by "departments" you meant Organizations then this cannot be achieved in OIM because a user can be in only one Org at a time (as you already stated).
Hope it helps.
I know the OIM Authorization is around the Organization, and a user can present in only one org in OIM.
I wanted to know, can we force the authorization based on Department/Institutions rather than Org. I am thinking in reagards of OES Authorization policies.
OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management slightly difficult.
I am looking to determine the best approach to accommodate this requirement. Due to the high number of users that reside within multiple institutions, leveraging organizations will not work. Asa far i know OES APM should be able to accommodate this, but could not find any solid guidance in the Oracle training or Oracle by Example documentation.
I'm also very interested in this scenario, as it is a requirement that often comes up. It surprises me that OIM still can't do it. (I work with OIM since version 9).
If you manage to get an example of how to construct such authorization policy with OES, please, share it here.