Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

clarification of Help Desk admin role in OIM

user8744020Jan 7 2016 — edited Jan 13 2016

Hi,

I have granted few users with Help Desk Admin role.I got the below permission list from oracle document.

pastedImage_7.png

When the user tried to modify user attribute ( first name/last name etc...), it went for approval. But, in the above Help Desk role permission list there is no mention of Modify User permission.

How come the user was able to modify the first name attribute ? Is that the regular behavior ? I see User Viewer admin role has Modify User (attribute-level security) permission.

Does Help Desk Role inherit permissions from other admin roles (User Viewer/ other role) ?

What is meant by Request or Direct Operation ?

What is meant by Organization Scoped Permissions ?

Please clarify ?

Thanks
This post has been answered by Abhishek Singh 'J_IDM' on Jan 13 2016
Jump to Answer

Comments

Bayanna Kuruba

Hi,

Can you try once like below ,

select * from hr.emp

in the above hr is the schema name and emp table Name. I guess it will useful for you.

Regards,

Bayanna K.

ShayG

Hi,

I will clarify.

I have two schemas lets say one is HR and the second one is  DICTIONARIES.

There's a table in the HR schema called employees, this table has field JOB_TITLE_ID.

There's another table in the DICTIONARIES schema which called JOB_TITLES_DICTIONARY.

So my VO would be based on the EMPLOYEES table in the db it would be HR.EMPLOYEES.

JobtitleId attribute in that VO needs to get it's value from JOB_TITLES_DICTIONARY table from the DICTIONARIES schema.

I have two separate AM each of which points to one of the schemas HrApplicationModule and DictionariesApplicationModule which defined as shared module with session cache level.

On the page there's a table with rows from the HR schema when editing the JobTitle field the supposed to be a List Of Values opened from JobTitlesDictionary  VO in the DictionariesApplicationModule.

Each of the AM's point to a separate data source on the weblogic server.

When I'm running the page I get table or view doesn't exists.

I i define a synonym in the HR schema on JOB_TITLES_DICTIONARY table from DICTIONARIES  schema it will work, meaning the application doesn't accessing the table through the correct data source.

Ajay Taneja

I am sorry, but it make me more sense to replicate the table in same schema.

Any benefit you find to create a new connection to call a lov, let say you run this page so in one time you are creating two connection and would increase by number of users.

ShayG

I our organisation we have multiple systems that refer same dictionaries it's crucial that all systems have updated dictionaries all time.

So there's a centralized schema for all dictionaries and there's people devoted to managing those dictionaries.

So this is a given situation.

1 - 4
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Feb 10 2016
Added on Jan 7 2016
#identity-management, #identity-manager
16 comments
3,509 views