Student Guide - Oracle Identity Manager 11g Essentials Volume II

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (20.4 MB, 580 trang )

Oracle Identity Manager 11g:
Essentials
Volume II • Student Guide

D65160GC10
Edition 1.0
November 2010
D6980

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective
owners.

Authors

Robert LaVallie, Terri Cantor
Technical Contributors and Reviewers
Eswar Vandanapu, Raj Kuchi, Rajesh Bhabu, Sri Subramanian, Gopal Kumarappan, Mario Lim,
Ajay Keni, Brad Donison, Ashok Maram, Bitan Biswas, Amol Dharmadhikari, Abhishek Sharma,
Semyon Shulman, Viresh Garg, Sid Choudhury, Javed Beg, Jatan Rajvanshi, Sidhartha Das,
Ashutosh Pitre, Shyam Narayan Singh, Sanjay Rallapalli, Srinivas Marni, Debapriya Datta,
Alexandre Babeanu, Don Biasotti, Gururaj B.S.
This book was published using:

Oracle Tutor

Table of Contents
Introduction ......................................................................................................................................................1-1
Introduction ....................................................................................................................................................1-2
Road Map ......................................................................................................................................................1-3
Course Objectives ..........................................................................................................................................1-4
Road Map ......................................................................................................................................................1-7
Course Units ..................................................................................................................................................1-8
Unit 1: Product Overview ...............................................................................................................................1-9
Unit 2: Managing Users, User Entities, and Resources ................................................................................1-11
Unit 3: Handling Reconciliation Workflows .....................................................................................................1-13
Unit 4: Managing Policies, Reports, and Tools ..............................................................................................1-14
Unit 5: Deploying Configurations ....................................................................................................................1-16
Road Map ......................................................................................................................................................1-17
Lesson Summary ...........................................................................................................................................1-18
Road Map ......................................................................................................................................................1-19
What's Next? ..................................................................................................................................................1-20
Identity Management and Identity Administration: Overview ......................................................................2-1
Identity Management and Identity Administration: Overview..........................................................................2-2

Road Map ......................................................................................................................................................2-3
Lesson Objectives ..........................................................................................................................................2-4
Road Map ......................................................................................................................................................2-6
Identity Management: Overview .....................................................................................................................2-7
Identity Management: Importance ..................................................................................................................2-9
Identity Management: Benefits .......................................................................................................................2-11
Quiz................................................................................................................................................................2-13
Identity Management: Values .........................................................................................................................2-17
How Can Identity Management Help?............................................................................................................2-19
Quiz................................................................................................................................................................2-23
Identity Management: Terminology ................................................................................................................2-25
Identity Management: Functions ....................................................................................................................2-27
Identity Administration ....................................................................................................................................2-29
Access Management......................................................................................................................................2-31
Directory Services ..........................................................................................................................................2-33
Audit and Compliance ....................................................................................................................................2-35
Suite Management .........................................................................................................................................2-37
Quiz................................................................................................................................................................2-39
Road Map ......................................................................................................................................................2-43
Identity Administration: Infrastructure .............................................................................................................2-44
Identity Administration: Benefits .....................................................................................................................2-45
Road Map ......................................................................................................................................................2-46
Lesson Summary ...........................................................................................................................................2-47
Road Map ......................................................................................................................................................2-48
Lesson Demos ...............................................................................................................................................2-49
Road Map ......................................................................................................................................................2-50
What's Next? ..................................................................................................................................................2-51
Launching Oracle Identity Manager ...............................................................................................................3-1
Launching Oracle Identity Manager ...............................................................................................................3-2
Road Map ......................................................................................................................................................3-3

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
i

Lesson Objectives ..........................................................................................................................................3-4
Road Map ......................................................................................................................................................3-6
Oracle WebLogic Server Overview ................................................................................................................3-7
Oracle WebLogic Server Overview: Domains ................................................................................................3-8
Comparing Administration Servers and Managed Servers ............................................................................3-10
Oracle Identity Manager Server Overview .....................................................................................................3-12
SOA Server Overview ....................................................................................................................................3-13
Starting Administration and Managed Servers ...............................................................................................3-15
Starting the Administration Server..................................................................................................................3-16
Starting the Managed Servers........................................................................................................................3-17
Monitoring the Status of the Managed Servers ..............................................................................................3-18
Quiz................................................................................................................................................................3-19
Road Map ......................................................................................................................................................3-22
Oracle Identity Manager Interfaces ................................................................................................................3-23
Oracle Identity Manager Administrative and User Console Overview ............................................................3-24
Oracle Identity Manager Unauthenticated Self Service Console Overview ....................................................3-26
Oracle Identity Manager Unauthenticated Self Service Console: Reset Password ........................................3-27
Oracle Identity Manager Unauthenticated Self Service Console: Self-Registration .......................................3-30
Oracle Identity Manager Unauthenticated Self Service Console: Track Registration .....................................3-33
Web Console Overview..................................................................................................................................3-35
Self-Service Functionalities ............................................................................................................................3-36
Oracle Identity Manager Self Service Console ...............................................................................................3-38
Oracle Identity Manager Administration Console ...........................................................................................3-40
Oracle Identity Manager Advanced Administration Console ..........................................................................3-42

Starting the Oracle Identity Manager Web Consoles .....................................................................................3-45
Oracle Identity Manager Design Console Overview .......................................................................................3-46
Design Console: User Management ..............................................................................................................3-47
Design Console: Resource Management.......................................................................................................3-48
Design Console: Process Management .........................................................................................................3-49
Design Console: Administration .....................................................................................................................3-50
Design Console: Development Tools .............................................................................................................3-52
Starting the Oracle Identity Manager Design Console ...................................................................................3-54
Quiz................................................................................................................................................................3-55
Road Map ......................................................................................................................................................3-58
Oracle SOA Consoles Overview ....................................................................................................................3-59
Oracle SOA Platform......................................................................................................................................3-60
Oracle BPM Worklist Console ........................................................................................................................3-61
Launching the Oracle SOA Consoles.............................................................................................................3-62
Road Map ......................................................................................................................................................3-63
Lesson Summary ...........................................................................................................................................3-64
Road Map ......................................................................................................................................................3-65
Practice 3 Overview: Launching Oracle Identity Manager .............................................................................3-66
Road Map ......................................................................................................................................................3-67
What's Next? ..................................................................................................................................................3-68
Understanding Oracle Identity Manager ........................................................................................................4-1
Understanding Oracle Identity Manager.........................................................................................................4-2
Road Map ......................................................................................................................................................4-3
Lesson Objectives ..........................................................................................................................................4-4
Road Map ......................................................................................................................................................4-6
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
ii

Oracle Identity Management Products ...........................................................................................................4-7
Road Map ......................................................................................................................................................4-10
Oracle Identity Manager: Overview ................................................................................................................4-11
Oracle Identity Manager: Features .................................................................................................................4-14
Oracle Identity Manager Features: Self-Service and Delegated Administration ............................................4-16
Oracle Identity Manager Features: Workflow and Policy Management .........................................................4-17
Oracle Identity Manager Features: Password Management ........................................................................4-19
Oracle Identity Manager Features: Audit and Compliance Management .....................................................4-21
Oracle Identity Manager Features: Integration Solutions .............................................................................4-23
Oracle Identity Manager: Functional Layers ...................................................................................................4-25
Oracle Identity Manager: Solving Business Challenges .................................................................................4-27
Quiz................................................................................................................................................................4-29
Road Map ......................................................................................................................................................4-32
Oracle Identity Manager Architecture .............................................................................................................4-33
Quiz................................................................................................................................................................4-35
Road Map ......................................................................................................................................................4-39
Use Case #1: Initial Onboarding ....................................................................................................................4-40
Use Case #2: Request-Based Scenario.........................................................................................................4-41
Road Map ......................................................................................................................................................4-42
Reconciliation and Provisioning: Overview ....................................................................................................4-43
Quiz................................................................................................................................................................4-45
Road Map ......................................................................................................................................................4-47
Oracle Identity Manager Connector: Overview .............................................................................................4-48
Quiz................................................................................................................................................................4-49
Road Map ......................................................................................................................................................4-50
Lesson Summary ...........................................................................................................................................4-51
Road Map ......................................................................................................................................................4-53
What's Next? ..................................................................................................................................................4-54
Understanding Organizations, Roles, and Users ..........................................................................................5-1

Understanding Organizations, Roles, and Users ...........................................................................................5-2
Road Map ......................................................................................................................................................5-3
Lesson Objectives ..........................................................................................................................................5-4
Road Map ......................................................................................................................................................5-5
Oracle Identity Manager User ........................................................................................................................5-6
User Entity Life Cycle .....................................................................................................................................5-7
Oracle Identity Manager User Types ..............................................................................................................5-9
Oracle Identity Manager Functional Users .....................................................................................................5-11
Quiz................................................................................................................................................................5-13
Road Map ......................................................................................................................................................5-16
Oracle Identity Manager Organizations ..........................................................................................................5-17
Oracle Identity Manager Roles .......................................................................................................................5-18
Role Hierarchy ...............................................................................................................................................5-19
Role Category ................................................................................................................................................5-20
Oracle Identity Manager Entity Relationships ................................................................................................5-21
Quiz................................................................................................................................................................5-22
Road Map ......................................................................................................................................................5-25
Overview of the Bulk Load Utility....................................................................................................................5-26
Loading Data with the Bulk Load Utility ..........................................................................................................5-27
Bulk Load Utility Scripts, Data Files, and Database Tables ...........................................................................5-29
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
iii

Bulk-Load Input Source..................................................................................................................................5-31
Bulk-Load Database Columns........................................................................................................................5-32
Configuring the Bulk Load Utility ....................................................................................................................5-36
Quiz................................................................................................................................................................5-37

Road Map ......................................................................................................................................................5-38
Creating Oracle Identity Manager Entities ......................................................................................................5-39
Creating an Organization ...............................................................................................................................5-40
Creating a User ..............................................................................................................................................5-42
Creating a Role Category...............................................................................................................................5-45
Creating a Role ..............................................................................................................................................5-47
Assigning a User to a Role .............................................................................................................................5-49
Revoking a Role from a User .........................................................................................................................5-52
Bulk Modification of Users ..............................................................................................................................5-54
Modifying an Organization .............................................................................................................................5-55
Deleting an Organization................................................................................................................................5-56
Disabling and Deleting a User ........................................................................................................................5-57
Deleting a Role...............................................................................................................................................5-59
Loading User and Role-Related Data with the Bulk Load Utility ....................................................................5-61
Quiz................................................................................................................................................................5-68
Road Map ......................................................................................................................................................5-70
Lesson Summary ...........................................................................................................................................5-71
Road Map ......................................................................................................................................................5-72
Practice 5 Overview: Understanding Organizations, Roles, and Users.........................................................5-73
Road Map ......................................................................................................................................................5-74
What's Next? ..................................................................................................................................................5-75
Using Predefined Connectors .........................................................................................................................6-1
Using Predefined Connectors (Initial Onboarding) ........................................................................................6-2
Road Map ......................................................................................................................................................6-3
Lesson Objectives ..........................................................................................................................................6-4
Road Map ......................................................................................................................................................6-6
Oracle Identity Manager Connectors: Overview ............................................................................................6-7
Quiz................................................................................................................................................................6-8
Road Map ......................................................................................................................................................6-9
Types of Oracle Identity Manager Connectors ...............................................................................................6-10

Quiz................................................................................................................................................................6-13
Road Map ......................................................................................................................................................6-14
Transferring Oracle Identity Manager Connectors: Ways ..............................................................................6-15
Transferring Oracle Identity Manager Connectors: Advantages ....................................................................6-17
Transferring Oracle Identity Manager Connectors: Best Practices.................................................................6-18
Transferring Oracle Identity Manager Connectors: Tools...............................................................................6-23
Quiz................................................................................................................................................................6-25
Road Map ......................................................................................................................................................6-28
Using Oracle Identity Manager Connectors: Setup ........................................................................................6-29
Using Oracle Identity Manager Connectors: Run Time .................................................................................6-33
Step 1: Verifying Installation and Deployment Requirements .......................................................................6-34
Step 2: Configuring the External Resource ....................................................................................................6-35
Step 3: Copying Connector and External Code Files ....................................................................................6-36
Copying Connector Files: Sun Java System Directory Server ......................................................................6-38
Step 4: Configuring Oracle Identity Manager Server .....................................................................................6-44
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
iv

Configuring Oracle Identity Manager Server: Clearing the Server Cache ......................................................6-45
Configuring Oracle Identity Manager Server: Enabling Logging ....................................................................6-47
Step 5: Importing an Oracle Identity Manager Connector .............................................................................6-50
Step 6: Defining an IT Resource ....................................................................................................................6-52
Step 7: Configuring Reconciliation Workflows ................................................................................................6-55
Step 8: Configuring Provisioning Workflows ..................................................................................................6-60
Step 9: Assigning the Connector to a User ....................................................................................................6-62
Step 10: Completing the Custom Process Form ............................................................................................6-64
Step 11: Accessing the Resource ..................................................................................................................6-66

Quiz................................................................................................................................................................6-67
Road Map ......................................................................................................................................................6-72
Lesson Summary ...........................................................................................................................................6-73
Road Map ......................................................................................................................................................6-74
Practice 6 Overview: Using Predefined Connectors (Initial Onboarding) ......................................................6-75
Road Map ......................................................................................................................................................6-76
What's Next? ..................................................................................................................................................6-77
Understanding Manual and Automated Provisioning ...................................................................................7-1
Understanding Manual and Automated Provisioning .....................................................................................7-2
Road Map ......................................................................................................................................................7-3
Lesson Objectives ..........................................................................................................................................7-5
Road Map ......................................................................................................................................................7-7
Resources ......................................................................................................................................................7-8
Oracle Identity Manager Connectors..............................................................................................................7-9
Differences Between Assigning Resources and Provisioning Resources ......................................................7-10
Quiz................................................................................................................................................................7-11
Road Map ......................................................................................................................................................7-13
Assigning Resources to Users: Overview ......................................................................................................7-14
Assigning Resources to Users: Criteria..........................................................................................................7-15
Assigning Resources to Users: Request ........................................................................................................7-16
Assigning Resources to Users: Direct Provisioning .......................................................................................7-17
Quiz................................................................................................................................................................7-18
Road Map ......................................................................................................................................................7-21
Types of Provisioning .....................................................................................................................................7-22
Manual Provisioning .......................................................................................................................................7-23
Autoprovisioning.............................................................................................................................................7-24
Quiz................................................................................................................................................................7-25
Road Map ......................................................................................................................................................7-26
Using Criteria to Assign a Resource to a User ...............................................................................................7-27
Step 1: Creating an Auto Membership Rule ...................................................................................................7-28

Step 2: Assigning an Auto Membership Rule to a Role.................................................................................7-30
Step 3: Building an Access Policy ..................................................................................................................7-32
Provisioning a User with a Resource Manually ..............................................................................................7-34
Step 1: Verifying a Resource Is Assigned to a User.......................................................................................7-36
Step 2: Completing a Custom Process Form .................................................................................................7-38
Step 3: Accessing the Resource ....................................................................................................................7-40
Quiz................................................................................................................................................................7-41
Road Map ......................................................................................................................................................7-43
Modifying an Oracle Identity Manager Connector ..........................................................................................7-44
Step 1: Modifying the Provisioning Process ...................................................................................................7-46
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
v

Step 2: Modifying the Custom Process Form .................................................................................................7-49
Provisioning a User with a Resource Automatically .......................................................................................7-51
Step 1: Verifying a Resource Is Assigned to a User.......................................................................................7-53
Step 2: Accessing the Resource ....................................................................................................................7-55
Quiz................................................................................................................................................................7-56
Road Map ......................................................................................................................................................7-58
Lesson Summary ...........................................................................................................................................7-59
Road Map ......................................................................................................................................................7-61
Practice 7 Overview: Understanding Manual and Automated Provisioning...................................................7-62
Road Map ......................................................................................................................................................7-63
What's Next? ..................................................................................................................................................7-64
Understanding Approval Processes and Requests ......................................................................................8-1
Understanding Approval Processes and Requests ........................................................................................8-2
Road Map ......................................................................................................................................................8-3

Lesson Objectives ..........................................................................................................................................8-4
Road Map ......................................................................................................................................................8-6
Request Workflow and Approval Process Overview ......................................................................................8-7
Request Overview ..........................................................................................................................................8-8
Request Type .................................................................................................................................................8-10
Request Type Catalog ...................................................................................................................................8-12
Request Dataset ............................................................................................................................................8-14
Default Request Dataset XML Files ...............................................................................................................8-16
Request Template ..........................................................................................................................................8-18
Approval Process ...........................................................................................................................................8-21
Approval Processes .......................................................................................................................................8-22
Oracle SOA Platform......................................................................................................................................8-23
Template Level Approval Process..................................................................................................................8-25
Approval Policies and the Request and Operation Approval Levels ..............................................................8-26
Request and Operation Level Approval Processes ........................................................................................8-27
Quiz................................................................................................................................................................8-29
Road Map ......................................................................................................................................................8-36
JDeveloper and SOA Composite Overview ...................................................................................................8-37
Loading an SOA Composite in JDeveloper ....................................................................................................8-38
Deploying an SOA Composite to a Defined Application Server .....................................................................8-40
Registering an SOA Composite with Oracle Identity Manager .......................................................................8-47
Registering a New SOA Composite with Oracle Identity Manager .................................................................8-48
Disabling an SOA Composite from Oracle Identity Manager .........................................................................8-51
Enabling an SOA Composite with Oracle Identity Manager ...........................................................................8-52
Road Map ......................................................................................................................................................8-53
Creating an Approval Policy ...........................................................................................................................8-54
Policy Details..................................................................................................................................................8-55
Set Approval Rule ..........................................................................................................................................8-56
Approval Policy Summary ..............................................................................................................................8-57
Approval Policy: Operation-Level Example ....................................................................................................8-58

Quiz................................................................................................................................................................8-59
Road Map ......................................................................................................................................................8-60
Modeling a Request Template .......................................................................................................................8-61
Access the Request Template Wizard ...........................................................................................................8-62
Request Template Details ..............................................................................................................................8-63
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
vi

Allowed Resources ........................................................................................................................................8-65
Attribute Restrictions ......................................................................................................................................8-66
Attribute Restriction Details ............................................................................................................................8-67
Additional Attributes .......................................................................................................................................8-68
Template User Roles .....................................................................................................................................8-69
Request Template Confirmation.....................................................................................................................8-70
Road Map ......................................................................................................................................................8-71
Request Initiation Flowchart ...........................................................................................................................8-72
Request and Approval Stages for Requests ..................................................................................................8-74
Request and Approval Stages for Bulk Requests ..........................................................................................8-76
Initiating a Request ........................................................................................................................................8-77
Request Beneficiary .......................................................................................................................................8-78
Request Template ..........................................................................................................................................8-79
Select Users ...................................................................................................................................................8-80
Select Resources ...........................................................................................................................................8-81
Resource Details and Additional Data............................................................................................................8-82
Request Justification ......................................................................................................................................8-83
Road Map ......................................................................................................................................................8-84
Lesson Summary ...........................................................................................................................................8-85

Road Map ......................................................................................................................................................8-86
Practice 8 Overview: Understanding Request Workflows and Approval Processes......................................8-87
Road Map ......................................................................................................................................................8-88
What's Next? ..................................................................................................................................................8-89
Understanding Reconciliation ........................................................................................................................9-1
Understanding Reconciliation ........................................................................................................................9-2
Road Map ......................................................................................................................................................9-3
Lesson Objectives ..........................................................................................................................................9-5
Road Map ......................................................................................................................................................9-8
Reconciliation and Provisioning .....................................................................................................................9-9
Reconciliation: Types .....................................................................................................................................9-11
Reconciliation: Events ....................................................................................................................................9-14
Quiz................................................................................................................................................................9-17
Road Map ......................................................................................................................................................9-23
Authoritative Reconciliation: Conceptual Diagram .........................................................................................9-24
Authoritative Reconciliation: Single and Multiple Trusted Sources.................................................................9-25
Account Reconciliation: Conceptual Diagram ................................................................................................9-26
Account Reconciliation: Target System..........................................................................................................9-27
Account Reconciliation: Data Process Flow ...................................................................................................9-28
Road Map ......................................................................................................................................................9-30
Implementing a Reconciliation Workflow........................................................................................................9-31
Step 1: Verifying Installation and Deployment Requirements .......................................................................9-34
Step 2: Configuring the External Resource ....................................................................................................9-36
Step 3: Copying Connector and External Code Files ....................................................................................9-38
Copying Connector Files: Microsoft Active Directory ....................................................................................9-40
Copying External Code Files: Microsoft Active Directory ..............................................................................9-45
Step 4: Configuring Oracle Identity Manager Server .....................................................................................9-46
Configuring Oracle Identity Manager Server: Clearing the Server Cache ......................................................9-47
Configuring Oracle Identity Manager Server: Enabling Logging ....................................................................9-49
Step 5: Importing an Oracle Identity Manager Connector .............................................................................9-51

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
vii

Step 6: Defining an IT Resource ....................................................................................................................9-54
Step 7: Modifying a Scheduled Job ................................................................................................................9-59
Modifying a Scheduled Job: Trusted Source ..................................................................................................9-61
Modifying a Scheduled Job: Target Resource ...............................................................................................9-63
Step 8: Reconciling with a Trusted Source ....................................................................................................9-64
Step 8: Reconciling with a Target Resource ..................................................................................................9-67
Quiz................................................................................................................................................................9-70
Road Map ......................................................................................................................................................9-74
Lesson Summary ...........................................................................................................................................9-75
Road Map ......................................................................................................................................................9-76
Practice 9 Overview: Understanding Reconciliation ......................................................................................9-77
Road Map ......................................................................................................................................................9-78
What's Next? ..................................................................................................................................................9-79
Managing Authorization Policies ....................................................................................................................10-1
Managing Authorization Policies ....................................................................................................................10-2
Road Map ......................................................................................................................................................10-3
Lesson Objectives ..........................................................................................................................................10-4
Road Map ......................................................................................................................................................10-6
Security Principles: Identity, Authentication, and Authorization ......................................................................10-7
What Is Authorization? ...................................................................................................................................10-9
Quiz................................................................................................................................................................10-10
Road Map ......................................................................................................................................................10-12
Oracle Entitlement Server ..............................................................................................................................10-13
Authorization Policy – Overview .....................................................................................................................10-15

Authorization Policy: Relationship to Roles ....................................................................................................10-17
Authorization Policy: Target ...........................................................................................................................10-18
Entity Association and Functional Security: Role Management ...................................................................10-19
Entity Association and Functional Security: Self Service User Management ................................................10-21
Entity Association and Functional Security: User Management ....................................................................10-22
Authorization Policy: Defining Scope with Data Security................................................................................10-24
Authorization Policy: Policy Assignment ........................................................................................................10-26
Out-of-the-Box Authorization Policies ............................................................................................................10-27
When to Define Authorization Policies ...........................................................................................................10-34
Quiz................................................................................................................................................................10-35
Road Map ......................................................................................................................................................10-41
Creating Role Management Authorization Policies ........................................................................................10-42
Step 1: Complete the Basic Policy Information ..............................................................................................10-43
Step 2: Select the Role Management Permissions ........................................................................................10-44
Step 3: Choose Data Constraints ...................................................................................................................10-45
Step 4: Select the Assignees .........................................................................................................................10-46
Step 5: Confirm the Results ...........................................................................................................................10-47
Creating Self Service User Management Authorization Policies ....................................................................10-48
Step 1: Complete the Basic Policy Information ..............................................................................................10-49
Step 2: Select the Self Service User Management Permissions ....................................................................10-50
Step 3: Select the Assignees .........................................................................................................................10-51
Step 4: Confirm the Results ...........................................................................................................................10-52
Creating User Management Authorization Policies ........................................................................................10-53
Step 1: Complete the Basic Policy Information ..............................................................................................10-54
Step 2: Select the User Management Permissions ........................................................................................10-55
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
viii

Step 3: Select Data Constraints .....................................................................................................................10-56
Step 4: Select the Assignees .........................................................................................................................10-57
Step 5: Confirm the Results ...........................................................................................................................10-58
Road Map ......................................................................................................................................................10-59
Lesson Summary ...........................................................................................................................................10-60
Road Map ......................................................................................................................................................10-61
Practice 10 Overview: Managing Authorization Policies ...............................................................................10-62
Road Map ......................................................................................................................................................10-63
What's Next? ..................................................................................................................................................10-64
Managing Reports ............................................................................................................................................11-1
Managing Reports ..........................................................................................................................................11-2
Road Map ......................................................................................................................................................11-3
Lesson Objectives ..........................................................................................................................................11-5
Road Map ......................................................................................................................................................11-8
Reports: Overview..........................................................................................................................................11-9
Access Policy Reports ...................................................................................................................................11-10
Attestation, Request, and Approval Reports ..................................................................................................11-11
Password Reports ..........................................................................................................................................11-12
Resource and Entitlement Reports ................................................................................................................11-13
Role and Organization Reports ......................................................................................................................11-17
User Reports ..................................................................................................................................................11-18
Quiz................................................................................................................................................................11-19
Road Map ......................................................................................................................................................11-20
Oracle BI Publisher: Overview .......................................................................................................................11-21
Configuring Oracle BI Publisher .....................................................................................................................11-22
Step 1: Copying Reports ................................................................................................................................11-24
Step 2: Starting Oracle BI Publisher...............................................................................................................11-27
Step 3: Managing Data Sources ....................................................................................................................11-30
Managing Data Sources: Creating the OIM JDBC Data Source ...................................................................11-31

Managing Data Sources: Creating the BPEL JDBC Data Source .................................................................11-33
Quiz................................................................................................................................................................11-35
Road Map ......................................................................................................................................................11-41
Creating Reports: Overview ...........................................................................................................................11-42
Creating an Access Policy Report ..................................................................................................................11-44
Creating a Request Report ............................................................................................................................11-46
Creating an Approval Report..........................................................................................................................11-48
Creating a Password Report ..........................................................................................................................11-50
Creating a Resource Report ..........................................................................................................................11-52
Creating a Role Report ..................................................................................................................................11-54
Creating an Organization Report....................................................................................................................11-56
Creating a User Report ..................................................................................................................................11-58
Quiz................................................................................................................................................................11-60
Road Map ......................................................................................................................................................11-63
Lesson Summary ...........................................................................................................................................11-64
Road Map ......................................................................................................................................................11-66
Practice 11 Overview: Managing Reports ......................................................................................................11-67
Road Map ......................................................................................................................................................11-69
What's Next? ..................................................................................................................................................11-70
Auditing, Monitoring, and Logging for Oracle Identity Manager .................................................................12-1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
ix

Auditing, Monitoring, and Logging for Oracle Identity Manager .....................................................................12-2
Road Map ......................................................................................................................................................12-3
Lesson Objectives ..........................................................................................................................................12-4
Roadmap .......................................................................................................................................................12-6

What is Auditing? ...........................................................................................................................................12-7
Auditing: Requirements ..................................................................................................................................12-8
Auditing: Business Challenges .......................................................................................................................12-10
Auditing: Oracle Fusion Middleware Audit Framework...................................................................................12-11
Oracle Fusion Middleware Audit Framework: Features .................................................................................12-13
Oracle Fusion Middleware Audit Framework – Audit Architecture .................................................................12-17
Oracle Fusion Middleware Audit Framework: Audit Flow ..............................................................................12-19
Oracle Fusion Middleware Audit Framework: Key Technical Concepts .........................................................12-20
Oracle Fusion Middleware Audit Framework: Oracle Identity Manager and SOA ..........................................12-21
Auditing – Oracle Identity Manager ................................................................................................................12-22
Auditing: Oracle Identity Manager Audit Engine .............................................................................................12-23
Auditing: Oracle Identity Manager Audit Levels .............................................................................................12-25
Auditing: Changing the Oracle Identity Manager Audit Level .........................................................................12-26
Auditing: SOA Audit Levels ............................................................................................................................12-27
Auditing: Changing the SOA Audit Level........................................................................................................12-28
Quiz................................................................................................................................................................12-29
Roadmap .......................................................................................................................................................12-33
What Is Monitoring? .......................................................................................................................................12-34
Monitoring: Oracle Enterprise Manager Fusion Middleware Control ..............................................................12-35
Monitoring: Oracle Identity Manager ..............................................................................................................12-37
Monitoring: Oracle Identity Manager Performance Metrics ............................................................................12-39
Monitoring: SOA .............................................................................................................................................12-40
Quiz................................................................................................................................................................12-43
Roadmap .......................................................................................................................................................12-45
What Is Logging? ...........................................................................................................................................12-46
Benefits of Logging ........................................................................................................................................12-47
Overview of Log Files.....................................................................................................................................12-48
Configuration Settings for Log Files for Oracle Identity Manager and SOA ...................................................12-49
Location and Configuration of Log Files for Oracle Identity Manager and SOA .............................................12-50
Search, View, and Download Log Files..........................................................................................................12-51

Log Files: Setting Information Levels .............................................................................................................12-53
Log Files: Specifying the Log File Locale .......................................................................................................12-55
Log Files: ECID and RID ................................................................................................................................12-56
Quiz................................................................................................................................................................12-58
Roadmap .......................................................................................................................................................12-62
Managing Auditing for Oracle Identity Manager .............................................................................................12-63
Managing Auditing for SOA............................................................................................................................12-67
Managing Monitoring for Oracle Identity Manager .........................................................................................12-70
Managing Monitoring for SOA ........................................................................................................................12-75
Managing Logging for Oracle Identity Manager .............................................................................................12-85
Managing Logging for SOA ............................................................................................................................12-91
Roadmap .......................................................................................................................................................12-93
Lesson Summary ...........................................................................................................................................12-94
Roadmap .......................................................................................................................................................12-96
Practice 12 Overview: Auditing, Monitoring, and Logging for Oracle Identity Manager ..................................12-97
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
x

Roadmap .......................................................................................................................................................12-98
What's Next? ..................................................................................................................................................12-99
Transferring Oracle Identity Manager Configurations ..................................................................................13-1
Transferring Oracle Identity Manager Configurations.....................................................................................13-2
Road Map ......................................................................................................................................................13-3
Lesson Objectives ..........................................................................................................................................13-4
Road Map ......................................................................................................................................................13-6
Deployment Manager Overview .....................................................................................................................13-7
Deployment Manager: Supported Configuration Objects ...............................................................................13-9

Supported Configuration Object Types ..........................................................................................................13-10
Advantages of Using the Deployment Manager to Transfer Configurations ...................................................13-11
Best Practices for Transferring Configuration Objects ...................................................................................13-12
Quiz................................................................................................................................................................13-20
Road Map ......................................................................................................................................................13-21
Overview of MDS Utilities ...............................................................................................................................13-22
MDS WebLogic Properties File ......................................................................................................................13-24
Road Map ......................................................................................................................................................13-26
Exporting Data Using the Deployment Manager ............................................................................................13-27
Importing Data Using the Deployment Manager ............................................................................................13-29
Exporting Data Using the MDS Export Utility .................................................................................................13-31
Importing Data Using the MDS Import Utility ..................................................................................................13-33
Deleting MDS Data Using the MDS Delete Utility ..........................................................................................13-35
Quiz................................................................................................................................................................13-36
Road Map ......................................................................................................................................................13-39
Lesson Summary ...........................................................................................................................................13-40
Road Map ......................................................................................................................................................13-41
Practice 13 Overview: Transferring Oracle Identity Manager Configurations .................................................13-42
Road Map ......................................................................................................................................................13-43
What's Next? ..................................................................................................................................................13-44
Oracle Identity Management Products: Overview .........................................................................................14-1
Oracle Identity Management Products: Overview ..........................................................................................14-2
Road Map ......................................................................................................................................................14-3
Appendix Objectives ......................................................................................................................................14-4
Road Map ......................................................................................................................................................14-5
Oracle Identity Management Products ...........................................................................................................14-6
Oracle Identity Management Products: Functional Aspects ...........................................................................14-9
Oracle Identity Management Products: Functionalities ..................................................................................14-10
Oracle Identity Management Products: Solutions ..........................................................................................14-11
Identity Administration: Infrastructure .............................................................................................................14-14

Oracle Identity Manager .................................................................................................................................14-15
Oracle Identity Analytics.................................................................................................................................14-16
Access Management: Infrastructure...............................................................................................................14-18
Oracle Access Manager .................................................................................................................................14-19
Oracle Adaptive Access Manager ..................................................................................................................14-20
Oracle Authentication Service for OS.............................................................................................................14-22
Oracle Enterprise Single Sign-On ..................................................................................................................14-23
Oracle Entitlements Server ............................................................................................................................14-24
Oracle Identity Federation ..............................................................................................................................14-25
Oracle Web Services Manager ......................................................................................................................14-26
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
xi

Directory Services: Infrastructure ...................................................................................................................14-27
Oracle Virtual Directory ..................................................................................................................................14-29
Oracle Internet Directory ................................................................................................................................14-30
Road Map ......................................................................................................................................................14-31
Appendix Summary ........................................................................................................................................14-32
Basic Oracle WebLogic Server Concepts ......................................................................................................15-1
Basic Oracle WebLogic Server Concepts ......................................................................................................15-2
Road Map ......................................................................................................................................................15-3
Appendix Objectives ......................................................................................................................................15-4
Road Map ......................................................................................................................................................15-5
Oracle Fusion Middleware .............................................................................................................................15-6
Oracle Fusion Middleware Management Infrastructure..................................................................................15-8
Relationship of Fusion Middleware Products to WebLogic Server .................................................................15-9
Typical Oracle Fusion Middleware Environment ............................................................................................15-10

Overview of WebLogic Server Domain ..........................................................................................................15-11
Domain Diagram ............................................................................................................................................15-13
Road Map ......................................................................................................................................................15-15
Configuring a Domain ....................................................................................................................................15-16
Starting the Domain Configuration Wizard .....................................................................................................15-18
Creating a Domain Using the Domain Configuration Wizard .........................................................................15-19
Creating a New WebLogic Domain and Selecting the Domain Source ..........................................................15-20
Configuring Administrator Settings .................................................................................................................15-21
Configuring Startup Mode and JDK................................................................................................................15-22
Customizing Optional Configuration ...............................................................................................................15-23
Configuring the Administration and Managed Servers ...................................................................................15-24
Configuring Clusters and Assigning Servers to Clusters ................................................................................15-25
Creating an HTTP Proxy Application and Configuring Machines ...................................................................15-27
Assigning Servers to Machines ......................................................................................................................15-29
Configuring JDBC Data Sources ....................................................................................................................15-30
Testing Data Source Connections..................................................................................................................15-33
Running Database Scripts .............................................................................................................................15-35
Configuring the JMS File Store ......................................................................................................................15-36
Customizing Application and Service Targeting Configuration ......................................................................15-38
Configuring RDBMS Security Store Database ...............................................................................................15-39
Reviewing the WebLogic Domain ..................................................................................................................15-41
Creating the WebLogic Domain .....................................................................................................................15-42
Domain Directory Structure ............................................................................................................................15-43
Road Map ......................................................................................................................................................15-45
JVM Run-Time Arguments .............................................................................................................................15-46
Oracle WebLogic Server Dependencies ........................................................................................................15-47
Configuring CLASSPATH ..............................................................................................................................15-48
Starting Oracle WebLogic Administration Server ...........................................................................................15-50
Starting Administration Server by Using startWebLogic.sh ............................................................................15-52
Starting the Administration Server by Using the java weblogic.Server Command .........................................15-54

Stopping the Administration Server ................................................................................................................15-56
Benefits of Using the Administration Console ................................................................................................15-57
Accessing the Administration Console ...........................................................................................................15-58
Administration Console Login ........................................................................................................................15-59
Basic Navigation ............................................................................................................................................15-61
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
xii

Using the Help System...................................................................................................................................15-62
General Administration Console User Preferences ........................................................................................15-63
Advanced Console Options ............................................................................................................................15-65
Setting Basic Properties .................................................................................................................................15-66
Administration Console Monitoring.................................................................................................................15-67
Starting a Managed Server by Using the Administration Console ..................................................................15-68
Shutting Down a Server .................................................................................................................................15-70
Shutting Down a Domain ...............................................................................................................................15-71
Monitoring All Servers ....................................................................................................................................15-74
Road Map ......................................................................................................................................................15-76
WebLogic Scripting Tool (WLST) ...................................................................................................................15-77
Jython ............................................................................................................................................................15-78
Using Jython ..................................................................................................................................................15-79
WLST Modes .................................................................................................................................................15-80
WLST Example ..............................................................................................................................................15-81
WLST Command Requirements ....................................................................................................................15-82
Running WLST Scripts ...................................................................................................................................15-83
Importing WLST as a Jython Module .............................................................................................................15-85
General WLST Commands ............................................................................................................................15-86

Offline WLST Commands ..............................................................................................................................15-87
Creating a Domain: Example .........................................................................................................................15-89
Online WLST Commands ..............................................................................................................................15-90
WebLogic JMX: Overview ..............................................................................................................................15-91
Navigating JMX MBeans ................................................................................................................................15-92
Road Map ......................................................................................................................................................15-94
What Node Managers Can Do .......................................................................................................................15-95
What Is a Machine? .......................................................................................................................................15-97
Relationship of Machines to Other Components ............................................................................................15-98
Creating a Machine ........................................................................................................................................15-99
Defining Names and OS of Machines ............................................................................................................15-101
Assigning Servers to a Machine .....................................................................................................................15-102
Monitoring Machines and Servers ..................................................................................................................15-103
Configuring a Machine to Use a Node Manager ............................................................................................15-104
Node Manager Architecture ...........................................................................................................................15-105
How a Node Manager Starts an Administration Server .................................................................................15-106
How a Node Manager Starts a Managed Server............................................................................................15-107
How a Node Manager Restarts an Administration Server .............................................................................15-108
How a Node Manager Restarts a Managed Server........................................................................................15-109
How a Node Manager Shuts Down a Server Instance ..................................................................................15-110
Road Map ......................................................................................................................................................15-111
Lesson Summary ...........................................................................................................................................15-112
Oracle Identity Manager Architecture ............................................................................................................16-1
Oracle Identity Manager Architecture .............................................................................................................16-2
Road Map ......................................................................................................................................................16-3
Appendix Objectives ......................................................................................................................................16-4
Road Map ......................................................................................................................................................16-5
Oracle Identity Manager Architecture .............................................................................................................16-6
Road Map ......................................................................................................................................................16-8
Oracle Identity Manager Architecture: Advantages ........................................................................................16-9

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
xiii

Road Map ......................................................................................................................................................16-12
Oracle Identity Manager Architecture: Features and Benefits .......................................................................16-13
Road Map ......................................................................................................................................................16-20
Oracle Identity Manager Architecture: Tiers ...................................................................................................16-21
Tier 1: Presentation Tier.................................................................................................................................16-22
Tier 2: Business Services Tier........................................................................................................................16-24
Business Services Tier: API Services ............................................................................................................16-26
Business Services Tier: Identity Services ......................................................................................................16-27
Business Services Tier: Integration Services .................................................................................................16-28
Business Services Tier: Platform Services .....................................................................................................16-30
Tier 3: Data Tier .............................................................................................................................................16-33
Road Map ......................................................................................................................................................16-35
Appendix Summary ........................................................................................................................................16-36
Oracle Identity Manager Connectors..............................................................................................................17-1
Oracle Identity Manager Connectors..............................................................................................................17-2
Road Map ......................................................................................................................................................17-3
Appendix Objectives ......................................................................................................................................17-4
Road Map ......................................................................................................................................................17-5
Oracle Identity Manager Connector: Overview .............................................................................................17-6
Road Map ......................................................................................................................................................17-7
Oracle Identity Manager Connector: Types ....................................................................................................17-8
Oracle Identity Manager Connector Types: Predefined Connectors ..............................................................17-9
Oracle Identity Manager Connector Types: Generic Technology Connectors ...............................................17-10
Oracle Identity Manager Connector Types: Custom Connectors ...................................................................17-12

Road Map ......................................................................................................................................................17-13
Oracle Identity Manager Connector: Components ........................................................................................17-14
Road Map ......................................................................................................................................................17-19
Constructing an Oracle Identity Manager Connector: Step 1 ........................................................................17-20
Constructing an Oracle Identity Manager Connector: Step 2 ........................................................................17-22
Constructing an Oracle Identity Manager Connector: Step 3 ........................................................................17-24
Constructing an Oracle Identity Manager Connector: Step 4 ........................................................................17-26
Constructing an Oracle Identity Manager Connector: Step 5 ........................................................................17-28
Constructing an Oracle Identity Manager Connector: Step 6 ........................................................................17-30
Constructing an Oracle Identity Manager Connector: Step 7 ........................................................................17-32
Constructing an Oracle Identity Manager Connector: Step 8 ........................................................................17-34
Road Map ......................................................................................................................................................17-36
Appendix Summary ........................................................................................................................................17-37
Customizing the Oracle Identity Manager User Interfaces ...........................................................................18-1
Customizing the Oracle Identity Manager User Interfaces ............................................................................18-2
Road Map ......................................................................................................................................................18-3
Appendix Objectives ......................................................................................................................................18-5
Road Map ......................................................................................................................................................18-6
Oracle Identity Manager User Interfaces........................................................................................................18-7
User Interface 1: The Login Page .................................................................................................................18-8
User Interface 2: The Unauthenticated Self Service Console .......................................................................18-10
User Interface 3: The Identity Administration Console ..................................................................................18-11
User Interface 4: The Authenticated Self Service Console ............................................................................18-13
User Interface 5: The Advanced Administration Console ...............................................................................18-15
Road Map ......................................................................................................................................................18-18
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
xiv

Levels of Customization .................................................................................................................................18-19
Road Map ......................................................................................................................................................18-21
Branding the Identity Administration Console: Overview................................................................................18-22
Branding the Identity Administration Console: Modifying Branding Text ........................................................18-23
Branding the Identity Administration Console: Adding a Logo .......................................................................18-26
Branding the Identity Administration Console: Changing the Logo Mouseover Text ......................................18-30
Branding the Authenticated Self Service Console: Overview .........................................................................18-34
Branding the Authenticated Self Service Console: Modifying Branding Text .................................................18-35
Branding the Authenticated Self Service Console: Adding a Logo .................................................................18-38
Branding the Authenticated Self Service Console: Changing the Logo Mouseover Text ...............................18-42
Road Map ......................................................................................................................................................18-45
Modifying the Functionality and Appearance of the Identity Administration Console: Overview ....................18-46
Modifying the Functionality and Appearance of the Identity Administration Console: Renaming Button Labels
.......................................................................................................................................................................18-47
Creating Custom Skins and Style Sheets: Overview......................................................................................18-50
Modifying the Functionality and Appearance of the Identity Administration Console: Creating a Custom Skin and
Style Sheet.....................................................................................................................................................18-51
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Overview ..............18-56
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Renaming Button Labels
.......................................................................................................................................................................18-57
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Creating a Custom Skin
and Style Sheet ..............................................................................................................................................18-60
Road Map ......................................................................................................................................................18-63
Appendix Summary ........................................................................................................................................18-64
Road Map ......................................................................................................................................................18-65
Practice F Overview: Customizing the Oracle Identity Manager User Interfaces ...........................................18-66

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents
xv

Managing Authorization
Policies
Chapter 10

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 1

Managing Authorization Policies

Managing Authorization Policies

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 2

Road Map

Road Map
•
•

•

Lesson Objectives
Compare Authorization and
Authentication
Authorization Policy Overview
–
–
–
–

•
•
•
•

Authorization Policy Components
Relationship of Roles
Target
Defining Scope

Creating and Managing Authorization Policies
Lesson Summary
Lesson Practice
What's Next?

Road Map
The road map is a listing of sections in this lesson that provide information about authorization
policies in Oracle Identity Manager.
The lesson objectives provide a high-level insight into the lesson’s goals. The objectives

follow the scenario of Joseph, an Oracle administrator, who will need to create authorization
policies to meet the growing organization’s needs. Next, you examine the details of the topics
for the lesson. First a definition of authorization is presented and compared against
authentication. Next, an overview of authorization policies is presented: Specifically, how do
you define authorization policies within Oracle Identity Manager, what are the components of
the authorization policy, how does a role tie into an authorization policy, what is the target for
an authorization policy, and how do you define the scope of the authorization policy. Next, you
examine out-of-the-box authorization policies, and examine how to create an authorization
policy.
Finally, an overview of the practice associated with this lesson is presented as well as a highlevel overview of the next lesson.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 3

Lesson Objectives

Lesson Objectives
After completing this lesson, you should be able to:
• Define the concept of authorization and differentiate it from
authentication
• Identify the components of an authorization policy
• Decide when to implement authorization policies
• Describe out-of-the-box authorization policies and the roles
associated with those policies
• Identify the entity types available when defining
authorization policies
• Create authorization policies assigning entity-specific

permissions and attributes
• Specify data constraints for an authorization policy

Lesson Objectives
This slide lists the objectives of this lesson.
The scenario follows Joseph, our Oracle administrator. One of Joseph’s tasks as an
administrator is providing users with the appropriate permissions, based on their role
associations. Joseph needs to understand authorization, how to differentiate it from
authentication, and how to implement authorization for his organization’s needs. By using
authorization policies, Joseph will not need to provide users direct access to the out-of-thebox roles, which may grant users with more access rights than they should be entitled to.
Authorization policies are used to enforce run-time security in Oracle Identity Manager. These
authorization policies control the tasks that a user can perform within the environment. Joseph
will need to create authorization policies associated with different entity types to ensure that
users have specific access rights to certain tasks and operations, depending on their roles.
As part of defining authorization policies, Joseph must also understand how to manage a
user’s access to specific attributes. He may want to prevent some type of users from
accessing data associated with a user, while allowing access to other users.
Joseph will need to understand when to implement these authorization policies and to which
roles to assign these authorization policies.
In this lesson, you compare and contrast the concepts of authorization and authentication.
You describe what an authorization policy is and identify its components. Next, you identify
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 4

when to implement authorization policies as well as identify the out-of-the-box authorization
policies that exist for Oracle Identity Manager. Finally, you create different types of
authorization policies, based on the entity type as well as any entity-specific permissions and

attributes used to define the authorization policy. As a part of defining the authorization policy,
you also specify security data constraints to limit or broaden the scope of the authorization
policy, for users who inherit the permissions defined therein.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 5

Road Map

Road Map
•
•
•

Lesson Objectives
Compare Authorization and
Authentication
Authorization Policy Overview
–
–
–
–

•
•
•
•

Authorization Policy Components
Relationship of Roles
Target
Defining Scope

Creating and Managing Authorization Policies
Lesson Summary
Lesson Practice
What's Next?

Road Map
This section provides an overview of authorization and authentication and identifies the
differences between the two concepts.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 6

Security Principles: Identity, Authentication, and Authorization

Security Principles: Identity, Authentication, and
Authorization

Security Principles: Identity, Authentication, and Authorization
There are three main concepts for securing and accessing objects. The first of these is
identity. Your identity distinguishes who you are from someone else. At this point, there is no
check. For example, when you access an ATM machine, you provide a credit or debit card.

The card identifies who the holder of the card is.
At the next stage, you authenticate, or you prove, you are who you say you are. Using the
ATM machine example again, you provide some security key, or pin code, to prove that you
are in fact the holder of the card.
The next stage is authorization. Authorization establishes what you are allowed to do. Using
the ATM example once more, you can deposit or withdraw money from your account. You are
not authorized to withdraw money from another person’s account by using that debit card.
The principles carry over to Oracle Identity Manager. Your login ID is your identification.
Entering your password starts the authentication process, using both the login ID and
password to confirm that you are indeed who you say you are. Access to specific features in
Oracle Identity Manager, such as creating users, managing passwords, creating and
managing roles, or managing resource objects, is enforced with authorization. Permission to
access those features is controlled directly in one of two ways: by assigning the user to Oracle
Identity Manager roles with data object permissions defined for the role; by assigning the user
to roles associated with authorization policies.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Managing Authorization Policies
Chapter 10 - Page 7

Student Guide - Oracle Identity Manager 11g Essentials Volume II

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về