Creating an Approver Role in Oracle Role Manager

Purpose

This OBE tutorial describes and shows you how to create an approver role in Oracle Role Manager and assign approvers to this role.

Time to Complete

Approximately 1 hour

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Loading Sample Permissions and Data
 Creating an Approver Role
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Role Manager.

Overview

Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.

Features and benefits of Oracle Role Manager include:

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she is responsible for creating roles within the company and assigning users to these roles. Examples of such users and roles are approvers and approver roles.

An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.

Before Linda can create an approver role and assign approvers to this role, she must must load the following files into Oracle Role Manager:

After Linda uploads these files into Oracle Role Manager, she can create an approver role and assign approvers to this role. As a result, she can manage users and roles across the enterprise setup of Mydo Main.

Back to Topic List

Prerequisites

Before starting this tutorial, you should complete the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

 

Back to Topic List

Loading Sample Permissions and Data

As a network administrator for Mydo Main Corporation, one of Linda's responsibilities is to create approver roles in Oracle Role Manager and assign approvers to these roles. An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.

Before Linda can create an approver role and assign approvers to the role, she must must load the following files into Oracle Role Manager:

To perform this action, Linda must launch the Oracle Role Manager Administrative Console. This Web-based console is used by the system administrator to load permissions and data into Oracle Role Manager.

After Linda uploads these files into Oracle Role Manager, she can create an approver role and assign approvers to the role.

To load files, containing sample permissions and data, into Oracle Role Manager, perform the following steps:

1.

If the application server that Oracle Role Manager uses is not running, start it. For this OBE, JBoss is the application server for Oracle Role Manager.

To start this application server, double-click the run.bat file, found in the application server's bin directory. For this OBE, the file is located in the C:\stage\jboss-4.0.5.GA\bin directory.

 

2.

Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:

  • localhost (JBoss Application Server and Oracle Role Manager reside on the same computer.)
  • 8087 (the port number for JBoss Application Server)
  • ormconsole (A literal that is case-sensitive.)

As a result, the URL should have the following naming convention:

http://localhost:8087/ormconsole

 

3.

On the Home page of the Oracle Role Manager Administrative Console, click Upload.

 

4.

Populate the fields of the Upload page, as follows (and click Load):

Field Value
Name admin
Password dead_line1
File C:\ORMHome_1\samples\sample_data\admin_systemrole_privilege_mapping.dar

Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. She created this account when she installed Oracle Role Manager in the OBE titled Installing, Configuring, and Launching Oracle Role Manager. Also, the password Linda enters is encrypted for security purposes.

The admin_systemrole_privilege_mapping.dar file contains permissions Linda requires to create approvers and approver roles. This dar file is located in the C:\ORMHome_1\samples\sample_data directory. Linda created this directory when she installed Oracle Role Manager in the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

The contents of the admin_systemrole_privilege_mapping.dar file are loaded into Oracle Role Manager:

Linda is ready to load the contents of the sample_data.dar file into Oracle Role Manager.

 

5.

On the Home page of the Oracle Role Manager Administrative Console, click Upload.

 

6.

Populate the fields of the Upload page, as follows (and click Load):

Field Value
Name admin
Password dead_line1
File C:\ORMHome_1\samples\sample_data\sample_data.dar

Note: The sample_data.dar file contains sample data for users and roles, including data for approvers and approver roles. This file is located in the C:\ORMHome_1\samples\sample_data directory.

The contents of the sample_data.dar file are loaded into Oracle Role Manager:

Linda loaded files, containing sample permissions and data, into Oracle Role Manager. She is ready to create an approver role in Oracle Role Manager and assign approvers to this role.

 

Back to Topic List

Creating an Approver Role

In the previous section of this OBE, Linda loaded permissions and data she requires to create roles and users in Oracle Role Manager, including approver roles and approvers. She is ready to create an approver role in Oracle Role Manager and assign approvers to this role.

An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.

Approver roles use membership rules (known as approver rules). Approver rules are used to determine who can approve a workflow request to provision users with resources. For example, Linda can create an approver role to approve resources assigned to the partners of Mydo Main Corporation. Then, she can create an approver rule to assign all Oracle Role Manager users with a job title of Manager to be approvers for the role. When this rule is run, Oracle Role Manager retrieves the approvers from its database.

To create an approver role and assign approvers to this role, perform the following steps:

1.

Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:

  • localhost (Oracle Database, JBoss Application Server, and Oracle Role Manager reside on the same computer.)
  • 8087 (the port number for JBoss Application Server)
  • webui (A literal that is case-sensitive.)

As a result, the URL should have the following naming convention:

http://localhost:8087/webui

 

2.

Populate the fields of the Oracle Role Manager login page, as follows (and click Sign In):

Field Value
User ID admin
Password dead_line1

Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. Also, the password in encrypted for security purposes.

The Home page of Oracle Role Manager appears:

 

3.

On the Oracle Role Manager navigation bar, click Roles.

 

4.

On the Oracle Role Manager subnavigation bar, click Approver Roles.

Note: Linda clicks Roles on the navigation bar and Approver Roles on the subnavigation bar because she is creating a role for an approver.

 

5.

On the left pane, expand the Office of the CEO node. Then, expand the Office of the EVP node. Next, expand the Business Development node. The Partnerships item appears.

Note: For this OBE, Linda is to create a role to approve resources assigned to the partners of Mydo Main Corporation. Also, the existing approver roles correspond to data Linda uploaded into Oracle Role Manager in the section of this OBE titled Loading Sample Permissions and Data.

 

6.

Right-click the Partnerships item. Select New Approver Role from the popup menu that appears.

 

7.

Populate the fields of the New Approver Role page, as follows (and click Submit):

Field Description
Display Name The name of the approver role. For this OBE, the name of the role is Partnership Approver.
Description Explanatory information about the approver role. For this OBE, Linda enters " Approver role for partners of Mydo Main." into the Description field.
Status The status of the approver role. For this OBE, set the status of the role to be Active.
Owner The owner of the approver role. For this OBE, specify Beckie Champagne as the owner of this role (by clicking Edit, selecting the user from the Search for Person window that appears, and clicking OK).
Administrative Organization The organization to which the approver role must belong. For this OBE, specify Partnerships as the administrative organization for this role (by clicking Edit, selecting the organization from the Search for Organization window that appears, and clicking OK).

A message appears, indicating the approver role is created.

Linda created the Partnership Approver role. She is ready to assign approvers to this role. For this OBE, Linda assigns all Oracle Role Manager users with a job title of Manager to be approvers for the Partnership Approver role.

 

8.

On the left pane, select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes). Click the magnifying glass that appears to the right of the approver role Linda created in this procedure (the Partnership Approver role).

 

9.

On the Approver Role: Partnership Approver page, click the Grant Policy tab.

 

10.

Enter the following code in the text area of the Grant Policy tab (and click Submit):

<?xml version="1.0" encoding="UTF-8"?>
<predicate xmlns="http://xmlns.oracle.com/iam/rm/rule/predicate/config/1_0" input-type="person">
<attribute-expression>
<attribute attribute-id="jobTitle"></attribute>
<starts-with>

<string-constant>Manager</string-constant>

</starts-with>
</attribute-expression>
</predicate>

Note: By entering this code into the text area of the Grant Policy tab, Linda creates an approver rule. Oracle Role Manager uses this rule to assign all users with a job title of Manager to be approvers for the Partnership Approver role.

A message appears, indicating the approver role is updated.

Tip: To verify that approvers are assigned to the Partnership Approver role:

  1. Select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes).
  2. Click the magnifying glass that appears to the right of the approver role.
  3. On the Approver Role: Partnership Approver page, click the Members tab.

  4. On the Members tab, click Search.
  5. The approvers assigned to the Partnership Approver role appear.

Linda loaded sample permissions and data into Oracle Role Manager. She used this information to create an approver role for Oracle Role Manager and assign approvers to this role.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Load sample permissions and data
 Create an approver role

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document