Creating and Editing a Business Role in Oracle Role Manager

Purpose

This OBE tutorial describes and shows you how to:

  • Create a business role in Oracle Role Manager
  • Map an IT role to the business role

Time to Complete

Approximately 1 hour

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Creating a Business Role and Policy
 Mapping an IT Role to a Business Role
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Role Manager.

Overview

Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.

Features and benefits of Oracle Role Manager include:

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she is responsible for creating and managing roles within the company. Examples of such roles are business roles and IT roles.

A business role is a collection of business duties or responsibilities to be granted to users in an organization. Business roles are defined using business policies. Business policies are used to determine who is to receive the company's business roles. For example, Linda can create an business role for the partners of Mydo Main Corporation. Then, she can create a business policy that gives all Oracle Role Manager users with a job title of Manager access rights to the associated business role. When this policy is run, Oracle Role Manager retrieves these users from its database.

An IT role is a named collection of IT privileges that can be mapped to business roles in order to grant users a set of privileges. Any privilege for an external application that associates itself with an IT resource is known as an IT privilege. For example, Linda can map an IT role for restarting server applications to the business role for the partners of Mydo Main Corporation. As a result, before the partners of Mydo Main can receive access rights to the company's server applications, these applications must be restarted.

By creating and editing business roles in Oracle Role Manager, Linda can manage users, roles, and resources across the enterprise setup of Mydo Main.

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

2.

Complete the OBE titled Creating an Approver Role in Oracle Role Manager.

 

Back to Topic List

Creating a Business Role and Policy

As a network administrator for Mydo Main Corporation, Linda is responsible for creating business roles and policies in Oracle Role Manager, and assigning users to these roles and policies.

A business role is a collection of business duties or responsibilities to be granted to users in an organization. Business roles are defined using business policies. Business policies are used to determine who is to receive the company's business roles. For example, Linda can create a business role for the partners of Mydo Main Corporation. Then, she can create a business policy that gives all Oracle Role Manager users with a job title of Manager access rights to the associated business role. When this policy is run, Oracle Role Manager retrieves these users from its database.

To create a business role and policy in Oracle Role Manager, perform the following steps:

1.

If the application server that Oracle Role Manager uses is not running, start it. For this OBE, JBoss is the application server for Oracle Role Manager.

To start this application server, double-click the run.bat file, found in the application server's bin directory. For this OBE, the file is located in the C:\stage\jboss-4.0.5.GA\bin directory.

 

2.

Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:

  • localhost (JBoss Application Server and Oracle Role Manager reside on the same computer.)
  • 8087 (the port number for JBoss Application Server)
  • webui (A literal that is case-sensitive.)

As a result, the URL should have the following naming convention:

http://localhost:8087/webui

 

3.

Populate the fields of the Oracle Role Manager login page, as follows (and click Sign In):

Field Value
User ID admin
Password dead_line1

Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. Also, the password in encrypted for security purposes.

The Home page of Oracle Role Manager appears:

 

4.

On the Oracle Role Manager navigation bar, click Roles.

 

5.

On the Oracle Role Manager subnavigation bar, verify that Business Roles is selected.

Note: Linda clicks Roles on the navigation bar and confirms that Business Roles is selected on the subnavigation bar because she is creating a business role.

 

6.

On the left pane, expand the Office of the CEO node. Then, expand the Office of the EVP node. Next, expand the Business Development node. The Partnerships item appears.

Note: For this OBE, Linda is to create a business role for the partners of Mydo Main Corporation. Also, the existing business roles correspond to data Linda uploaded into Oracle Role Manager in the OBE titled Creating an Approver Role in Oracle Role Manager.

 

7.

Right-click the Partnerships item. Select New Business Role from the popup menu that appears.

 

8.

On the popup window that appears, specify the type of business role to be created (that is, a dynamic business role or a static business role). For this OBE, Linda is to create a dynamic business role. Therefore, select Dynamic from the Business Role Type combo box. Click Submit.

Note: Dynamic business roles determine role membership through business policies. Static business roles determine role membership through manual role grants. That is, the business role must be granted manually to one user at a time.

 

9.

Populate the fields of the New Business Role page, as follows (and click Submit):

Field Description
Display Name The name of the business role. For this OBE, the name of the role is Partnership Business Role.
Description Explanatory information about the business role. For this OBE, Linda enters " Business role for partners of Mydo Main." into the Description field.
Responsibilities The responsibilities for the business role. For this OBE, Linda enters " Provide partners of Mydo Main access rights to the company's resources." into the Responsibilities field.
Status The status of the business role. For this OBE, set the status of the role to be Active.
Owner The owner of the business role. For this OBE, specify Beckie Champagne as the owner of this role (by clicking Edit, selecting the user from the Search for Person window that appears, and clicking OK).
Administrative Organization The organization to which the business role must belong. For this OBE, specify Partnerships as the administrative organization for this role (by clicking Edit, selecting the organization from the Search for Organization window that appears, and clicking OK).

A message appears, indicating the business role is created.

Linda created the Partnership Business Role. She is ready to create a business policy that gives all Oracle Role Manager users with a job title of Manager access rights to the role.

 

10.

On the left pane, select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes). Click the magnifying glass that appears to the right of the business role Linda created in this procedure (the Partnership Business Role).

 

11.

On the Business Role: Partnership Business Role page, click the Grant Policy tab.

 

12.

Enter the following code in the text area of the Grant Policy tab (and click Submit):

<?xml version="1.0" encoding="UTF-8"?>
<predicate xmlns="http://xmlns.oracle.com/iam/rm/rule/predicate/config/1_0" input-type="person">
<attribute-expression>
<attribute attribute-id="jobTitle"></attribute>
<starts-with>

<string-constant>Manager</string-constant>

</starts-with>
</attribute-expression>
</predicate>

Note: By entering this code into the text area of the Grant Policy tab, Linda creates a business policy. Oracle Role Manager uses this policy to provide all users with a job title of Manager with access rights to the Partnership Business Role.

A message appears, indicating the business role is updated.

Tip: To verify that users are assigned to the Partnership Business Role:

  1. Select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes).
  2. Click the magnifying glass that appears to the right of the business role.
  3. On the Business Role: Partnership Business Role page, click the Members tab.

  4. On the Members tab, click Search.
  5. The users assigned to the Partnership Business Role appear.

Linda created a business role and policy in Oracle Role Manager. She is ready to map an IT role to this business role.

 

Back to Topic List

Mapping an IT Role to a Business Role

In the previous section of this OBE, Linda created a business role and policy in Oracle Role Manager. First, she created a business role for the partners of Mydo Main Corporation. Then, she created a business policy that gives all Oracle Role Manager users with a job title of Manager access rights to the business role.

Linda is ready to map an IT role to this business role. An IT role is a named collection of IT privileges that can be mapped to business roles in order to grant users a set of privileges. Any privilege for an external application that associates itself with an IT resource is known as an IT privilege. For example, Linda can map an IT role for restarting server applications to the business role for the partners of Mydo Main Corporation. As a result, before the partners of Mydo Main can receive access rights to the company's server applications, these applications must be restarted.

To map an IT role to a business role, perform the following steps:

1.

On the Business Role: Partnership Business Role page, click the Mappings tab.

 

2.

On the Mappings tab, click Map IT Role.

Note: Linda clicks the Mappings tab and the Map IT Role button because she is mapping an IT role to a business role.

 

3.

On the Search for IT Role window, click Search.

The IT roles that Linda can assign to the business role appear:

Note: The existing IT roles correspond to data Linda uploaded into Oracle Role Manager in the OBE titled Creating an Approver Role in Oracle Role Manager.

 

4.

Select the IT role to be mapped to the business role. For this OBE, Linda is to map an IT role for restarting server applications to the Partnership Business Role. Therefore, select the Restart Server Applications option. Click OK.

The IT role appears in the Mappings tab of the Business Role: Partnership Business Role page. Also, a Role Mapping Created message appears on this page.

Linda created a business role and policy in Oracle Role Manager. In addition, she mapped an IT role to the business role.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Create a business role and policy
 Map an IT role to a business role

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document