Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor
over each individual icon in the following steps to load and view only the screenshot
associated with that step.
The screenshots will not reflect the specific environment
you are using. They are provided to give you an idea of where to locate specific
functionality in Oracle Role Manager.
Overview
Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.
Features and benefits of Oracle Role Manager include:
Role and rule mining: An enterprise can accelerate its role-management implementation by importing existing data about users, resources, and entitlements to discover candidate roles and membership policies.
Context-aware, polyarchy-enabled role engine: A powerful role engine uses an enterprise’s business policies and traverses relationships between users and organizations to derive accurate, real-time role memberships.
Authoritative role and entitlement repository: An enterprise aggregates and manages contextual business information (such as organizational relationships) into a comprehensive role repository. Serving as the central source of information for roles, these complex relationships supply authoritative entitlement data to enterprise systems.
Configurable and extensible role and relationship model: Oracle Role Manager models enterprise structures and relationships, and provides tools for customizing the user interface.
Role delegation: By providing delegated administration of roles, Oracle Role Manager enables users to delegate access and privileges easily without violating existing business policies.
Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she is responsible for creating roles within the company and assigning users to these roles. Examples of such users and roles are approvers and approver roles.
An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.
Before Linda can create an approver role and assign approvers to this role, she must must load the following files into Oracle Role Manager:
The admin_systemrole_privilege_mapping.dar file. This zipped file contains permissions Linda requires to create approver roles and assign approvers to these roles.
The sample_data.dar file. This zipped file contains sample data for users and roles, including data for approvers and approver roles.
After Linda uploads these files into Oracle Role Manager, she can create an approver role and assign approvers to this role. As a result, she can manage users and roles across the enterprise setup of Mydo Main.
As a network administrator for Mydo Main Corporation, one of Linda's responsibilities is to create approver roles in Oracle Role Manager and assign approvers to these roles. An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.
Before Linda can create an approver role and assign approvers to the role, she must must load the following files into Oracle Role Manager:
The admin_systemrole_privilege_mapping.dar file. This zipped file contains permissions Linda requires to create approvers and approver roles.
The sample_data.dar file. This zipped file contains sample data for users and roles, including data for approvers and approver roles.
To perform this action, Linda must launch the Oracle Role Manager Administrative Console. This Web-based console is used by the system administrator to load permissions and data into Oracle Role Manager.
After Linda uploads these files into Oracle Role Manager, she can create an approver role and assign approvers to the role.
To load files, containing sample permissions and data, into Oracle Role Manager, perform the
following steps:
1.
If the application server that Oracle Role Manager uses is not running, start it. For this OBE, JBoss is the application server for Oracle Role Manager.
To start this application server, double-click the run.bat file, found in the application server's bin directory. For this OBE, the file is located in the C:\stage\jboss-4.0.5.GA\bin directory.
2.
Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:
localhost (JBoss Application Server and Oracle Role Manager reside on the same computer.)
8087 (the port number for JBoss Application Server)
ormconsole (A literal that is case-sensitive.)
As a result, the URL should have the following naming convention:
http://localhost:8087/ormconsole
3.
On the Home page of the Oracle Role Manager Administrative Console, click Upload.
4.
Populate the fields of the Upload page, as follows (and click Load):
Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. She created this account when she installed Oracle Role Manager in the OBE titled Installing, Configuring, and Launching Oracle Role Manager. Also, the password Linda enters is encrypted for security purposes.
The admin_systemrole_privilege_mapping.dar file contains permissions Linda requires to create approvers and approver roles. This dar file is located in the C:\ORMHome_1\samples\sample_data directory. Linda created this directory when she installed Oracle Role Manager in the OBE titled Installing, Configuring, and Launching Oracle Role Manager.
The contents of the admin_systemrole_privilege_mapping.dar file are loaded into Oracle Role Manager:
Linda is ready to load the contents of the sample_data.dar file into Oracle Role Manager.
5.
On the Home page of the Oracle Role Manager Administrative Console, click Upload.
6.
Populate the fields of the Upload page, as follows (and click Load):
Field
Value
Name
admin
Password
dead_line1
File
C:\ORMHome_1\samples\sample_data\sample_data.dar
Note: The sample_data.dar file contains sample data for users and roles, including data for approvers and approver roles. This file is located in the C:\ORMHome_1\samples\sample_data directory.
The contents of the sample_data.dar file are loaded into Oracle Role Manager:
Linda loaded files, containing sample permissions and data, into Oracle Role Manager. She is ready to create an approver role in Oracle Role Manager and assign approvers to this role.
In the previous section of this OBE, Linda loaded permissions and data she requires to create roles and users in Oracle Role Manager, including approver roles and approvers. She is ready to create an approver role in Oracle Role Manager and assign approvers to this role.
An approver is a user who authorizes a workflow request or a single step within a multiple-step workflow request in Oracle Role Manager. An approver role is a collection of approvers. That is, an approver role is a container that holds approvers.
Approver roles use membership rules (known as approver rules). Approver rules are used to determine who can approve a workflow request to provision users with resources. For example, Linda can create an approver role to approve resources assigned to the partners of Mydo Main Corporation. Then, she can create an approver rule to assign all Oracle Role Manager users with a job title of Manager to be approvers for the role. When this rule is run, Oracle Role Manager retrieves the approvers from its database.
To create an approver role and assign approvers to this role,
perform the following steps:
1.
Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:
localhost (Oracle Database, JBoss Application Server, and Oracle Role Manager reside on the same computer.)
8087 (the port number for JBoss Application Server)
webui (A literal that is case-sensitive.)
As a result, the URL should have the following naming convention:
http://localhost:8087/webui
2.
Populate the fields of the Oracle Role Manager login page, as follows (and click Sign In):
Field
Value
User ID
admin
Password
dead_line1
Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. Also, the password in encrypted for security purposes.
The Home page of Oracle Role Manager appears:
3.
On the Oracle Role Manager navigation bar, click Roles.
4.
On the Oracle Role Manager subnavigation bar, click Approver Roles.
Note: Linda clicks Roles on the navigation bar and Approver Roles on the subnavigation bar because she is creating a role for an approver.
5.
On the left pane, expand the Office of the CEO node. Then, expand the Office of the EVP node. Next, expand the Business Development node. The Partnerships item appears.
Note: For this OBE, Linda is to create a role to approve resources assigned to the partners of Mydo Main Corporation. Also, the existing approver roles correspond to data Linda uploaded into Oracle Role Manager in the section of this OBE titled Loading Sample Permissions and Data.
6.
Right-click the Partnerships item. Select New Approver Role from the popup menu that appears.
7.
Populate the fields of the New Approver Role page, as follows (and click Submit):
Field
Description
Display Name
The name of the approver role. For this OBE, the name of the role is Partnership Approver.
Description
Explanatory information about the approver role. For this OBE, Linda enters "Approver role for partners of Mydo Main." into the Description field.
Status
The status of the approver role. For this OBE, set the status of the role to be Active.
Owner
The owner of the approver role. For this OBE, specify Beckie Champagne as the owner of this role (by clicking Edit, selecting the user from the Search for Person window that appears, and clicking OK).
Administrative Organization
The organization to which the approver role must belong. For this OBE, specify Partnerships as the administrative organization for this role (by clicking Edit, selecting the organization from the Search for Organization window that appears, and clicking OK).
A message appears, indicating the approver role is created.
Linda created the Partnership Approver role. She is ready to assign approvers to this role. For this OBE, Linda assigns all Oracle Role Manager users with a job title of Manager to be approvers for the Partnership Approver role.
8.
On the left pane, select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes). Click the magnifying glass that appears to the right of the approver role Linda created in this procedure (the Partnership Approver role).
9.
On the Approver Role: Partnership Approver page, click the Grant Policy tab.
10.
Enter the following code in the text area of the Grant Policy tab (and click Submit):
Note: By entering this code into the text area of the Grant Policy tab, Linda creates an approver rule. Oracle Role Manager uses this rule to assign all users with a job title of Manager to be approvers for the Partnership Approver role.
A message appears, indicating the approver role is updated.
Tip: To verify that approvers are assigned to the Partnership Approver role:
Select the Partnerships item (by expanding the Office of the CEO, Office of the EVP, and Business Development nodes).
Click the magnifying glass that appears to the right of the approver role.
On the Approver Role: Partnership Approver page, click the Members tab.
On the Members tab, click Search.
The approvers assigned to the Partnership Approver role appear.
Linda loaded sample permissions and data into Oracle Role Manager. She used this information to create an approver role for Oracle Role Manager and assign approvers to this role.
Bookmark
Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
