This post covers topic 5 (Part I) of certification 1Z1-459 Oracle Identity Governance Suite 11g Essentials i.e. Approval workflows and Requests Configuration
Topic 5 Approval workflows and Requests Configuration of certification 1Z1-459 contains following sub topics
5.1 Describe Workflow and SOA composites development using Jdeveloper and WF Composer
5.2 Create approval workflows for serial and parallel approvals
5.3 Describe Request related artifacts like datasets and profiles
5.4 Describe approval policies, approval selection methodology
5.5 Configure request for accounts and entitlements
Oracle Identity Manager (OIM) let users to request entities like roles, resources, or entitlements. OIM also enables administrator to approve or deny these requests.
1. Request : is an entity (or task) created by user in OIM to perform an action that requires permission to be approved before that action can be performed. For example request can be “granting a role to a user” or “creating a user” or “assign a resource to a user” in OIM.
2. Types of Requests : Requests in OIM are mainly of five types
a) User Management – create user, modify user etc are requests of type user management
b) Role Management – create role, modify role, assign role etc are requests of type role management
c) Account Management – enable account, disable account, modify account etc are request of type account management
d) Entitlement Management – provision entitlement and revoke entitlement are request of type entitlement management
e) Provisioning – “provision application instance” and “access policy based application instance provisioning” are requests of type Provisioning
More in detail about Request Types in Managing Requests in OIM Users Guide
3. Types of approval workflow associated with Requests: A request can contain two types of approval workflows
a) Request-level workflow : This type of approval workflow contains high-level information associated with “entire request”
b) Operation-level workflow : This type of approval workflow is associated with operation (create user, provision resource, ) that Identity Manager is to grant to a user through request.
Note: Request-level approval workflow is initiated first and then Operational-level approval workflow is initiated for a request.
4. Stages of request : Each request goes through specific lifecycle after request is created in OIM.
b) Obtaining approval
–ba) Waiting for Request-Level Approval
–bb) Waiting for Operational-Level Approval
e) Operation Initiated
5. Request can have following type of users
a) Requester : User/system who raises a request. Request can be raised by system based on access policy ()
b) Beneficiary : User for whom this request is being created. Requester can request for him/her self or for others
c) Request-Level Approvers : User who approves request at request-level
d) Operation-Level Approvers : User who approves request at operation-level
6. Components that make up a request :
a) Request User – Requester , Beneficiary, Approvers (Request-Level and Operation-Level)
b) Target Entity – is entity like Role, Organization, Resource, or Entitlement for which request is being made
Request can also optionally have
c) Approval Policies – Approval policy associates a request with approval workflow (request-level and operation-level). There can be multiple approval policies for a request.
d) Email Notification – Information about event occurring in requests life cycle are sent to requester, beneficiary, approvers etc via email notification
7. Request-level approval and Operation-level approval workflows are deployed as SOA composites on SOA servers.
8. SOA composite for OIM is an application deployed on SOA server and registered with OIM server. More on SOA composite and Workflow in OIM at OIM Developer Guide – Developing Workflows for Approval and Manual Provisioning
9. You can deploy SOA composites using Jdeveloper (IDE) or ANT script . More on
10. Request Catalog : contains entities (roles, application instances, and entitlements) that user can request in Oracle Identity Manager .
11. Request Cart: contains list of items that user can select from request catalog.