IDM 11gR2 changes/new features : OIM Catalog to create Accounts (Application Instances, Roles, Entitlements)
This post is fourth in series “Oracle Identity Management 11gr2 changes/new features” and covers new feature Catalog used during a provisioning operation (creating account in application like AD or EBS integrated with OIM). Users request the Application Instances, Entitlement, and Roles through the Catalog (aka Access Request Catalog).
For other new features in Oracle IdM 11gR2 like new console (System Administration) click here, Sandboxes here, and Applications Instances here.
1. Access Request Catalog (or Catalog) is a web based interface that allows business users to request Roles, Application Instance, and Entitlements (within applications).
2. Catalog Items – Roles , Application Instance and Entitlements that can be requested via catalog are called as catalog items
3. Category – Each catalog item is associated with one and only one category. Catalog Administrators can provide a value for catalog item.
4. Tags (very important in searching catalog) – are search keywords. When users search the Access Request Catalog, the search is performed against the tags. Tags are of three types
a) Auto-generated Tags: The Catalog synchronization process auto-tags the Catalog Item using the Item Type, Item Name and Item Display Name
b) User-defined Tags: User-defined Tags are additional keywords entered by the Catalog Administrator (check images below).
c) Arbitrary Tags: While defining a metadata if user has marked that metadata as searchable, then that will also be part of tags.
Note: Catalog uses “Oracle Text” option in Oracle database for text search capabilities.
5. Catalog Administrator is a global role (not assigned to Organization) that grants privileges to manage and load catalog.
Note: Users with System Administrators role (like xelsysadm) can also load & manage Catalog.
To access role Catalog Administrator : /sysadmin -> Organizations -> Top -> Admin Roles
6. Catalog Synchronization Job is a scheduled job that loads roles, application instances, and entitlements in catalog. Run the Catalog Synchronization Job scheduled job to populate catalog (Role are added into catalog immediately and does not need Job Catalaog Synchronization)
7. Tagging capabilities for catalog item allow business users to specify alternate terms to be used to search for the specific access. To add tag to a catalog item (Application Instance, Roles, Entitlements), search catalog and select catalog item. select catalog item and add tag under user defined.
References/Related
- Managing Access Request Catalog in OIM Admin Guide