8 Managing Profile 8-1 8 Managing Profile The Profile page enables you to view and modify personal details. The actions that you perform while managing a user profile are determined by the authorization policies defined for Self Service User Management. These authorization policies are defined for Oracle Identity Manager and stored in Oracle Entitlements Server OES. All authorization privileges are controlled by authorization policies. Every privilege that is granted is validated to check if you have the permission to use it. Table 8 1 lists the privileges for profile management operations: To view the Profile section: 1. Login to Oracle Identity Manager Self Service. Table 8 1 Profile Management Privileges Privilege Description VIEW_USER_DETAILS This privilege determines if you have the ability to view the user profile attributes in the Attributes tab of the My Profile page. This privilege supports fine-grained attribute level controls, which allows you to select the specific attributes that apply to that operation. MODIFY_USER_DETAILS This privilege determines if you have the ability to modify the user profile attributes in the Attributes tab of the My Profile page. This privilege supports fine-grained attribute level controls, which allows you to select the specific attributes that apply to that operation. If you have view and modify privileges for an attribute, it will be shown as an editable attribute on the My Profile page. If you have the view privilege only for an attribute, then it will be shown as a read-only attribute on the My Profile page. MODIFY_SELF_USER_PRO XY_PROFILE This privilege determines if you have the ability to add, modify, and remove a proxy in the Proxies tab of the My Profile page. See Also: ■ Chapter 15, Managing Authorization Policies for details on authorization policies and authorization for profile attributes ■ Chapter 17, Managing Request Templates for information about request templates ■ Configuring Requests in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for information about request datasets 8-2 Oracle Fusion Middleware Users Guide for Oracle Identity Manager

2. Click the Profile tab.

The Profile page has the following sections: ■ Managing Profile Attributes ■ Managing Role Assignments ■ Managing Resource Profile ■ Managing Proxies ■ Managing Security ■ Resetting Forgotten Password

8.1 Managing Profile Attributes

The first tab of the My Profile page is the Attributes tab. This tab displays the users profile attributes. The attributes that are displayed are controlled by field-level authorization policies that determine which profile attributes are visible to self. By default, all the profile attributes are visible to the user. Any new attribute added for the user entity is by default set to be hidden from the user until explicitly made visible. The access to the profile attributes is controlled by authorization policies. For more information about the authorization policies for this feature, see Authenticated User Self Service on page 15-17. In addition, field-level authorizations determine if the attributes are editable or not by self. Editable attributes are displayed in editable text boxes or appropriate UI widgets, such as lookup fields. You can provide new values and click the Apply button to submit a change. When the profile update is submitted, request is created for modification of all attributes: ■ The attributes for which a request is raised are displayed and along with a tracking number for the request. Workflow rules determine the approval workflow to start and obtain approval before allowing the changes in attributes. The status of the request can be seen on the Requests tab of the self-service page. For more information about request tab and Modify User request, see Chapter 10, Managing Requests . ■ The Preferences section on the Attributes tab provides access to user preferences. Using this option, you can set your preferences on how you expect the product to behave. The user preferences in Oracle Identity Manager are attributes stored as part of the users profile. By default, the following attributes are shown on the UI: ■ Locale: You can select the language preference for notification messages based on the languages supported by Oracle Identity Manager. The administrator defines the languages supported by installation as part of the deployment configuration. You can only select from the limited set of languages configured for the deployment. Managing Profile 8-3 ■ Time Zone: You can specify the time zone in which all data is displayed.

8.2 Managing Role Assignments

The Roles tab displays the roles of which you are a member, directly or indirectly. It displays the following information: ■ Role Display Name: Displays the role name. ■ Description: Displays the description of the role. ■ Membership Type: Displays the membership type, either direct role or indirect role. ■ Assigned Date: Displays the date on which you are assigned to a role. The tab also provides options to start the following role management operations: ■ Requesting Roles ■ Removing Roles

8.2.1 Requesting Roles

To request a role:

1. Go to My Profile, Roles.

2. From the Actions list, select Request Role. The Select Roles page of the Request

Role wizard is displayed. The roles those are made available for the end user in the list of roles on Request Roles page are the result of intersection of the roles Note: In Oracle Identity Manager 11g release 1 11.1.1.4, the language preference of the user for the UI is not set according to the locale specified by the user in the Preferences section of the Self Service. The UI locale is determined as described in Setting the Language for Users in the Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager. Note: ■ Other default attributes can be added by modifying the user profile in the self service user management administration policy in Oracle Identity Administration. A custom policy needs to be created to view and modify other attributes in my profile. ■ User-defined fields UDFs can be added by creating a policy and adding attributes in the self service user management administration policy in Oracle Identity Administration. To add the User defined attributes for view or modification under the Attributes tab, these UDFs need to be added to the modify user request dataset for self service. See Configuring Requests in the Fusion Middleware Developers Guide for Oracle Identity Manager for information about request datasets. In addition, a custom policy needs to be created under self service user management to grant permission to view andor modify these attributes. For details on authorization policies, see Creating and Managing Authorization Policies on page 15-2. 8-4 Oracle Fusion Middleware Users Guide for Oracle Identity Manager provided in the request template and roles for which the user has search permission. 3. In the Role Name field, enter the name of the role that you want to request. You can also search for roles based on role name andor role display name by using the icon next to the Role Name field to display a list of available roles. 4. From the Available Roles list, select one or more roles that you want to request, and then click the Move icon to include the roles in the Selected Roles list.

5. Click Next. The Justification page is displayed.

6. Enter values in the Effective Date and Justification fields to specify the date from which the role is to be active and a comment to justify the request respectively.

7. Click Finish. You can view the status of the request on the Requests tab of Oracle

Identity Manager Self Service. See Chapter 10, Managing Requests for the detailed information about request statuses.

8.2.2 Removing Roles

To remove a role:

1. Go to My Profile, Roles. A list of roles is displayed in a table.

2. Select a role to be removed in the table and from the Actions list, select Remove

Role . The Select Roles page of the Remove Role wizard is displayed. 3. In the Role Name box, enter the name of the role that you want to remove. You can also search for the role names by using the icon next to the Role Name field to display a list of available roles. 4. From the Available Roles list, select one or more roles that you want to remove, and then click the Move icon to include the roles in the Selected Roles list. This step is applicable only if a custom request template is configured for the self remove roles operation, and the user selects one of the templates.

5. Click Next. The Justification page is displayed.

6. Enter values in the Effective Date and Justification fields to specify the date from which the role is to be removed and a comments to justify the removal respectively.

7. Click Finish. The status of the request can be seen on the Requests tab of the

self-service page. For more information about request tab, see Chapter 10, Managing Requests . Note: If you have access to any other request template other than default request templates, then you will be prompted to select a template. This step is skipped if you have access only to pre-defined templates. Note: If you have access to any other request template other than default request templates, then you will be prompted to select a request template. This step is skipped if you have access only to default request templates.