Managing Organizations 13-13 a. In the Browse tab on the left pane, select an organization. From the Actions menu, select Open.

b. In the organization detail page, click Permitted Resources.

c. In the Permitted Resources page, select the resources and click Update.

Figure 13–9 shows the Assign Permitted Resources page. Figure 13–9 Assign Permitted Resources

13.2.8 Deleting an Organization

To delete an organization:

1. In the advanced search result for organizations, select the organization that you

want to delete.

2. From the Actions menu, select Delete. A message is displayed asking for

confirmation. Alternatively, in the simple search result for organizations, select Delete from the Actions menu. Otherwise, in the Browse tab, select Delete from the Actions menu, or on the organization details page, click Delete Organization.

3. Click OK to confirm. A message is displayed stating that the organization is

successfully deleted. Note: ■ You cannot delete organizations with child orgs or users. You can force delete it only by setting the system property ORG.DISABLEDELETEACTIONENABLED to true. Once you set the property, the users and sub orgs will be deleted while deleting the parent org. ■ You can delete an organization only if you have the Delete permission for that organization. ■ The deleted record would still exist in the database, marked deleted. 13-14 Oracle Fusion Middleware Users Guide for Oracle Identity Manager

4. Click OK.

13.3 Organization Management Authorization

Authorization of the organization management feature is based on organization administrative roles. The following sets of distinct permissions is required by a role to manage an organization: ■ The role must have the following data object permission on organization entities: – Insert - This enables the user with this role to create new organizations and manage them. – EnableDisableUpdate These permissions are not specific to a particular organization. ■ When role is assigned as an administrative role for an organization, the following permissions are required: – Read and View permissions are implicit by virtue of being administrative role – Write – Delete These permissions are configured per organization. Permission to get access to Oracle Identity Manager Administration from Oracle Identity Manager Self Service is governed by menu item permissions. When the user has access to Oracle Identity Manager Administration, the user is allowed to browse users, roles, and organizations. Second level menus for edit, view, and delete actions on user and role entities are derived from the OES policies, such as create, update, delete on user and role respectively. Similarly, second level menus to edit, view, and delete organizations is derived from orgadmin role and data-object permissions on organization entity type. In Oracle Identity Manager 11g Release 1 11.1.1, delegated administration permissions are managed by using Oracle Entitlements Server OES authorization policies. These OES policies for user management can be used to control: ■ Under which organizations you can create or modify users ■ Data constraints can specify that you can change users in a set of organizations with or without hierarchy. Together these capabilities give us the delegated administrative model. To configure a delegated administrator for an organization: 1. Define a custom authorization policy to manage users and set organization constraints. Organization constraints can be hierarchy aware. See Creating Custom Authorization Policies on page 15-5 for information about creating custom authorization policies and setting data constraints. 2. Add the user to the role specified in the custom policy. See Adding and Removing Roles on page 11-41 for information about adding a user to a role. See Also: Chapter 15, Managing Authorization Policies for information about OES authorization policies