15-18 Oracle Fusion Middleware Users Guide for Oracle Identity Manager If the user has view and modify privileges for an attribute, then the attribute is displayed as editable on the My Profile page. If the attribute has view permission only, then it is displayed as read-only. The request to modify self profile is submitted by using the Modify Self Profile request template. The request dataset for this request template is the same as that for the Modify User request template. To display additional attributes on the users profile: 1. Create a custom self service authorization policy with view andor modify user profile permission having default or custom additional attributes. See Creating Custom Authorization Policies on page 15-5 for information about creating custom authorization policies. 2. Assign the custom authorization policy to the All Users and System Administrators roles because the administrator user does not have All Users role by default. 3. If the additional attribute is set to modify user profile permission in the policy, then update the request dataset for the Modify Self Profile, that is, ModifyUserDataset.xml to include the attribute. The entry in dataset is made for the attribute to be rendered on the Modify Self Profile page.

15.3.2.2 Authorization for Role Requests

There is no permission defined for requesting and viewing roles as self service operations. However, while requesting for roles, only those request templates are displayed that the user is authorized to access. The request management feature controls this. While searching for roles during the request operation, the user is allowed to select from only those roles that the user is authorized to search and view. This is controlled by role management policies. The roles available for the user in the list of roles on the Request Roles page are the result of intersection of the roles provided in the request template and roles that the user has search permission for. For example, if the request template has roles Role1, Role2, and Role3 and the user has search permission on Role2 and Role3, then Role2 and Role3 are displayed in the list of roles. Similarly, if the user has search permission over Role1, Role2, and Role3 and the request template has roles Role2 and Role3, then Role2 and Role3 are displayed in the list of roles. The user can request for all the roles for which the user has search permission. This is controlled by general authorization policy defined by role management. While creating a request for a role, the user must search and select the roles.

15.3.2.3 Authorization for Resource Requests

There is no permission defined for requesting and viewing resources as self service operations. However, for requesting and viewing resources, the resource must be configured so that self requesting for that resource is allowed. This is done by selecting the Self Request Allowed option in the Resource Objects form in Oracle Identity Manager Design Console. See Also: Configuring Requests in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for detailed information about requests models, request templates, and request datasets Note: Ensure that the additional attribute has the visible property set.