15-2 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager The values that you provide on the Organizational Defaults tab become the default values for all users in the organization. Oracle recommends that you do not specify default values for passwords and encrypted parameters. Figure 15–1 shows the Organizational Defaults form. Figure 15–1 Organizational Default Form Table 15–1 describes the fields of the Organizational Default form.

15.3 Viewing Resources Allowed or Disallowed for Users

You use the Policy History form to view information about the resources that are allowed or disallowed for a user. There are two types of users in Oracle Identity Manager: ■ End-user administrators : This user can access Oracle Identity Manager Design Console and the Oracle Identity Manager Administrative and User Console. The system administrator sets permissions to enable end-user administrators to access a subset of the forms in Oracle Identity Manager Design Console. ■ End-users : This user can access only the Oracle Identity Manager Administrative and User Console and generally has fewer permissions than end-user administrators. Only resource objects that are defined as self-service on the Objects Allowed tab of the users organization are available for provisioning requests by using the Oracle Identity Manager Administrative and User Console. Table 15–2 shows this form. Table 15–1 Fields of the Organizational Defaults Form Field Name Description Organization Name Name of the organization. Type The classification type of the organization, for example, Company, Department, Branch. Status The current status of the organization Active, Disabled, or Deleted. Parent Organization The organization to which this organization belongs. If a parent organization is displayed in this field, this organization is displayed on the Sub Organizations tab for the parent organization. If this field is empty, this organization is a top-level organization. Managing Identity and Resource Information 15-3 Figure 15–2 Policy History Form Table 15–2 describes the fields of the Policy History form.

15.3.1 Policy History Tab

Use this tab to view resource objects that are allowed or disallowed for a user, based on the following: ■ Access policies for the user group to which the user belongs ■ Resource objects that are allowed by the organization to which the user belongs The Policy History tab contains a Display Selection region. To organize the contents of this tab, go to the uppermost box in this region and select an item from one of its menus, as follows: ■ Resource Policy Summary : Displays resource objects that are allowed or disallowed based on the users organization and applicable access policies. Table 15–2 Fields of the Policy History Form Field Name Description User ID The users Oracle Identity Manager login ID. First Name The users first name. Middle Name The users middle name. Last Name The users last name. Email Address The users e-mail address. Start Date The date on which the users account will be activated. Status The current status of the user Active, Disabled, or Deleted. Organization The organization to which the user belongs. User Type The users classification status. Valid options are End-User and End-User Administrator. Only end-user administrators have access to Oracle Identity Manager Design Console. Employee Type The employment status of the user at the parent organization for example, full-time, part-time, intern, and so on. Manager ID The users manager. End Date The date on which the users account will be deactivated. Created on The date and time when the user record was created. 15-4 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager ■ Not Allowed by Org : Displays only resource objects that are disallowed, based on the users organization. ■ Resources by Policy : Displays a second box that contains the access policies for the user groups to which the user is a member. Select an access policy from this box to display the resource objects that are allowed or disallowed for the user, based on this access policy. A tracking system enables you to view resources that are allowed or disallowed for a user, based on the organizations the user is a member of and the access policies that apply to the user. The resource objects that are allowed for the user are displayed in the Resources Allowed list. This list represents resource objects that can be provisioned for the user. It does not represent the resource objects that are provisioned for the user. The resource objects that are disallowed for the user are displayed in the Resources Not Allowed list. To view the tracking system: 1. Go to the Policy History tab. 2. Find the Display Selection region on this tab.

3. Click Policy History.

From the User Policy Profile History window, you can view resources that are allowed or disallowed for a user for the date and time you selected, as follows: ■ From the History Date box, you can select a date. ■ From the Display Type box, you can display resources that are allowed or disallowed based on the organizations the user is a member of, the access policies that apply to the user, or both. ■ From the Policy box, you can display the access policy that determines what resource objects are allowed or disallowed for the user.

15.4 Assigning Role Entitlements

The Group Entitlements form is displayed in the User Management folder. You use it to create and move forms, and to designate the forms and folders that members of a role can access through the Explorer. To designate forms and folders to roles by using the Group Entitlements form:

1. In the Explorer, double-click Group Entitlements.

The User Group Information page is displayed, as shown in Figure 15–3 :