17 Managing Request Templates 17-1 17 Managing Request Templates A request template lets you customize a request type for a purpose. In other words, it allows you to control the attributes of the request by controlling the various capabilities in the UI. For instance, if you want to create requests for user creation for all contract employees and specify an attribute to have a particular value, then you can customize the Create User request type to create a request template that allows customization of the request. By creating the request template, you can specify that the organization for all employees must be XYZ Inc. or the user type of all contract employees must be Part-time Employee. Access to templates for request creation is based on the role assignment defined in the template. After creation of a request template, it is available only to the users with the roles that are assigned to the template. A default template is shipped predefined for each of the request type. These predefined templates can not be deleted or renamed. Names of these predefined templates is same as corresponding models. You can use a request template for the following purposes: ■ Adding template-level approval: You can add an additional level of approval apart from request-level and operation-level while creating the template. ■ Adding restrictions: This includes: – Adding entity restrictions: You can specify restrictions of the entity types that can be selected through the request templates. For example, a template for Provisioning Resource request type might specify a number of valid resources that can be selected by using this template. This limits the use of the template to specific type of entities in case of generic requests. For example, the template defined on provisioning request type may specify that this template can only be used for Active Directory, Exchange, and UNIX resources. – Restricting data values for an attribute: If you specify a value for attributes, then the default value of the attribute is set, and the attribute is not displayed Note: If no entity type is restricted in the template, then all the available entity types are shown to the requester while creating the request by using this template. However, the data to be collected during various phases of the request lifecycle is controlled by request datasets. See Step1: Creating a Request Dataset for the Resources in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for information about request datasets. 17-2 Oracle Fusion Middleware Users Guide for Oracle Identity Manager in the UI. On specifying multiple such values, the values are available to the user as List of Values LOV, from which the user can select a value. Attribute restriction can be of the following types: Specifying a default value to an attribute in the request template. During the request creation using this template, this attribute is not shown to the requester. This attribute and the corresponding value is set automatically in the request data. Restricting an attribute with multiple values in request template. On specifying multiple such values, the values are available to the requester as List of Values LOV, from which the requester can select a value during the request creation by using this template. Restricting an attribute with no value in request template, by selecting the Do not allow users to enter values for this attribute option. This type of restriction is allowed only for the nonmandatory attributes. With this restriction, during the request creation by using this template, this attribute is not shown to the requester. This attribute will not be part of request data. ■ Adding additional data collection attributes: These attributes are not associated with any entity. Data collected by using such mechanism cannot be used during request execution. However, it can be used for reporting purpose, validations on the request, and postsubmission data action handlers. You can define new attributes in a request template that are shown to the requester during request creation in the additional data collection step. These attributes are specific to this template and are not associated with any entity. ■ Assigning roles to template to restrict the use by end users: Only the members of the appropriate roles assigned to the template can create a request by using that template. To summarize, the following are achieved by using the request template: ■ The restricted entity types can be specified. ■ The restricted attributes that are not required to be collected as a part of the request for the entity can be specified. ■ The attribute can be restricted to one value or list of values. If only one value is specified, then the attribute is not shown to the requester while submitting the request. If a list of values is specified, then the requester has to select one value from the list of values. ■ Additional data collection attributes can be specified. ■ Roles can be assigned to templates to restrict the use by end users. The template management service internally uses Oracle Entitlements Server OES for determining who can perform what operations. The OES policy for request template authorization specifies that only users with the REQUEST TEMPLATE ADMINISTRATORS role are authorized to create or clone, search, modify, and delete request templates. See Request Creation By Using Request Templates on page 15-26 for information about the authorization policy for request templates. This section discusses the following topics: ■ Creating Request Templates ■ Searching and Modifying Request Templates