Skip Headers
Oracle® Fusion Middleware User's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)
Part Number E14316-04
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

17 Managing Request Templates

A request template lets you customize a request type for a purpose. In other words, it allows you to control the attributes of the request by controlling the various capabilities in the UI. For instance, if you want to create requests for user creation for all contract employees and specify an attribute to have a particular value, then you can customize the Create User request type to create a request template that allows customization of the request. By creating the request template, you can specify that the middle name of all contract employees must be contract, or the user type must be specified as Part-time Employee.

Access to templates is based on the role assignment defined in the template. After creation of a request template, it is available only to the users with the roles that are assigned to the template.

A default template is shipped predefined for each of the request type. These predefined templates can not be deleted or renamed. Names of these predefined templates is same as corresponding models.

You can use a request template for the following purposes:

To summarize, the following are achieved by using the request template:

The template management service internally uses Oracle Entitlements Server (OES) for determining who can perform what operations. The OES policy for request template authorization specifies that only users with the REQUEST TEMPLATE ADMINISTRATORS role are authorized to create or clone, search, modify, and delete request templates. See ""Request Creation By Using Request Templates"" for information about the authorization policy for request templates.

This section discusses the following topics:

17.1 Creating Request Templates

As a user belonging to the REQUEST TEMPLATE ADMINISTRATORS role, you can create a request template by using the Create Request Template wizard in the UI for request management. Steps in the wizard are dynamically generated based on the selection of the request type in the first step and the selection of resource for resource-based request types.

Creation of request templates is described with the help of the following scenarios:

17.1.1 Creating a Request Template Based on the Create User Request Type

To create a request template based on the Create User request type:

  1. Log in to Oracle Identity Manager Administrative and User Console with credentials that have the permission to create a request template.

    Note:

    The user who is a member of the REQUEST TEMPLATE ADMINISTRATORS role is allowed to create a request template. If the appropriate role is not assigned to the user, then the required UI options for creating a request template will not be available to the user.

  2. Click Advanced to open Oracle Identity Manager Advanced Administration.

  3. Click the Configuration tab, and then click Request Templates. Alternatively, you click the Search Request Templates link under Configuration in the Welcome page.

  4. On the left pane, from the Actions menu, select Create. Alternatively, you can click the Create Request Template icon on the toolbar. The Set request template details page of the Create Request Template wizard is displayed.

  5. Enter values for the following fields, and then click Next.

    • Request Template Name: Enter the name of the template that you want to create, for example, Create Contractor.

    • Request Type: Specify the type of request for which you want to create the request template, for example, Create User. Click the icon next to the field to select from the list of model types.

    • Description: Enter a description for the request template that you are creating.

    • Template Level Approval Process: Specify the approval workflow name if you want to specify an approval process for the Create User request. This is a template-level approval in addition to the request-level and operation-level approvals. For creating users for contract employees, you can specify that the HR representative, who is responsible for the recruitment of all contract employees, must approve the user creation. For more information about approval-levels, see "Approval Levels" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

      See Also:

      "Chapter 25: Configuring Workflows" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about default approval processes

  6. On the Select Attributes to Restrict page, select the attributes of the Create User type for which you want the user to enter values. This page displays the attributes based on the dataset for Create User request type. If a request is created by using the Create User request template, then you can specify values for all these default attributes. If you want to restrict some of these attributes and want the user to enter values for a few attributes, then you can select those attributes in this page. For example, you can select Middle Name because a value for this attribute must be specified. In this example, you can select the Middle Name, Organization, User Type, User Manager, and Country attributes.

    Note:

    • Even if a dataset attribute is configured with a PrePopulationAdapter, it can be restricted in a request template. In such case, pre-population will not happen and the values restricted in template will be shown in Request creation UI. Hence, if pre-population is required for an attribute, it should not be restricted in the template.

    • As mentioned earlier in this section, the steps in the wizard are dynamically generated based on the request type and the resource selection for resource-based request types. The steps are indicated on the top of the tab.

  7. On the Set Attribute Restrictions page, specify restrictions on the attributes that you selected in the Select Attributes to Restrict page. To specify restrictions:

    Note:

    This step is generated only if there are any attributes specified in the corresponding request data set.

    1. For the middle name attribute, select any one of the following:

      - Do not allow users to enter values for this attribute: Select this option if you do not want the user to specify a value for the attribute. On selecting this option, the attribute will not be displayed in the UI when creating the user. This option is not displayed for a mandatory attribute because a value must be specified for this attribute.

      - Restrict this attribute to the following values: Select this option if you want to specify one or more values for the attribute. For the middle name attribute, if you specify a value, such as Contractor, then the default value of the attribute is set to Contractor, and the attribute is not displayed in the UI when creating the user. You can also specify multiple values for the attribute by using the + (plus) icon. On specifying multiple values, the values are available to the user as List of Values (LOV) when creating the user, from which the user can select a value.

      Tip:

      These options are displayed for the Middle Name attribute because the attribute is specified as a text box in the request dataset. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

    2. Specify one or more values for the Organization attribute. To do so, click the search icon next to the Organization field, select one or more organization names from the Available Organizations list, and clicking the Move or Move All buttons.

      Tip:

      The Organization attribute is displayed as a field for which you must select a value by searching the existing organization names because this attribute is specified as an entity in the request dataset. This is a dynamic LOV because organizations can be created in Oracle Identity Manager. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

    3. Specify a value for the User Type attribute. To do so, select one or more values from the Available User Type list, and click the Move or Move All buttons.

      Tip:

      The User Type attribute is displayed as a static LOV because this attribute is specified as a static LOV in the request dataset. This is a static LOV because the user must select from the available user types and cannot create new user types. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

    4. Specify values for the User Manager and Country attributes, and click Next.

    Note:

    Steps 5, 6, and 7 are common for all request templates creation.

  8. On the Set Additional Attributes page, you can specify additional information about attributes, which need to be collected based on the template that you are creating but are not used for the purpose of entity mapping. These additional attributes are specified for the purpose of request tracking.

    Note:

    The Additional Attribute Data is not used during request execution. This data is also not displayed to the approver.

    In this example, specify date of birth as the additional attribute name. Select the Data Type as Number and Display Type as Text Field, and then click Add. You can specify multiple attributes by clicking the Add button. When finished, click Next.

    See Also:

    "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for more information about the additional attributes that are not mapped to the underlying Oracle Identity Manager entity

  9. On the Set Template User Roles page, you can select one or more roles, for example, AD Administrators, whose members are allowed to create requests by using the template that is being created. In this example, from the Available Roles list, select IT RESOURCE ADMINISTRATORS and ATTESTATION CONFIGURATION ADMINISTRATORS. Click Move to include the selected roles in the Selected Roles list, and then click Next.

    Note:

    Only members of the selected roles are allowed to create requests using the request template. This is governed by the authorization policy for creating requests by using request templates. See ""Request Creation By Using Request Templates" for information about creating a request by using request templates.

  10. On the Review Request Template Summary page, review the data that have been entered up to this point, and then click Finish.

  11. Click OK to confirm the template creation.

In the Create Request Template wizard, the following steps are common irrespective of the request type that you select or the request dataset that you define:

  • Request details to be specified in the Set request template details page. See step 5 in the create request templates.

  • Setting additional attributes in the Set Additional Attributes page. See step 8.

  • Setting roles for the template in the Set Template User Roles page. See step 9.

  • Request summary information in the Review Request Template Summary page. See step 10.

17.1.2 Creating a Request Template Based on the Provisioning Resource Request Type

Provision Resource is the default request type or template for provisioning resources to users. But if you want to create a request template to provision a specific resource to users, then you can create a request template, which is based on the Provision Resource request type.

To create a request template based on the Provisioning Resource request type:

  1. In Oracle Identity Manager Advanced Administration, click the Configuration tab, and then click the Request Templates tab. Alternatively, you click the Search Request Templates link under Configuration in the Welcome page.

    Note:

    The user who is a member of the REQUEST TEMPLATE ADMINISTRATORS role is allowed to create a request template. If the appropriate role is not assigned to the user, then the required UI options for creating a request template will not be available to the user.

  2. On the left pane, from the Actions menu, select Create. Alternatively, you can click the Create a Request Template icon on the toolbar. The Set request template details page of the Create Request Template wizard is displayed.

  3. In the Request Template Name field, enter the name of the request template, for example, Provision E-Business Resource.

  4. In the Request Type field, search for a request type by clicking the search icon next to the field. Select Provision Resource, and click Confirm.

    Note:

    When you select the request type, the steps in the wizard are dynamically generated and are displayed on the top of the Create Request Template tab.

  5. In the Approval Process field, enter the name of the approval workflow. For information about this field, see step 4 of "Creating a Request Template Based on the Create User Request Type". Then, click Next.

  6. In the Select Allowed Resources page, click Search to search for all the available resources.

  7. From the Available Resources list, select one or more resources, and then click Move or Move All to include the selected resources in the Selected Resources list. In this example, select the E-Business RO resource, and then click Next.

    Note:

    • When you create the request, only the resources that you select in this step are displayed. If you do not select a resource here, then all the resources in Oracle Identity Manager are displayed while creating the request.

    • If no entity type is restricted in the template, then all the available entity types are shown to the requester while creating request using this template.

  8. In the Select Attributes to Restrict page, select the attributes associated with the E-Business resource that you want to restrict. These attributes are defined in the request dataset for provisioning the E-Business resource. See "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for more information about attributes.

    If you select multiple resources in the Select Allowed Resources page, then the attributes associated with all the resources are displayed in the Select Attributes to Restrict page. Select the attributes for all the resources that you want to restrict, and then click Next.

  9. In the Set Attribute Restrictions page, specify values for the attributes whose values you want to restrict. For example, for the model attribute, select the Do not allow users to enter values for this attribute option if you do not want the user to specify a value for the attribute. Otherwise, select the Restrict the attribute to the following values option and specify one or more values for the model attribute. For information about these options and setting restrictions for attributes, see "Creating a Request Template Based on the Create User Request Type".

    Note that the Do not allow users to enter values for this attribute option is not available for the Server and Life Span Type attributes. This is because these attributes are specified as required in the request dataset. For information about the required property, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

    Select restriction values for all the attributes, and then click Next.

    Tip:

    If you are creating a request template for a request to provision multiple resources to users, click the Next Resource and Previous Resource buttons to set attribute restrictions for all the resources.

    Note:

    Attributes coming up as shuttle on attribute restrictions page will show upto 200 results at a time. You need to provide appropriate search pattern to get relevant search results.

  10. Perform steps 8 through 10 of the procedure in "Creating a Request Template Based on the Create User Request Type" to complete the wizard.

    Note:

    In the Create Request Template wizard, the steps to select resources and set attribute restrictions vary based on the request type. The rest of the steps are similar.

While creating a request template, if you select a resource that does not have a request dataset defined, then you are not allowed to restrict the attributes to collect from the user. This is because there is no information specified about the data that is to be collected from the user for the selected resource. As a result, the Step 2: Attributes and Step 3: Restrictions in the Create Request Template wizard are not applicable because the attributes in these steps are defined by the request dataset, in the absence of which, there is no data to restrict. However, when you select a resource that does not have a request dataset, the Service Account attribute is displayed in the Step 2: Attributes because this attribute is defined by the common request dataset. See "Common Request Dataset" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about common request dataset.

17.2 Searching and Modifying Request Templates

Oracle Identity Manager Administration allows you to perform simple and advanced search for request templates, if you have the privileges of the Template Administrator's role.

To perform a simple search for request templates:

  1. Go to Oracle Identity Manager Advanced Administration.

  2. In the left pane of the Request Templates section, enter a search criteria in the Search field. You can use the asterisk (*) wildcard character in the Search field.

    Note:

    In simple and advanced search for request templates, searching with translated request template name is not supported. Oracle Identity Manager supports only English string search for predefined request templates. For default request templates, you can search with English template names as stored in the database. However, if you create a request template by specifying its name in another language, then you can search it using the same string, and not in any other language.

  3. Click the icon next to the Search field to display a list of default and nondefault request templates.

    All the default request templates are blank templates without any customization on top of the request types. Table 17-1 lists the default request templates:

    Table 17-1 Default Request Templates

    Request Template Description

    Assign Roles

    Default template for assigning roles to users

    Create User

    Default template for creating users

    De-Provision Resource

    Default template for deprovisioning resources

    Delete User

    Default template for deleting users

    Disable Provisioned Resource

    Default template for disabling provisioned resources

    Disable User

    Default template for disabling users

    Enable Provisioned Resource

    Default template for enabling provisioned resources

    Enable User

    Default template for enabling users

    Modify Provisioned Resource

    Default template for modifying provisioned resources

    Modify Self Profile

    Default template for modifying self profile

    Modify User Profile

    Default template for modifying user profiles

    Provision Resource

    Default template for provisioning resources

    Remove from Roles

    Default template for removing users from roles

    Self-Register User

    Default template for self registering users

    Self-Request Resource

    Default template for requesting resources for self

    Note:

    Each request template mentioned in Table 17-1 has a default callback policy which are used by SPML webservice.

To perform an advanced search for request templates:

  1. Go to Oracle Identity Manager Advanced Administration.

  2. In the left pane of the Request Templates section, click Advanced Search. The Advanced Search: Request Templates page is displayed.

  3. Select any one of the following matching options:

    • All: On selecting this option, the search is performed with the AND condition. This means that the search operation is successful only when all the search criteria specified are matched.

    • Any: On selecting this option, the search is performed with the OR condition. This means that the search operation is successful when any search criterion specified is matched.

  4. Specify values in the fields as search criteria. For each field, select an operator, such as Equals, Contains, or Begins with.

  5. To discard a field from your search, click the cross icon next to the field.

  6. Click Search. The search results table is displayed with details about the request template name, request type, approval process, and description.

    Figure 17-1 Advanced Search Result for Request Templates

    Description of Figure 17-1 follows
    Description of "Figure 17-1 Advanced Search Result for Request Templates"

To modify a request template:

  1. Select a template name in the search results table. From the Actions menu, select Open. The Template Details page is displayed with the details about the template.

  2. In the Template Details section, the details of the template are displayed in the fields, as shown in Table 17-2:

    Table 17-2 Fields in the Template Details Section

    Field Description

    Request Template Name

    The name of the request template, for example, Create User

    Request Type

    The request type, for example, Create User

    Template Level Approval Process

    The additional approval process, which is invoked for requests that are created using this request template.

    Description

    The description for the request template

After you create a request template, and search for the request templates, the template that you created is also displayed in the search results table on the left pane. You can view the details of the template that you created. For example, if you create the Create Contractor request template and select Open from the Actions menu, then the Template Details page for the Create Contractor request template is displayed.

Note that the tabs that are displayed in the Request Details page correspond to the steps in the Create Template wizard. Similar to the steps in the wizard, the tabs in the Template Details page are dynamically generated, and each tab correspond to a step in the Create Template wizard. In general, the Template Details page has the following tabs:

Note:

These tabs are dynamically generated based on the request type that is associated with the request template. In other words, each tab that is displayed in the Request Details page correspond a step in the Create Template wizard.

17.2.1 Allowed Resources or Allowed Roles

The Allowed Resources tab or the Allowed Roles tab is displayed only if the request type is associated with a resource or a role. Figure 17-2 shows the Allowed Resources tab:

Figure 17-2 The Allowed Resources Tab

Description of Figure 17-2 follows
Description of "Figure 17-2 The Allowed Resources Tab"

The options available in this tab allows you to edit and delete resources or roles. To do so:

  1. Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.

  2. In the Allowed Resources tab of the request template details page, select the resource of role that you want to edit.

  3. From the Actions list, select Edit. The Allowed Resources dialog box is displayed.

  4. Search for the resource or role that you want to edit.

  5. From the Available Resources list, select a resources or multiple resources and click Move or Move All to include the resources in the Selected Resources list.

  6. Click Perform. The resource is listed in the Allowed Resources tab.

To delete a resource or role:

  1. Select the resource or role that you want to delete.

  2. From the Actions list, select Delete. A message box is displayed that confirms the deletion.

  3. Click OK.

17.2.2 Attribute Restrictions

This tab contains the attribute restrictions, if any. Figure 17-3 shows the Attribute Restrictions tab:

Figure 17-3 The Attribute Restrictions Tab

Description of Figure 17-3 follows
Description of "Figure 17-3 The Attribute Restrictions Tab"

Using this tab, you can put additional restrictions on the entity types that you can select if it is associated with a generic request type. To do so:

  1. Go to Oracle Identity Manager Advanced Administration.

  2. In the Selected Resources section of the Attribute Restrictions tab, select a resource whose attributes you want to restrict.

  3. Specify the attributes that you want to specify in the lower part of the tab.

  4. Click Next Resource. The attributes for the next resource are displayed.

  5. Specify the attributes for the resource.

17.2.3 Additional Attributes

This tab is always displayed. Figure 17-4 shows the Additional Attributes tab:

Figure 17-4 The Additional Attributes Tab

Description of Figure 17-4 follows
Description of "Figure 17-4 The Additional Attributes Tab"

Using this tab, you can specify additional attributes for data collection at the template level. These attributes are collected when the user creates a request. This data cannot be used during request execution. Also, you can only add new template attributes or delete the existing template attributes

To specify additional attributes for data collection:

  1. Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.

  2. In the Attribute Name field of the Additional Attributes tab, enter a name of the attribute.

  3. From the Data Type list, select a value from String, Number, Date or Boolean.

  4. From the Display Type list, select the type of field, such as text field, radio button, date field, check box, and date area, which you want to display for this attribute.

  5. Click Add. The attribute is added to the Additional Attributes section.

To delete an additional attribute, select the attribute and select Delete from the Actions list.

17.2.4 Template User Roles

This tab allows you to select the roles that can be assigned to the request template. Only the users with the role are able to create requests by using the template. Figure 17-5 shows the Template User Roles tab:

Figure 17-5 The Template User Roles Tab

Description of Figure 17-5 follows
Description of "Figure 17-5 The Template User Roles Tab"

To select roles for assigning to the request template:

  1. Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.

  2. From the Available Roles list of the Template User Roles tab, select the roles that you want to create requests by using this template.

  3. Click Move or Move All to include the roles in the Selected Roles list.

17.3 Cloning Templates

Cloning a request template is the procedure to create a new request template by inheriting all the properties of an existing request template.

To clone a request template:

  1. Go to Oracle Identity Manager Advanced Administration.

  2. From the advanced search results in the Template Details page, select a request template that you want to clone.

  3. From the Actions menu, select Clone. The Clone Template page is displayed with the details of the request template that you have selected for cloning.

  4. Modify the required details of the request template for creating the new request template.

  5. Click Save to create the new request template.

17.4 Deleting Templates

To delete a template as a member of the Templates Administrators role:

  1. In the Request Templates tab in Oracle Identity Manager Advanced Administration, search for the existing request templates.

  2. From the search results table, select the template that you want to delete.

  3. From the Actions list, select Delete. A message box is displayed that asks for confirmation.

  4. Click OK to confirm.

Note:

If the template to be deleted is referred by any existing requests, then it cannot be deleted.
Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us