Oracle® Fusion Middleware System Administrator's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14308-05 |
|
|
View PDF |
The system configuration service enables you to manage system properties used by Oracle Identity Manager. This service allows you to create, modify, delete, or search existing system properties depending on their roles.
System properties define the characteristics that control the behavior of Oracle Identity Manager. You can define the functionality of consoles such as the Oracle Identity Administration and Oracle Identity Manager Self Service by using system properties. For example, you can define the number of consecutive attempts the user can make to login to Oracle Identity Manager unsuccessfully before Oracle Identity Manager locks the user account. In other words, a system property is an entity by using which you can control the configuration of Oracle Identity Manager.
This chapter discusses the following topics:
Table 4-1 lists and describes the default system properties in Oracle Identity Manager.
Table 4-1 Default System Properties in Oracle Identity Manager
Property Name | Description | Keyword | Default Value |
---|---|---|---|
Are challenge questions disabled in OIM |
Determines if challenge questions are enabled or disabled when a user logs in to Oracle Identity Manager for the first time. When value is False, challenge questions are enabled. When value is True, challenge questions are disabled. This property is primarily used in the context of Oracle Adaptive Access Manager (OAAM) configuration. When the value is TRUE, the challenge questions are handled by OAAM. |
OIM.DisableChallengeQuestions |
FALSE |
Compiler Path for Connectors |
Specifies the Java home depending on the application server. Note: If the path of the JDK directory is not included in the System Path variable, then you must set the path of the JDK directory in the XL.CompilerPath system property. If this is not done, then an error is encountered during the adapter compilation stage of the process performed when you import an XML file by using the Deployment Manager. |
XL.CompilerPath |
|
Default Date Format |
When creating reconciliation events by calling the APIs and date format is not passed as one of the arguments to the API, Oracle Identity Manager assumes that all the date field values are specified in Default Date Format. If no value is set for this system property, Oracle Identity Manager assumes the format to be yyyy/mm/dd hh:mm:ss z. |
XL.DefaultDateFormat |
yyyy/mm/dd hh:mm:ss z |
Default policy for username generation |
Determines the username policy to be picked up while generation of username. |
XL.DefaultUserNamePolicyImpl |
oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy |
Default user name domain |
This property is used by the DefaultComboPolicy to generate a user name in e-mail format. |
XL.UserNameDomain |
oracle.com |
Direct Provisioning vs. Request for Access Policy Conflicts |
If multiple access policies are evaluated to be true for a user that requires the same resource to be provisioned and some of the policies are defined to provision resource with approvals and some without approval, and if the Direct Provisioning vs. Request for Access Policy Conflicts property is set to FALSE, then Oracle Identity Manager creates a request for provisioning the corresponding resource. If there are no conflicts, then resources are provisioned based on what is defined on the access policy. |
XL.DirectProvision |
TRUE |
Does user have to provide challenge information during registration |
If the value is TRUE, then users will have to provide challenge information during registration. |
PCQ.PROVIDE_DURING_SELFREG |
TRUE |
Duplicate challenge responses allowed |
This property is used to indicate whether or not duplicate challenge responses are allowed. |
XL.IsDupResponsesAllowed |
FALSE |
Email Server |
Name of the e-mail server. Note: After modifying the Email Server system property value, you must restart the server for the change to take effect. |
XL.MailServer |
Email Server |
Enable exception reports |
This property is used to enable the exception reporting feature. Exception reporting is enabled only if the value is set to TRUE. |
XL.EnableExceptionReports |
FALSE |
Enable disabled resource instances when a user is enabled |
If the value is TRUE, then the disabled resource instances are enabled when a user is enabled. |
XL.EnableDisabledResources |
TRUE |
Flag for new permissioning model |
This system property determines the data object permission model for inserting, updating, and deleting records in the Oracle Identity Manager database. Before inserting, updating, and deleting records into a database table, Oracle Identity Manager checks the roles assigned to the user who wants to insert, update, or delete records. The roles have data objects assigned to them along with details of permissions to insert, update, or delete a record. For a user to insert, update, or delete records into the table, the user must have permissions for the all the roles assigned to him on that data object. If the user does not have insert, update, or delete permission on any one role, then the user is not allowed to insert, update, or delete records in the table corresponding to the data object. This applies when the value of this property is set to FALSE. When the value is set to TRUE, the user must have insert, update, and delete permissions for any one of the roles assigned to the user on a particular data object. If any one permission is available to the user for a role, then the user can insert, update, or delete records in the table corresponding to the data object. |
XL.NewPermissionModel |
FALSE |
Force Password Change at First Login |
If the value is TRUE, then the user is forced to change the password when the user logs in for the first time. |
XL.ForcePasswordChangeAtFirstLogin |
TRUE |
Force to set questions at startup |
When the user logs into the Web Application for the first time, he/she must set the default questions for resetting his/her password. |
PCQ.FORCE_SET_QUES |
False |
Is Self-Registration Allowed |
If the value is TRUE, then the users are allowed to self-register. |
XL.SelfRegistrationAllowed |
TRUE |
LDAP Reservation Plugin |
This property determines the LDAP reservation plugin implementation to be picked up for reservation of user attributes. |
XL.LDAPReservationPluginImpl |
oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID |
Maximum Number of Login Attempts |
Determines how many consecutive times the user can attempt to login to Oracle Identity Manager unsuccessfully before Oracle Identity Manager locks the user account. Note: If the user account is locked, then the user can unlock it by resetting the "challenge" questions associated with resetting the password. |
XL.MaxLoginAttempts |
10 |
Maximum Number of Password Reset Attempts |
Determines how many consecutive times the user can attempt to reset the password unsuccessfully before Oracle Identity Manager locks the user account. Important: When the user account is locked, the user cannot unlock it. If this occurs, then contact the system administrator. |
XL.MaxPasswordResetAttempts |
3 |
Minimum length of challenge response |
This property is used to set the minimum length of answers to challenge questions. |
XL.ResponseMinLength |
0 |
Number of Correct Answers |
This value represents how many questions the user must answer correctly to reset user password. |
PCQ.NO_OF_CORRECT_ANSWERS |
3 |
Number of Questions |
Sets the number of questions that must be completed by a user who is using the Web Application to reset the user's password. |
PCQ.NO_OF_QUES |
3 Note: The value set for PCQ.NO_OF_QUES must not be less than the value set for PCQ.NO_OF_CORRECT_ANSWERS. |
Organization Delete/Disable Action |
If this property is set to TRUE, then users can disable/delete the organization even if the organization contains users and suborganizations. If this property is FALSE, then users cannot disable/delete the organization if the organization contains users and suborganizations. The default value is FALSE. |
ORG.DisableDeleteActionEnabled |
FALSE |
If a resource is added to an organization as permitted resource, then by setting this property to TRUE, the same resource is automatically added as the permitted resource for suborganizations. |
XL.OrganizationProcessInherit |
TRUE |
|
Organization Process Restriction |
This property is for internal use by Oracle Identity Manager. You must not use this property. |
XL.OrganizationProcessRestrict |
FALSE |
Organization Self-Serviceable |
Determines whether the default value for a process is self-serviceable and if it is set or not. This is used to determine which resources can be self requested. This is same as selecting the option from Oracle Identity Manager Design Console.. The only difference is that from here it is allowed for a particular organization. |
ORG.SELF_SERVICEABLE_DEFAULT |
FALSE |
Pending Cancelled Tasks |
If this property is set to TRUE and tasks are configured to allow cancellation while they are pending, then these tasks are moved to Pending Cancelled (PX) status if the corresponding process instance is cancelled. If the property is set to FALSE, then tasks are moved to Cancelled (X) status when corresponding process instance is cancelled. Note that process instances are called by Oracle Identity Manager when the corresponding resource instances are revoked. |
XL.PendingCancelled |
true |
Period to Delay User Delete |
This property is used to specify the time period before deleting a user. When this property is set and a user is deleted, the user's state is changed to disabled and "automatically delete on date" is set to current date plus the delay period. |
XL.UserDeleteDelayPeriod |
0 |
Property dictates whether database name will be displayed |
If the value is TRUE, then the database name is displayed. |
XL.TOOLBAR_DBNAME_DISPLAY |
TRUE |
Property to indicate day limit set for pending approvals |
Used prior to implementation of the Separation of active/non-active task feature to specify the duration for which the pending approval tasks would be fetched. Used at the API level to get the Pending approval related counters. |
XL.OpenTask.DayLimit |
30 |
Property to indicate the duration in months of open tasks and pending approvals |
Note: Do not use this property. It is retained in this release for internal use only. It will be removed in a future release of Oracle Identity Manager. |
XL.OpenTasksPendingApprovalsDuration |
3 |
Property to indicate whether the auditing engine should send a JMS message |
When the value of this property is set to True and the XL.UserProfileAuditDataCollection property is set to an audit data collection level, then the account reconciliation performs the matching in the database layer at a batch-level and performs the event action by using the provisioning APIs. This in turn triggers the audit event handlers for account reconciliation. For information about account reconciliation, see "Account Reconciliation" in the Oracle Fusion Middleware User's Guide for Oracle Identity Manager. Note: This property is for internal use by Oracle Identity Manager. You must not use this property. |
XL.SendAuditJMSMessage |
false |
Proxy User Email Notification |
The corresponding PTY_VALUE is the e-mail definition name that is sent when a proxy user is created. User gets a notification e-mail when the user is made proxy for some other user. |
XL.ProxyNotificationTemplate |
Notify Proxy User |
Recon Batch Size |
This property is used to specify the batch size for reconciliation. You can specify 0 as the value for this to indicate that the reconciliation will not be performed in batches. You must restart Oracle Identity Manager after setting this property. |
OIM.ReconBatchSize |
500 |
Record Read Limit |
Sets the maximum number of records that can be displayed in a query result set. |
XL.READ_LIMIT |
500 |
Request Notification Level |
This property indicates whether or not notification is sent to the requester and beneficiary when a request is created or the request status is changed. When the value of this property is 0, then the notification feature is disabled. When the value is 1, then the notification feature is enabled. |
RequestNotificationLevel |
0 |
Reset with generated password |
This property is used to reset the password of the user with generated password. |
XL.ResetWithGeneratedPwd |
TRUE |
Search Stop Count |
This property determines the maximum number of records that are displayed in the advanced search result. If the search criteria specified returns more number of records than that value of this property, then the number of records displayed is limited to this value. In addition, a warning is displayed stating that the results exceed maximum counts and you must refine your search with additional attributes. |
XL.IDADMIN_STOP_COUNT |
300 |
Shows tasks assigned to group users with least load only |
If the value is TRUE, then the tasks are assigned to group users with least load only when the assignment type is Group User With Least Load, and so on. |
XL.ShowTaskAssignedToGroupUserOnly |
FALSE |
Specifies the LDAP container mapper plug-in to be used |
When Oracle Identity Manager is installed with LDAP synchronization enabled, this plug-in determines in which container users and roles are to be created. Value of this system property indicates the default Oracle Identity Manager plug-in name used for computing the container values. If the default plug-in does not meet the requirement, then you can define your own plug-in to determine the container and specify the name of the plug-in in this system property. Note: For information about this plug-in, see "Customizing Operations in Oracle Identity Manager" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager. |
LDAPContainerMapperPlugin |
oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper |
Specifies the request engine to be used |
This property is used to specify the request engine to be used for generating requests. |
XL.RequestEngine |
1 |
URL for challenge questions modification |
This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the challenge questions. For example: http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=registerQuestions |
OIM.ChallengeQuestionsModificationURL |
NONE |
URL for change password |
This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the change password functionality. For example: http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=changePassword |
OIM.ChangePasswordURL |
NONE |
URL for forgot password |
This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the forgot password functionality. For example: http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/forgotPassword.do |
OIM.ForgtoPasswordURL |
NONE |
Unlock Account Automatically After Time Period |
This property is used to automatically unlock user accounts after the specified time period. |
XL.UnlockAfter |
FALSE |
Use Row Restriction |
Note: This property is for internal use by Oracle Identity Manager. You must not use this property. |
XL.UseRowRestriction |
FALSE |
Use of Default Questions |
For customers who have customized their UI to allow end-users to set their own challenge questions, this property determines whether the user must select challenge questions from a predefined list in the Web Application, or if users are required to provide their own questions. Note: Functionality that allows end-users to set their own challenge questions is not supported in the standard out-of-the-box user interface. |
PCQ.USE_DEF_QUES |
TRUE |
Use semicolon as delimiter in API parameters |
This property is used to specify whether or not semicolon should be used as a delimiter to the API input parameter values. Some APIs accepted string input values that are separated by semicolon. This has been changed to use a vertical bar "|" instead. To keep backward compatibility, this new property can be used to go back to using semicolons. The default value is FALSE signifying the usage of "|". When set to TRUE, the input for those APIs are accepted with semicolon as separator. |
XL.UseSemiColonAsDelimiter |
FALSE |
User Attribute Reservation Enabled |
This property is used to enable user attribute reservation. |
XL.IsUsrAttribReservEnabled |
TRUE |
User Id reuse property |
Determines whether a deleted user account can be reused. To reuse a deleted user account, assign this property a value of TRUE and drop the unique index for the USR_LOGIN column in the USR table and create a nonunique index. To prevent a user account from being reused, assign this property a value of FALSE. |
XL.UserIDReuse |
FALSE |
User Language |
The user.language value is configured during installation for Locale handling at server side. |
user.language |
en |
User Region |
The user.region value is configured during installation for Locale handling at server side. |
user.region |
US |
User Variant |
The user.variant value is configured during installation for locale handling at server side. |
user.variant |
|
User profile audit data collection level |
This property controls the user profile data that is collected for audit purpose when an operation is performed on the user, such as creation, modification, or deletion of a user, role grants or revokes, and resource provisioning or deprovisioning. Depending upon the property value, such as Resource Form or None, the data is populated in the UPA table. The audit levels are specified as values of this property. The supported levels are:
|
XL.UserProfileAuditDataCollection |
Resource Form |
XL.SoDCheckRequired |
This property indicates whether or not SoD check is required. |
XL.SoDCheckRequired |
FALSE |
Xellerate User resource provision mode |
This property determines whether provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure, or in the Java layer via Event Handlers. Note: See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about Event Handlers. This property has the following allowed values:
|
XLUserResource.ProvisionMode |
DB |
Table 4-2 lists the system properties you can add to the PTY table, and then use the properties to change some of the default settings in Oracle Identity Manager:
Table 4-2 Nondefault System Properties
Property Name | Description | Keyword | Sample Value |
---|---|---|---|
OIM Database Query Retry Attempts |
Number of times SQL queries to be retried for handling Oracle RAC failures. In the absence of this property in the PTY table, SQL queries for handling Oracle RAC failures are retried three times by default. |
OIM.DBQueryRetryAttempts |
5 |
OIM Database Query Retry Interval |
Time in seconds after which each SQL retry takes place for Oracle RAC failures. In the absence of the property in the PTY table, SQL query occurs after every 7 seconds by default. |
OIM.DBQueryRetryInterval |
10 seconds |
JDBC Connection Retry Attempts |
Number of times Oracle Identity Manager retries to get a connection when the JDBC connection fails. In the absence of this property in the PTY table, the JDBC connection is retried three times by default. |
OIM.JDBCConnectionRetryAttempts |
5 When the value is 0, it means no retry. |
JDBC Connection Retry Interval |
Time in seconds between each JDBC connection retry. In the absence of this property in the PTY table, each JDBC connection retry occurs at an interval of 7 seconds. |
OIM.JDBCConnectionRetryInterval |
10 seconds |
GTC Auto Import |
Based on the value of this property, the DM xml that is generated while GTC creation can be saved to a directory. The default value of this property is true. When the value of this property is set to "False", then while creating GTC, the DM xml (the xml that GTC creates and imports using Deployment Manager internally while GTC creation) created by the GTC framework is stored in the following directory: OIM_HOME/GTC/XMLOutput The naming convention followed for the DM xml is: GTCNAME_CURRENTDATE_ TIMESTAMP created using date format "yyyy-MM-dd-HH-mm-ss".xml For example: TRUSTEDCSV_2009-02-05-22-41-11.xml |
XL.GTCAutoImport |
False |
This section discusses the following topics:
Oracle Identity Manager provides you with the capability of creating your own system properties. You can create system properties according to your requirements if you choose not to use any of the predefined system properties listed in "System Properties in Oracle Identity Manager".
You can create a system property by using the Create System Property page in Oracle Identity Manager Administration. You can open this page only if you are authorized to create system properties.
While creating a system property, you specify values for the Property Name, Keyword, and Value fields. These values are saved in the PTY table of the Oracle Identity Manager database.
To create a system property:
Click the System Management tab, and then click System Configuration.
On the left pane, from the Actions menu, select Create. Alternatively, you can click the create icon on the toolbar. The Create System Property page is displayed, as shown in Figure 4-1:
On the Create System Property form, enter details of the system property. Table 4-3 describes the fields of this form.
Table 4-3 Fields of the Create System Property Form
Field | Description |
---|---|
Property Name |
Enter a name of the system property. |
Keyword |
Enter a unique ID for the system property. |
Value |
Enter a value for the system property, for example, 4. |
Note:
Any special character (.) is not allowed in the beginning or end of Keyword fields while creating or updating a system property. In case of Value fields, special characters are allowed in the beginning or in the end.Click Perform to create the system property. A message confirming that the system property has been created is displayed. For the new system property that is created, by default, the data level is set to 2 and login_required is set to true.
After the system property is created, you can use SQL query to set values for the following system property fields that are automatically added to the system property recorded in the PTY table of the database:
Data Level: Every system property has a data level associated with it. The data level field determines the kind of operations that can be performed on a system property. Data levels are a means of specifying the operations that can be performed on a system property. For example, a data level value of 1 for a system property indicates that the system property can neither be modified nor deleted. The default value of this field is 2.
The data level field cannot be modified by using the UI. It can only be modified by using a SQL script. Table 4-3 lists and describes the various data levels associated with a system property.
Table 4-4 Data Levels Associated with a System Property
Data Level | Description |
---|---|
0 |
Indicates that the system property can be modified or deleted |
1 |
Indicates that the system property cannot be modified or deleted |
2 |
Indicates that the system property can only be modified |
3 |
Indicates that a system property can only be deleted |
Log In Required: This field specifies whether or not a login is required to access the system property. The default value of this field is 1, which means that a login is required to access the system property. You can change the value of this field to 0 by using a SQL script.
LKU_KEY: This field determines the set of values that can be specified in the Value field of a system property. The default value of this field for a newly created system property is null. LKU_KEY is a column in the LKU table of the Oracle Identity Manager database. For a system property with non-null value in the LKU_KEY column, you can insert the values in this column from a predefined set of values that are in the LKV table. This is done by using a SQL script to include any valid LKU_KEY column value from the LKU table to associate multiple values with the system property. See step 7 for more details.
If you want to modify the data level of the system property, then run the following command:
UPDATE PTY SET PTY_DATA_LEVEL=DATA_LEVEL_VALUE WHERE PTY_KEYWORD = SYSTEM_PROPERTY_KEYWORD;
In this command:
DATA_LEVEL_VALUE is any value listed in the Data level column of Table 4-4.
SYSTEM_PROPERTY_KEYWORD is the unique ID for the system property that you entered in the Keyword field in Step 3.
Note:
Any special character (.) is not allowed in the beginning or end of Keyword fields while creating or updating a system property. In case of Value fields, special characters are allowed in the beginning or in the end.If you want to modify the value of the Log In Required field, then run the following command:
UPDATE PTY SET PTY_LOGINREQUIRED=LOGIN_REQUIRED_VALUE WHERE PTY_KEYWORD = SYSTEM_PROPERTY_KEYWORD;
In this command:
LOGIN_REQUIRED _VALUE can take a value of either 0 or 1.
If a login is required for accessing the system property, then enter 1.
Otherwise, enter 0.
SYSTEM_PROPERTY_KEYWORD is the unique ID for the system property that you entered in the Keyword field in Step 3.
If you want to define the set of values that can be specified in the Value field of a system property, then run the following commands:
Run the following command to insert a row into the LKU table:
INSERT INTO LKU (LKU_KEY, LKU_LOOKUP_KEY, LKU_TYPE, LKU_GROUP, LKU_REQUIRED, LKU_TYPE_STRING_KEY, LKU_FIELD, LKU_DATA_LEVEL, LKU_CREATE, LKU_CREATEBY, LKU_UPDATE, LKU_UPDATEBY, LKU_NOTE, LKU_ROWVER) VALUEs (LKU_KEY_VALUE, LKU_LOOKUP_KEY_VALUE,...);
For example, if you want to update a set of values for the Title field, then run the following INSERT statement:
INSERT INTO LKU (LKU_KEY, LKU_LOOKUP_KEY, LKU_TYPE, LKU_GROUP, LKU_REQUIRED, LKU_TYPE_STRING_KEY, LKU_FIELD, LKU_DATA_LEVEL, LKU_CREATE, LKU_CREATEBY, LKU_UPDATE, LKU_UPDATEBY, LKU_NOTE, LKU_ROWVER) VALUES (201, Title, ...);
Here, LKU_KEY_VALUE is 201 that uniquely identifies the record in the LKU table, and LKU_LOOKUP_KEY_VALUE is Title.
Note:
You must insert a record in the LKU table before inserting any record in the LKV table because the value of LKU_KEY is used in the LKV insert statement.Run the following command to insert a row into the LKV table:
INSERT INTO LKV (LKV_KEY, LKU_KEY, LKV_ENCODED, LKV_DECODED, LKV_LANGUAGE, LKV_COUNTRY, LKV_VARIANT, LKV_DISABLED, LKV_DATA_LEVEL, LKV_CREATE, LKV_CREATEBY, LKV_UPDATE, LKV_UPDATEBY, LKV_NOTE, LKV_ROWVER) VALUES (LKV_KEY_VALUE, LKU_KEY_VALUE, LKV_ENCODED_VALUE, LKV_DECODED_VALUE, ...);
For example, to define the set of values for the Title field as Mr, Ms, and Dr, run the following INSERT statements:
INSERT INTO LKV (LKV_KEY, LKU_KEY, LKV_ENCODED, LKV_DECODED, LKV_LANGUAGE, LKV_COUNTRY, LKV_VARIANT, LKV_DISABLED, LKV_DATA_LEVEL, LKV_CREATE, LKV_CREATEBY, LKV_UPDATE, LKV_UPDATEBY, LKV_NOTE, LKV_ROWVER) VALUES (1001, 201, 'Ms', 'Miss', ...); INSERT INTO LKV (LKV_KEY, LKU_KEY, LKV_ENCODED, LKV_DECODED, LKV_LANGUAGE, LKV_COUNTRY, LKV_VARIANT, LKV_DISABLED, LKV_DATA_LEVEL, LKV_CREATE, LKV_CREATEBY, LKV_UPDATE, LKV_UPDATEBY, LKV_NOTE, LKV_ROWVER) VALUES (1002, 201, 'Mr', 'Mister', ...); INSERT INTO LKV (LKV_KEY, LKU_KEY, LKV_ENCODED, LKV_DECODED, LKV_LANGUAGE, LKV_COUNTRY, LKV_VARIANT, LKV_DISABLED, LKV_DATA_LEVEL, LKV_CREATE, LKV_CREATEBY, LKV_UPDATE, LKV_UPDATEBY, LKV_NOTE, LKV_ROWVER) VALUES (1003, 201, 'Dr', 'Doctor', ...);
In this example:
LKV_KEY_VALUE is 1001, 1002, and 1003 respectively that uniquely identifies the records in the LKV table
LKV_ENCODED_VALUE is Ms, Mr, and Dr respectively
LKV_DECODED_VALUE is Miss, Mister, and Doctor respectively
Run the following command to update the value of the LKU_KEY column in the PTY table:
UPDATE PTY SET LKU_KEY=LKU_KEY_COLUMN_IN_THE_LKV_TABLE WHERE PTY_KEYWORD = SYSTEM_PROPERTY_KEYWORD;
In this command:
LKU_KEY_COLUMN_IN_THE_LKV_TABLE is the value of the LKU_KEY column in the LKV table.
SYSTEM_PROPERTY_KEYWORD is the unique ID for the system property that you entered in the Keyword field in Step 3.
Note:
If you want to view the changes in Oracle Identity Manager Advanced Administration, then you must run purge cache immediately after modifying a system property by using Microsoft SQL.Whenever you make any change to a system property by using any method other than from the Advanced Administration, you must run purge cache to get the changes reflected in Oracle Identity Manager:
Depending upon the operating system being used, run one of the following commands to clear the server cache:
For Microsoft Windows:
OIM_HOME\server\bin\PurgeCache.bat
For UNIX:
OIM_HOME/server/bin/PurgeCache.sh
Oracle Identity Manager Advanced Administration allows you to perform the following types of search operations for system properties:
To perform a simple search for system properties:
In the Welcome page of Oracle Identity Manager Administration, under System Management, click System Configuration. Alternatively, you can click the System Management tab, and then click System Configuration.
In the left pane, enter a search criterion in the Search field for the system property that you want to search. You can include wildcard characters (*) in your search criterion.
If you enter * in the Search field, then all the system properties are displayed. You can filter your search by combining characters with the wildcard characters. For example, to search all system properties starting with p, you can enter p* in the Search field.
Click the icon next to the Search field. A list of all system properties that meet the search criterion is displayed, as shown in Figure 4-2.
The search results table displays the system property names and keywords. You can click a property name to open the details for the system property.
To perform an advanced search for system properties:
In the left pane of the System Configuration section, click Advanced Search. The Properties: Advanced Search page is displayed.
In the list adjacent to the Property Name field, select a search condition.
In the Property Name field, enter a search criterion for the system property that you want to search. You can include wildcard characters (*) in your search criterion. Select the search conditions in the list adjacent to the fields. The search conditions include Not Contains, Not Begins With, Not Equals, Equals, Ends With, Not Ends With, Contains, and Begins With.
Click Search. The system properties that match the search criterion are displayed in the search results table, as shown in Figure 4-3:
The search result displays key, property name, keyword, value, allowed value, and date level for each system property.
A modify operation lets you modify an existing system property by using the System Property Detail page. If any system property is tagged with a set of allowed values, then you must specify a value from that set only.
Note:
While modifying a system property that has multiple values attached to it, a message is displayed if the modified value is not part of the values defined in the LKU and LKV tables. For information about associating multiple values to a system property, see step 7 of "Creating System Properties".To modify a system property:
Search for the system property that you want to modify.
In the Property Name column of the search results table, click the system property that you want to modify.
The System Property Details page is displayed, as shown in Table 4-4.
If you want to modify the Property Name, keyword, and the Value fields, then perform Step 3 of "Creating System Properties".
If you want to modify the Log In Required field, then perform Step 6 of "Creating System Properties".
If you want to modify the Allowed Values column, then perform Step 7 of "Creating System Properties".
If you want to modify the data level associated with a system property, then perform Step 5 of "Creating System Properties".
Click Save to save the changes made.
A message confirming that the system property has been modified is displayed.
Note:
You can delete a system property only if the data level of that system property is set to either 0 or 3. While deleting a system property, a message is displayed if the data level associated with the system property is not appropriate. For a description of the data levels, see Table 4-4, "Data Levels Associated with a System Property".Click the System Management tab and then click System Configuration.
On the left pane, search for the system property that you want to delete.
In the Property Name column of the search results table, select the system property that you want to delete.
From the Actions menu, select Delete. A message is displayed asking for confirmation. Click OK.
A message is displayed confirming that the system property has been deleted. Click OK.
Use the following steps to configure notification for a proxy:
Configure a new Email IT resource.
Create a new end user. (For example, create a "test1" user.)
Create a second end user. (For example, create a "test2" user.)
Assign the test1 user as a manager for the test2 user.
Specify your email ID for the test2 user, which enables you to
receive notifications in your inbox.
Log in as test1 and navigate to the Oracle Identity Manager Self Service.
Select Profile, Proxies, and when the Proxies screen is displayed,
add test2 as a proxy for the test1 user.
Note:
If you successfully added the proxy, you (the test2 user in this case) will receive an email notification message similar to the following:"You have been made the proxy for test1 test1[TEST1] from April 7, 2010 12:00:00 AM to April 30, 2010 12:00:00 AM".