Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14309-05 |
|
|
View PDF |
This chapter describes how to develop provisioning process forms by using the Design Console. It contains the following sections:
The information required to provision resources to a target user or organization cannot always be retrieved from an existing Oracle Identity Manager form. You can use the Form Designer form in the Development Tools folder to create a form with fields that contain the relevant information. After creating the form, you assign it to the process or resource object that is associated with provisioning resources to the user or organization. Figure 11-1 shows the Form Designer Form.
Oracle Identity Manager displays a resource object or process form that a user creates by using the Form Designer form for the following reason:
When the process form is attached to the appropriate provisioning process, and the Launch Form menu command is selected by right-clicking the process from the Object Process Console tab of the Organizations or Users forms.
For example, when Oracle Identity Manager or one of its users attempts to complete the resource object or process, the assigned form is triggered. When this occurs, either Oracle Identity Manager or a user populates the fields of this form. After the data is saved, the corresponding process or resource object can achieve a status of Completed, and Oracle Identity Manager can provision the appropriate resources to the target organizations or users.
For example, the Solaris form (represented by the UD_SOLARIS name in the Table Name field) has been created and assigned to both the Solaris resource object and provisioning process.
Note:
The table name contains a UD_ prefix, followed by the form name. For this example, because the name of the form is SOLARIS, its table name is UD_SOLARIS.Table 11-1 describes the data fields of the Form Designer form.
Table 11-1 Fields of the Form Designer Form
Field Name | Description |
---|---|
Table Name |
The name of the database table that is associated with the form. Note: The table name contains the UD_ prefix, followed by the form name. If the name of the form is SOLARIS, its table name is UD_SOLARIS. |
Description |
Explanatory information about the form. Important: The text that is displayed in the Description field is the name of the form. |
Preview Form |
When you click this button, the form is displayed. This way, you can see how it looks and functions before you make it active. |
Form Type |
These options are used to designate if the form is to be assigned to a process or a resource object. If you select the Process option, the form is associated with an approval or provisioning process. |
Object Name |
This is the name of the resource that can be provisioned (for example, a database, server, software application, file, or directory access). Also, referred to as a resource object name. Double-click this field to see the available resource object names. |
Latest Version |
The most recent version of the form. |
Active Version |
The version of the form that is used with the designated process or resource object. Note: After a version of the form is displayed in the Active Version field, it cannot be modified. |
Current Version |
This version of the form is being viewed and contains information, which is displayed throughout the various tabs of the Form Designer form. |
Create New Version |
If you click this button, you can assign an additional name to the existing version of a form. As a result, you can modify this version, without effecting the original version of the form. Note: If you create a new version of the form and click Refresh, the name that you provided for this version is displayed in the Current Version box. |
Make Version Active |
By clicking this button, you can specify that the current version of the form is the one that is to be assigned to the process or resource object. In other words, this version is now active. Note: After a version of the form is active, it cannot be modified. Instead, you must create another additional version of the form (by clicking the Create New Version button). |
The following sections describes how to work with forms:
To create a form:
Open the Form Designer form.
In the Table Name field, enter the name of the database table that is associated with the form.
Note:
The table name contains the UD_ prefix followed by the form name. If the name of the form is SOLARIS, its table name is UD_SOLARIS.In the Description field, enter explanatory information about the form.
Select the Process option. This is because the form is assigned to a provisioning process.
Click Save.
The form is created. The words Initial Version are displayed in the Latest Version field. This signifies that you can populate the tabs of the Form Designer form with information, so the form is functional with its assigned process or resource.
After you open the Form Designer form, and create a form, the tabs of this form become functional. The Form Designer form contains the following tabs:
You use the Additional Columns tab to create and manage data fields. These data fields are displayed on the associated form that is created by using the Form Designer form.
Table 11-2 describes the data fields of the Additional Columns tab.
Table 11-2 Fields of the Additional Columns Tab
Name | Description |
---|---|
Name |
The name of the data field that is displayed in the database and is recognized by Oracle Identity Manager. Note: This name consists of the <TABLENAME_> prefix followed by the name of the data field. For example, if the name in the Table Name field of the Form Designer form is UD_PASSWORD and the name for the data field is USERNAME, the data field name that is displayed in the database and that Oracle Identity Manager recognizes, would be UD_PASSWORD_USERNAME. |
Variant Type |
From this lookup field, select the variant type for the data field. The variant type denotes the type of data that the field accepts. This data field must be one of nine variant types: Byte, Double, Date, Byte Array, Boolean, Long, String, Short, and Integer. |
Length |
The length in characters of the data field. |
Field Label |
The label that is associated with the data field. This label is displayed next to the data field on the form that is generated by Oracle Identity Manager. |
Field Type |
From this lookup field, select the data type of the data field. The data type represents how the data must be displayed in the field. You can select one of the following data types:
|
Default Value |
This value is displayed in the associated data field after the form is generated and if no other default value was specified from the following scenarios:
|
Order |
The sequence number that represents where the data field is positioned on the generated form. For example, a data field with an order number of 2 is displayed below a data field with an order number of 1. |
Application Profile |
This check box designates if the most recent value of this field should be displayed on the Object Profile tab of the Users form after the resource associated with this form has been provisioned to the user and achieved the Enabled status. If this check box is selected, the label and value of this field is displayed on the Object Profile tab of the Users form for users provisioned with the resource. |
Encrypted |
This check box determines if the information, which is displayed in the associated data field, is to be encrypted when it is transmitted between the server and the client. If this check box is selected, the information that is displayed in the data field is encrypted when it is transmitted between the client and the server. |
To add a data field to a form:
Note:
Password fields are encrypted by default. When a data field of password field type is created, the value is displayed as asterisk (*) characters in the Administrative and User Console, and the data is encrypted in the database.In the Additional Columns tab, click Add.
A blank row is displayed in the Additional Columns tab.
In the Name field, enter the name of the data field, which is displayed in the database, and is recognized by Oracle Identity Manager.
Note:
This name consists of the <TABLENAME_> prefix, followed by the name of the data field.For example, if the name that is displayed in the Table Name field is UD_PASSWORD, and the name for the data field is USERNAME, the data field name that is displayed in the database and Oracle Identity Manager recognizes, would be UD_PASSWORD_USERNAME.
Double-click the Variant Type lookup field.
From the Lookup window that is displayed, select the variant type for the data field.
Currently, a data field can have one of nine variant types: Byte, Double, Date, Byte Array, Boolean, Long, String, Short, and Integer.
In the Length field, enter the length (in characters) of the data field.
In the Field Label field, enter the label that will be associated with the data field.
This label is displayed next to the data field on the form that is generated by Oracle Identity Manager.
Double-click the Field Type lookup field.
From the Lookup dialog box that is displayed, select the data type for the data field. Presently, a data field can have one of nine data types: Text Field, Lookup Field, Text Area, IT Resource Lookup Field, Date Field, Check Box, Password Field, Radio Button, and box.
See Also:
Table 11-2 for more information about data typesIn the Default Value field, enter the value that is displayed in the associated data field once the form is generated, and if no other default value has been specified.
See Also:
Table 11-2 for more information about the scenarios where a default value could be setIn the Order field, enter the sequence number, which will represent where the data field will be positioned on the generated form.
For example, a data field with an order number of 2 is displayed below a data field with an order number of 1.
If you want a specific organization or user's values to supersede the value that is displayed in the Default Value field, select the Application Profile check box. Otherwise, go to Step 10.
If you want the information that is displayed in the data field to be encrypted when it is transmitted between the client and the server, select the Encrypted check box. Otherwise, go to Step 11.
Click Save.
To remove a data field from a form:
Note:
While adding a new field, if you assign it the same name as a field that was removed, the variant type (data type) of the new field remains the same as that of the field that was removed. For example, suppose you remove the Addr1 field to which the String variant type was applied. You create a field with the same name and apply the Boolean variant type to it. Now, when you view or use the form on which the new Addr1 field is added, the variant type of the field is String and not Boolean.Delete all properties that are associated with the data field you want to remove by following the instructions in Section 11.1.2.4.3, "Removing a Property and Property Value From a Data Field".
Select the data field that you want to remove.
Click Delete.
The data field is removed from the form.
While adding a new field, if you assign it the same name as a field that was removed, the variant type (data type) of the new field remains the same as that of the field that was removed. For example, suppose you remove the Addr1 field to which the String variant type was applied. You create a field with the same name and apply the Boolean variant type to it. Now, when you view or use the form on which the new Addr1 field is added, the variant type of the field is String and not Boolean.
Sometime you might have to add the same data fields to multiple forms that are created by using the Form Designer form. There are two ways to do this:
You can add the data fields to each form manually, through the form's Additional Columns tab.
You can group the data fields together and save them under one form name. Then, you can assign this form to each form that requires these data fields.
If this form contains the data fields that are required by another form, it is known as a child table.
Assigning child tables to a form increases your efficiency as a user. Without child tables, for every form that needs data fields, you would have to set the parameters for each field. For example, if five forms require the identical data field, you would have to set the parameters for this field five, separate times (one for each form).
If you use a child table for one form, and decide that you want to apply it to another form, the Design Console enables you to do so. Remove the child table from the first form, and assign it to the target form. This way, the child table that you assign to one form can be reused for all forms created with the Form Designer form.
You can configure Oracle Identity Manager to perform one of the following actions in a column of a child table:
Insert: Adds a new value to the designated column of the child table
Update: Modifies an existing value from the corresponding column of the child table
Delete: Removes a value from the designated column of the child table
See Also:
See Section 10.3, "Process Definition Form" for more information about setting up Oracle Identity Manager to insert, edit, or delete a value from in a column of a child tableFor example, suppose that the UD_SOUTH child table is assigned to the Results of 1Q 2004 Sales form (represented by the UD_SALES2 table name). After this form is started, the data fields in the UD_SOUTH child table are displayed in the form.
The following sections describe how to assign a child table to a form and how to remove a child table from a form.
Note:
If the form, which is represented by the child table, has not been made active, you cannot assign it to the parent form.To assign a child table to a form:
Note:
If the form that is represented by the child table is active, it will not be displayed in the Assignment window, and you will not be able to assign it to the parent form.Click Assign.
The Assignment window is displayed.
From this window, select the child table, and assign it to the form.
Click OK.
The selected child table is assigned to the form.
You use this tab to select the user groups that can add, modify, and remove information from a custom form when it is instantiated.
When the Allow Insert check box is selected, the corresponding user group can add information into the fields of the user-created form. If this check box is not selected, the user group cannot populate the fields of this form.
When the Allow Update check box is selected, the associated user group can modify existing information in the fields of the user-created form. If this check box is not selected, the user group cannot edit the fields of this form.
When the Allow Delete check box is selected, the corresponding user group can delete data from instantiations of the user-created form. If this check box is not selected, the user group cannot delete data from fields of this form (when it is instantiated).
Figure 11-2 shows the Object Permissions tab of the Form Designer Form.
Suppose the SYSTEM ADMINISTRATORS user group can create, modify, and delete information that is displayed in the Results of 1Q 2004 Sales form (represented by the UD_SALES2 name in the Table Name field). The IT DEPARTMENT user group can only delete records of this form (its Allow Insert and Allow Update check boxes are not selected). The HR DEPARTMENT user group can create and modify information from within the Results of 1Q 2004 Sales form. However, because the Allow Delete check box is not selected, this user group is not able to delete this information.
The following section describes how to assign a user group to a user-created form, and remove a user group from a user-created form.
To assign a user group to a user-created form:
Click Assign.
The Assignment dialog box is displayed.
Select the user group, and assign it to the form that was created by a user.
Click OK.
The user group is displayed in the Object Permissions tab.
If you do not want this user group to be able to add information into a record of the user-created form, double-click the corresponding Allow Insert check box. Otherwise, go to Step 5.
If you do not want this user group to be able to modify information from within a record of the user-created form, double-click the associated Allow Update check box. Otherwise, go to Step 6.
If you do not want this user group to be able to delete a record of the user-created form, double-click the corresponding Allow Delete check box. Otherwise, go to Step 7.
Click Save.
The user group is assigned to the user-created form.
Figure 11-3 shows the Properties Tab of the Form Designer Form. You use this tab to assign properties and property values to the data fields that are displayed on the form that is created through the Form Designer form.
For example, suppose that the Results of 1Q 2004 Sales form has two data fields: User Name and Password. Each data field contains the following properties:
Required, which determines whether or not the data field must be populated for the generated form to be saved. The default value for the Required
property is false
.
Visible Field, which establishes whether the data field is displayed on the form, once Oracle Identity Manager generates the form. The default value for the Visible Field
property is true
.
Because the property values for the Required
and Visible Field
properties are true
for both data fields, once the Results of 1Q 2004 Sales form is generated, both of these data fields are displayed. In addition, each field must be populated for the form to be saved.
The following sections describe how to add a property and property value to a data field, and how to remove them from the data field.
Note:
The Properties tab is grayed out until you create a data field for the form by using the Additional Columns tab.For more information about the properties and property values you can select, see "Rule Elements, Variables, Data Types, and System Properties".
To add a property and property value to a data field:
Select the data field to which you want to add a property and property value.
Click Add Property.
The Add Property dialog box is displayed, as shown in Figure 11-4.
Note:
The text that is displayed in the Column Name and Column Type fields are the names and types of data fields you selected.In this example, the User Name data field was selected (as indicated by User Name displayed in the Column Name field). In addition, the data type of this field is a text field.
Table 11-3 lists the fields of the Add Property dialog box.
Table 11-3 Fields of the Add Property Dialog Box
Name | Description |
---|---|
Column Name |
The name of the data field. |
Column Type |
The data type of the data field. |
Property Name |
From this box, select the property for the data field. |
Property Value |
In this field, enter the property value, which is associated with the property that is displayed in the Property Name box. |
Note:
The menu items displayed in the Property Name box reflect the data type of the selected data field.Set the parameters for the property and property value that you are adding to the data field. Figure 11-5 shows the Add Property dialog box with values.
For this example, because the value of the Required property for the User Name data field was set to true, once the associated form is generated, this field must be populated. Otherwise, the form cannot be saved.
See Also:
See "Rule Elements, Variables, Data Types, and System Properties" for more information about the parameters and property values to selectFrom the Add Property window's Toolbar, click Save.
Click Close.
The property and property value are added to the data field.
To add a property and a property value for a customized lookup query:
Select the data field to which you want to add a property and a property value.
Click Add Property.
The Add Property dialog box is displayed, as shown in Figure 11-6.
Note:
The text that is displayed in the Column Name and Column Type fields shows the name and type of the data field you selected (from the Properties tab of the Form Designer).In this example, the Name data field was selected (as indicated by Name displayed in the Column Name field). In addition, the data type of this field is a lookup field.
The boxes of the Add Property dialog box are used to help build the WHERE clause in the custom lookup query. As you select the values for each box (from the menu), the WHERE clause is appended to the custom lookup query.
Table 11-4 describes the regions of the Add Property dialog box. Initially, all the fields are grayed out. After you have defined the lookup query and clicked Save, the fields become active.
Table 11-4 Fields of the Add Property Dialog Box
Name | Description |
---|---|
Column Name |
The name of the data field. |
Column Type |
The data type of the data field. |
Property Name |
From this list, select the property for the data field. |
Property Value |
In this field, enter the property value, which is associated with the property that is displayed in the Property Name box. In the case of a lookup query, you must specify both the Oracle Identity Manager form and field, which will be referenced for the query and will be recognized by the database. For example, if Oracle Identity Manager is referring to the user's login, you enter select usr_key fromusr in the Property Value field. After clicking Save, the Filter Column is active with all the columns of tables. |
Filter Column |
This is the Oracle Identity Manager form field that is referenced for the lookup query, and which is recognized by the database. This field is populated with all columns of table specified in the Property Value field. If multiple tables are used in the query, all tables are shown. For example, |
Source |
After the Filter Column variable is selected, the Source field is populated with all possible sources of value. The list of values in this field is dependent upon the type of form, for which the lookup field is being defined. For instance, the list displayed is different if the lookup query is for an Object form or a Process form. The Source field is a user-friendly name for the value that is displayed in the Filter Column box. For example, Requester Information refers to the usr.USR portion of the Filter Column value. |
Field |
This field is populated based on what value is selected in the Source field. Use this field to create the SELECT statement, which is needed for the column name. For example, the User Login corresponds to the _LOGIN part in the Filter Column value. |
Note:
The menu items displayed in the Property Name box show the data type of the selected data field.The Source and Field boxes of the Add Property dialog box are applicable only when Lookup Query is displayed in Property Name.
Set the parameters for the property and the property value that you are adding to the data field. Figure 11-7 shows the Edit Property dialog box.
To remove a property and property value from a data field:
Select the property and the property value that you want to remove.
Click Delete Property.
The property and its associated value are removed from the data field.
This tab is used to select the user groups that can view, modify, and delete the current record of the form that was created by a user by using the Form Designer form.
When the Write check box is selected, the corresponding user group can view and modify information for the current record of the form. If this check box is not selected, the user group cannot view or edit information for this record.
When the Delete check box is selected, the associated user group can remove information from the current record of the form. If this check box is not selected, the user group cannot delete information from this record.
Figure 11-8 shows the Administrators tab of the Form Designer Form.
The following sections describe how to assign administrative privileges to a user group for a record of a user-created form and remove administrative privileges from a user group for a record of a user-created form.
To assign administrative privileges to a user group for a record of a user-created form:
Click Assign.
The Assignment dialog box is displayed.
Select the user group, and assign it to the record of the user-created form.
Click OK.
The user group is displayed in the Administrators tab.
If you want this user group to be able to create and modify information for the current record of the user-created form, double-click the corresponding Write check box. Otherwise, go to Step 5.
If you want this user group to be able to remove information from the current record of the user-created form, double-click the associated Delete check box. Otherwise, go to Step 6.
Click Save.
The user group now has administrative privileges for this record of the user-created form.
To remove administrative privileges from a user group for a record of a user-created form:
Select the user group that you want to remove.
Click Delete.
The user group no longer has administrative privileges for this record of the user-created form.
In this tab, you can see the resource objects and processes to which the current form has been assigned.
For example, the Solaris form (represented by the UD_SOLARIS name in the Table Name field) was created and assigned to both the Solaris resource object and provisioning process.
Note:
The table name contains the UD_ prefix, followed by the form name. For this example, because the name of the form is Solaris, its table name is UD_SOLARIS.This tab will be populated with information only after you click Make Version Active.
You use this tab is to do the following:
Attach a pre-populate adapter to a data field of the user-created form.
Select the rule that will determine if this adapter will be executed to populate the designated data field with information.
Set the priority number for the selected rule.
Map the adapter variables of the prepopulate adapter to their correct locations.
See Also:
Chapter 3, "Using Adapters" for more information about prepopulate adapters, attaching pre-populate adapters to fields of user-created forms, or mapping the variables of a pre-populate adapterA form that is created by using the Form Designer form is composed of two types of data fields:
Data fields that are created by a user (by using the Additional Columns tab)
Data fields that are created by Oracle Identity Manager, and added to the form, once the form is created
Through the Default Columns tab, you can see the names, variant types, and lengths of the data fields, which are added, by default, to a user-created form. As a result, by viewing these data fields, you can see all data fields for this type of form, without starting SQL*Plus, or a similar database application.
This tab is used to view and access any user-defined fields that were created for the Form Designer form. Once a user-defined field has been created, it is displayed on this tab and is able to accept and supply data.
See Also:
See Section 13.3, "User Defined Field Definition Form" for instructions about how to create fields for user-created formsSometimes, when you create a form and populate the tabs of the Form Designer form with information, so the form will work with the process or resource object to which it will be assigned, you might want to create a different version of the form. This way, you can modify this version, without changing the original version of the form.
To create an additional version of a form:
Open the Form Designer form.
Search for the specific form of which you want to create a different version.
Click the Current Version box.
From the drop-down menu that is displayed, select the version of the form of which you are creating an additional version.
Click the Create New Version button.
The Create a New Version window is displayed.
In the Label field, enter the name of the additional version of the form.
From the Create a New Version window's toolbar, click Save.
From this toolbar, click Close.
The additional version of the form is created. When you click the Current Version box, the version's name, which you entered into the Label field in Step 5, is displayed. By selecting this version, you can populate the tabs of the Form Designer form with information, without changing the original version of the form.
The Error Message Definition form, as shown in Figure 11-9, is in the Development Tools folder. It is used to:
Create the error messages that are displayed in dialog boxes when certain problems occur.
Define the error messages that users can access when they create error handler tasks by using the Adapter Factory form.
The error messages you create are displayed on the Administrative and User Console if they are added to an adapter definition while creating a new adapter by using an error handler logic task based on a failure condition.
Note:
If an entity adapter is attached to a process form or an object form for validation of field values, these adapters will run if you edit data in these forms after completing direct or request provisioning.Oracle Identity Manager 11g Release 1 (11.1.1) does not support creating new entity adapters.
Table 11-5 describes the data fields of the Error Message Definition form.
Table 11-5 Fields of the Error Message Definition Form
Field Name | Description |
---|---|
The error message definition's unique, system-generated identification number. |
|
The code that represents the error message definition. |
|
When you click this button, Oracle Identity Manager resets the counter to zero. This counter is the number of times the error message is displayed. |
|
A description of the error message. |
|
A description of how to correct the condition that caused the error message to be displayed. |
|
The link to the URL that contains an online Help topic for this error message. |
|
A one-letter code, representing the seriousness of the condition that causes the error message to be displayed. An error message has three levels of seriousness: Error (E), Rejection (R), and Fatal Rejection (F). |
|
For classification purposes, you can categorize the seriousness of the condition that results in the error message being displayed, even further. An error message has five sub-levels of severity: None (N), Low (L), Medium (M), High (H), and Crash (C). |
|
Explanatory information about the error message. |
When you create an error message, Oracle Identity Manager populates the Key field with a unique identification number. When a condition occurs that causes the error message to be displayed, the text in the Description field is displayed in a dialog box.
Note:
After you create an error message definition, to reset the count of how many times the error message is displayed, click the Reset Count button. This resets the count to zero.To create an error message:
Open the Error Messaging Definition form.
In the Code field, enter the code that represents the error message definition.
In the Description field, enter a description for the error message.
In the Remedy field, you can enter a description for how to correct the condition that causes the error message to be displayed.
In the Help URL field, you can enter the link to the URL that contains an online Help topic for this error message.
(Optional) Double-click the Action Lookup field.
From the Lookup dialog box that is displayed, you can select a code that represents the seriousness of the condition that causes the error message to be displayed. These codes, listed by degree of seriousness (from lowest to highest), are:
Error (E). Oracle Identity Manager stores the error message, and stops any related operations from being triggered. Instead, the operation rolls back to the previous operation.
Reject (R). Oracle Identity Manager stores the rejection message, but it does not prevent subsequent operations from being executed.
Fatal Reject (F). Oracle Identity Manager stores the rejection message, and it stops any subsequent operations from being triggered. However, it stores all operations that were executed up to the fatal rejection.
(Optional) Double-click the Severity Lookup field. From the Lookup dialog box that is displayed, you can select a code (None (N), Low (L), Medium (M), High (H), or Crash (C)). This code presents a detailed classification of the code that is displayed in the Action lookup field.
In the Note field, enter explanatory information about the error message.
Click Save.
The error message is created.
After creating error messages by using the Error Message Definition form, you must add new error codes and advice messages in the Oracle Identity Manager customResources.properties
resource bundle. These localized error codes and advice messages will be shown in the Administrative and User Console.