| Oracle® Fusion Middleware User's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14316-05 | 
 | 
| 
 | View PDF | 
A request template lets you customize a request type for a purpose. In other words, it allows you to control the attributes of the request by controlling the various capabilities in the UI. For instance, if you want to create requests for user creation for all contract employees and specify an attribute to have a particular value, then you can customize the Create User request type to create a request template that allows customization of the request. By creating the request template, you can specify that the middle name of all contract employees must be contract, or the user type must be specified as Part-time Employee.
Access to templates is based on the role assignment defined in the template. After creation of a request template, it is available only to the users with the roles that are assigned to the template.
A default template is shipped predefined for each of the request type. These predefined templates can not be deleted or renamed. Names of these predefined templates is same as corresponding models.
You can use a request template for the following purposes:
Adding template-level approval: You can add an additional level of approval apart from request-level and operation-level while creating the template.
Adding restrictions: This includes:
Adding entity restrictions: You can specify restrictions of the entity types or attributes that can be selected through the request templates. For example, a template for Provisioning Resource request type might specify a number of valid resources that can be selected by using this template. Limit the use of template to specific type of entities in case of generic requests. For example, the template defined on provisioning request type may specify that this template can only be used for Active Directory, Exchange, and UNIX resources.
Note:
If no entity type is restricted in the template, then all the available entity types are shown to the requester while creating request using this template.Restricting data values for an attribute: If you specify a value for attributes, then the default value of the attribute is set, and the attribute is not displayed in the UI. On specifying multiple such values, the values are available to the user as List of Values (LOV), from which the user can select a value.
Adding additional data collection attributes: These attributes are not associated with any entity. Data collected by using such mechanism cannot be used during request execution. However, it can be used for reporting purpose, validations on the request, and post submission data action handlers.
Assigning roles to template to restrict the use by end users: Only the members of the appropriate roles assigned to the template can raise a request by using that template.
To summarize, the following are achieved by using the request template:
The restricted entity types can be specified.
The restricted attributes that are not required to be collected as a part of the request for the entity can be specified.
The attribute can be restricted to one value or list of values. If only one value is specified, then the attribute is not shown to the requester while submitting the request. If a list of values is specified, then the requester has to select one value from the list of values.
The template management service internally uses Oracle Entitlements Server (OES) for determining who can perform what operations. The OES policy for request template authorization specifies that only users with the REQUEST TEMPLATE ADMINISTRATORS role are authorized to create or clone, search, modify, and delete request templates. See ""Request Creation By Using Request Templates"" for information about the authorization policy for request templates.
This section discusses the following topics:
As a user belonging to the REQUEST TEMPLATE ADMINISTRATORS role, you can create a request template by using the Create Request Template wizard in the UI for request management. Steps in the wizard are dynamically generated based on the selection of the request type in the first step and the selection of resource for resource-based request types.
Creation of request templates is described with the help of the following scenarios:
Creating a Request Template Based on the Create User Request Type
Creating a Request Template Based on the Provisioning Resource Request Type
To create a request template based on the Create User request type:
Log in to Oracle Identity Manager Administrative and User Console with credentials that have the permission to create a request template.
Note:
The user who is a member of the REQUEST TEMPLATE ADMINISTRATORS role is allowed to create a request template. If the appropriate role is not assigned to the user, then the required UI options for creating a request template will not be available to the user.Click Advanced to open Oracle Identity Manager Advanced Administration.
Click the Configuration tab, and then click Request Templates. Alternatively, you click the Search Request Templates link under Configuration in the Welcome page.
On the left pane, from the Actions menu, select Create. Alternatively, you can click the Create Request Template icon on the toolbar. The Set request template details page of the Create Request Template wizard is displayed.
Enter values for the following fields, and then click Next.
Request Template Name: Enter the name of the template that you want to create, for example, Create Contractor.
Request Type: Specify the type of request for which you want to create the request template, for example, Create User. Click the icon next to the field to select from the list of model types.
Description: Enter a description for the request template that you are creating.
Template Level Approval Process: Specify the approval workflow name if you want to specify an approval process for the Create User request. This is a template-level approval in addition to the request-level and operation-level approvals. For creating users for contract employees, you can specify that the HR representative, who is responsible for the recruitment of all contract employees, must approve the user creation. For more information about approval-levels, see "Approval Levels" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
See Also:
"Chapter 25: Configuring Workflows" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about default approval processesOn the Select Attributes to Restrict page, select the attributes of the Create User type for which you want the user to enter values. This page displays the attributes based on the dataset for Create User request type. If a request is created by using the Create User request template, then you can specify values for all these default attributes. If you want to restrict some of these attributes and want the user to enter values for a few attributes, then you can select those attributes in this page. For example, you can select Middle Name because a value for this attribute must be specified. In this example, you can select the Middle Name, Organization, User Type, User Manager, and Country attributes.
Note:
Even if a dataset attribute is configured with a PrePopulationAdapter, it can be restricted in a request template. In such case, pre-population will not happen and the values restricted in template will be shown in Request creation UI. Hence, if pre-population is required for an attribute, it should not be restricted in the template.
As mentioned earlier in this section, the steps in the wizard are dynamically generated based on the request type and the resource selection for resource-based request types. The steps are indicated on the top of the tab.
On the Set Attribute Restrictions page, specify restrictions on the attributes that you selected in the Select Attributes to Restrict page. To specify restrictions:
Note:
This step is generated only if there are any attributes specified in the corresponding request data set.For the middle name attribute, select any one of the following:
- Do not allow users to enter values for this attribute: Select this option if you do not want the user to specify a value for the attribute. On selecting this option, the attribute will not be displayed in the UI when creating the user. This option is not displayed for a mandatory attribute because a value must be specified for this attribute.
- Restrict this attribute to the following values: Select this option if you want to specify one or more values for the attribute. For the middle name attribute, if you specify a value, such as Contractor, then the default value of the attribute is set to Contractor, and the attribute is not displayed in the UI when creating the user. You can also specify multiple values for the attribute by using the + (plus) icon. On specifying multiple values, the values are available to the user as List of Values (LOV) when creating the user, from which the user can select a value.
Tip:
These options are displayed for the Middle Name attribute because the attribute is specified as a text box in the request dataset. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.Specify one or more values for the Organization attribute. To do so, click the search icon next to the Organization field, select one or more organization names from the Available Organizations list, and clicking the Move or Move All buttons.
Tip:
The Organization attribute is displayed as a field for which you must select a value by searching the existing organization names because this attribute is specified as an entity in the request dataset. This is a dynamic LOV because organizations can be created in Oracle Identity Manager. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.Specify a value for the User Type attribute. To do so, select one or more values from the Available User Type list, and click the Move or Move All buttons.
Tip:
The User Type attribute is displayed as a static LOV because this attribute is specified as a static LOV in the request dataset. This is a static LOV because the user must select from the available user types and cannot create new user types. For information about request datasets, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.Specify values for the User Manager and Country attributes, and click Next.
Note:
Steps 5, 6, and 7 are common for all request templates creation.On the Set Additional Attributes page, you can specify additional information about attributes, which need to be collected based on the template that you are creating but are not used for the purpose of entity mapping. These additional attributes are specified for the purpose of request tracking.
Note:
The Additional Attribute Data is not used during request execution. This data is also not displayed to the approver.In this example, specify date of birth as the additional attribute name. Select the Data Type as Number and Display Type as Text Field, and then click Add. You can specify multiple attributes by clicking the Add button. When finished, click Next.
See Also:
"Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for more information about the additional attributes that are not mapped to the underlying Oracle Identity Manager entityOn the Set Template User Roles page, you can select one or more roles, for example, AD Administrators, whose members are allowed to create requests by using the template that is being created. In this example, from the Available Roles list, select IT RESOURCE ADMINISTRATORS and ATTESTATION CONFIGURATION ADMINISTRATORS. Click Move to include the selected roles in the Selected Roles list, and then click Next.
Note:
Only members of the selected roles are allowed to create requests using the request template. This is governed by the authorization policy for creating requests by using request templates. See ""Request Creation By Using Request Templates" for information about creating a request by using request templates.On the Review Request Template Summary page, review the data that have been entered up to this point, and then click Finish.
Click OK to confirm the template creation.
In the Create Request Template wizard, the following steps are common irrespective of the request type that you select or the request dataset that you define:
Request details to be specified in the Set request template details page. See step 5 in the create request templates.
Setting additional attributes in the Set Additional Attributes page. See step 8.
Setting roles for the template in the Set Template User Roles page. See step 9.
Request summary information in the Review Request Template Summary page. See step 10.
Provision Resource is the default request type or template for provisioning resources to users. But if you want to create a request template to provision a specific resource to users, then you can create a request template, which is based on the Provision Resource request type.
To create a request template based on the Provisioning Resource request type:
In Oracle Identity Manager Advanced Administration, click the Configuration tab, and then click the Request Templates tab. Alternatively, you click the Search Request Templates link under Configuration in the Welcome page.
Note:
The user who is a member of the REQUEST TEMPLATE ADMINISTRATORS role is allowed to create a request template. If the appropriate role is not assigned to the user, then the required UI options for creating a request template will not be available to the user.On the left pane, from the Actions menu, select Create. Alternatively, you can click the Create a Request Template icon on the toolbar. The Set request template details page of the Create Request Template wizard is displayed.
In the Request Template Name field, enter the name of the request template, for example, Provision E-Business Resource.
In the Request Type field, search for a request type by clicking the search icon next to the field. Select Provision Resource, and click Confirm.
Note:
When you select the request type, the steps in the wizard are dynamically generated and are displayed on the top of the Create Request Template tab.In the Approval Process field, enter the name of the approval workflow. For information about this field, see step 4 of "Creating a Request Template Based on the Create User Request Type". Then, click Next.
In the Select Allowed Resources page, click Search to search for all the available resources.
From the Available Resources list, select one or more resources, and then click Move or Move All to include the selected resources in the Selected Resources list. In this example, select the E-Business RO resource, and then click Next.
Note:
When you create the request, only the resources that you select in this step are displayed. If you do not select a resource here, then all the resources in Oracle Identity Manager are displayed while creating the request.
If no entity type is restricted in the template, then all the available entity types are shown to the requester while creating request using this template.
In the Select Attributes to Restrict page, select the attributes associated with the E-Business resource that you want to restrict. These attributes are defined in the request dataset for provisioning the E-Business resource. See "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for more information about attributes.
If you select multiple resources in the Select Allowed Resources page, then the attributes associated with all the resources are displayed in the Select Attributes to Restrict page. Select the attributes for all the resources that you want to restrict, and then click Next.
In the Set Attribute Restrictions page, specify values for the attributes whose values you want to restrict. For example, for the model attribute, select the Do not allow users to enter values for this attribute option if you do not want the user to specify a value for the attribute. Otherwise, select the Restrict the attribute to the following values option and specify one or more values for the model attribute. For information about these options and setting restrictions for attributes, see "Creating a Request Template Based on the Create User Request Type".
Note that the Do not allow users to enter values for this attribute option is not available for the Server and Life Span Type attributes. This is because these attributes are specified as required in the request dataset. For information about the required property, see "Request Dataset" section in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
Select restriction values for all the attributes, and then click Next.
Tip:
If you are creating a request template for a request to provision multiple resources to users, click the Next Resource and Previous Resource buttons to set attribute restrictions for all the resources.Note:
Attributes coming up as shuttle on attribute restrictions page will show upto 200 results at a time. You need to provide appropriate search pattern to get relevant search results.Perform steps 8 through 10 of the procedure in "Creating a Request Template Based on the Create User Request Type" to complete the wizard.
Note:
In the Create Request Template wizard, the steps to select resources and set attribute restrictions vary based on the request type. The rest of the steps are similar.While creating a request template, if you select a resource that does not have a request dataset defined, then you are not allowed to restrict the attributes to collect from the user. This is because there is no information specified about the data that is to be collected from the user for the selected resource. As a result, the Step 2: Attributes and Step 3: Restrictions in the Create Request Template wizard are not applicable because the attributes in these steps are defined by the request dataset, in the absence of which, there is no data to restrict. However, when you select a resource that does not have a request dataset, the Service Account attribute is displayed in the Step 2: Attributes because this attribute is defined by the common request dataset. See "Common Request Dataset" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about common request dataset.
Oracle Identity Manager Administration allows you to perform simple and advanced search for request templates, if you have the privileges of the Template Administrator's role.
To perform a simple search for request templates:
Go to Oracle Identity Manager Advanced Administration.
In the left pane of the Request Templates section, enter a search criteria in the Search field. You can use the asterisk (*) wildcard character in the Search field.
Note:
In simple and advanced search for request templates, searching with translated request template name is not supported. Oracle Identity Manager supports only English string search for predefined request templates. For default request templates, you can search with English template names as stored in the database. However, if you create a request template by specifying its name in another language, then you can search it using the same string, and not in any other language.Click the icon next to the Search field to display a list of default and nondefault request templates.
All the default request templates are blank templates without any customization on top of the request types. Table 17-1 lists the default request templates:
Table 17-1 Default Request Templates
| Request Template | Description | 
|---|---|
| Assign Roles | Default template for assigning roles to users | 
| Create User | Default template for creating users | 
| De-Provision Resource | Default template for deprovisioning resources | 
| Delete User | Default template for deleting users | 
| Disable Provisioned Resource | Default template for disabling provisioned resources | 
| Disable User | Default template for disabling users | 
| Enable Provisioned Resource | Default template for enabling provisioned resources | 
| Enable User | Default template for enabling users | 
| Modify Provisioned Resource | Default template for modifying provisioned resources | 
| Modify Self Profile | Default template for modifying self profile | 
| Modify User Profile | Default template for modifying user profiles | 
| Provision Resource | Default template for provisioning resources | 
| Remove from Roles | Default template for removing users from roles | 
| Self-Register User | Default template for self registering users | 
| Self-Request Resource | Default template for requesting resources for self | 
Note:
Each request template mentioned in Table 17-1 has a default callback policy which are used by SPML webservice.To perform an advanced search for request templates:
Go to Oracle Identity Manager Advanced Administration.
In the left pane of the Request Templates section, click Advanced Search. The Advanced Search: Request Templates page is displayed.
Select any one of the following matching options:
All: On selecting this option, the search is performed with the AND condition. This means that the search operation is successful only when all the search criteria specified are matched.
Any: On selecting this option, the search is performed with the OR condition. This means that the search operation is successful when any search criterion specified is matched.
Specify values in the fields as search criteria. For each field, select an operator, such as Equals, Contains, or Begins with.
To discard a field from your search, click the cross icon next to the field.
Click Search. The search results table is displayed with details about the request template name, request type, approval process, and description.
Figure 17-1 Advanced Search Result for Request Templates

Select a template name in the search results table. From the Actions menu, select Open. The Template Details page is displayed with the details about the template.
In the Template Details section, the details of the template are displayed in the fields, as shown in Table 17-2:
Table 17-2 Fields in the Template Details Section
| Field | Description | 
|---|---|
| Request Template Name | The name of the request template, for example, Create User | 
| Request Type | The request type, for example, Create User | 
| Template Level Approval Process | The additional approval process, which is invoked for requests that are created using this request template. | 
| Description | The description for the request template | 
After you create a request template, and search for the request templates, the template that you created is also displayed in the search results table on the left pane. You can view the details of the template that you created. For example, if you create the Create Contractor request template and select Open from the Actions menu, then the Template Details page for the Create Contractor request template is displayed.
Note that the tabs that are displayed in the Request Details page correspond to the steps in the Create Template wizard. Similar to the steps in the wizard, the tabs in the Template Details page are dynamically generated, and each tab correspond to a step in the Create Template wizard. In general, the Template Details page has the following tabs:
Note:
These tabs are dynamically generated based on the request type that is associated with the request template. In other words, each tab that is displayed in the Request Details page correspond a step in the Create Template wizard.The Allowed Resources tab or the Allowed Roles tab is displayed only if the request type is associated with a resource or a role. Figure 17-2 shows the Allowed Resources tab:
The options available in this tab allows you to edit and delete resources or roles. To do so:
Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.
In the Allowed Resources tab of the request template details page, select the resource of role that you want to edit.
From the Actions list, select Edit. The Allowed Resources dialog box is displayed.
Search for the resource or role that you want to edit.
From the Available Resources list, select a resources or multiple resources and click Move or Move All to include the resources in the Selected Resources list.
Click Perform. The resource is listed in the Allowed Resources tab.
To delete a resource or role:
Select the resource or role that you want to delete.
From the Actions list, select Delete. A message box is displayed that confirms the deletion.
Click OK.
This tab contains the attribute restrictions, if any. Figure 17-3 shows the Attribute Restrictions tab:
Figure 17-3 The Attribute Restrictions Tab

Using this tab, you can put additional restrictions on the entity types that you can select if it is associated with a generic request type. To do so:
Go to Oracle Identity Manager Advanced Administration.
In the Selected Resources section of the Attribute Restrictions tab, select a resource whose attributes you want to restrict.
Specify the attributes that you want to specify in the lower part of the tab.
Click Next Resource. The attributes for the next resource are displayed.
Specify the attributes for the resource.
This tab is always displayed. Figure 17-4 shows the Additional Attributes tab:
Figure 17-4 The Additional Attributes Tab

Using this tab, you can specify additional attributes for data collection at the template level. These attributes are collected when the user creates a request. This data cannot be used during request execution. Also, you can only add new template attributes or delete the existing template attributes
To specify additional attributes for data collection:
Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.
In the Attribute Name field of the Additional Attributes tab, enter a name of the attribute.
From the Data Type list, select a value from String, Number, Date or Boolean.
From the Display Type list, select the type of field, such as text field, radio button, date field, check box, and date area, which you want to display for this attribute.
Click Add. The attribute is added to the Additional Attributes section.
To delete an additional attribute, select the attribute and select Delete from the Actions list.
This tab allows you to select the roles that can be assigned to the request template. Only the users with the role are able to create requests by using the template. Figure 17-5 shows the Template User Roles tab:
To select roles for assigning to the request template:
Open/Edit the Request Template that you want to modify in Oracle Identity Manager Advanced Administration.
From the Available Roles list of the Template User Roles tab, select the roles that you want to create requests by using this template.
Click Move or Move All to include the roles in the Selected Roles list.
Cloning a request template is the procedure to create a new request template by inheriting all the properties of an existing request template.
To clone a request template:
Go to Oracle Identity Manager Advanced Administration.
From the advanced search results in the Template Details page, select a request template that you want to clone.
From the Actions menu, select Clone. The Clone Template page is displayed with the details of the request template that you have selected for cloning.
Modify the required details of the request template for creating the new request template.
Click Save to create the new request template.
To delete a template as a member of the Templates Administrators role:
In the Request Templates tab in Oracle Identity Manager Advanced Administration, search for the existing request templates.
From the search results table, select the template that you want to delete.
From the Actions list, select Delete. A message box is displayed that asks for confirmation.
Click OK to confirm.
Note:
If the template to be deleted is referred by any existing requests, then it cannot be deleted.