In Oracle Identity Manager, the following types of roles are available:
Enterprise roles: These are roles that users (depending on the permissions granted) can create, modify, or delete in Oracle Identity Manager and request for the roles by using the access catalog.
Admin roles: These are predefined roles in Oracle Identity Manager that have a one-to-one mapping with the application roles defined in Oracle Entitlement Server. Admin roles are not visible to the end users. Therefore, admin roles cannot be requested. However, you can create and manage admin roles, as described in " Managing Administration Roles".
Table 16-1 shows the list of default roles in Oracle Identity Manager.
|
Note: If you upgrade from Oracle Identity Manager 11g Release 1 (11.1.1), then the default roles of 11g Release 1 (11.1.1) will be available. |
Table 16-1 Default Roles in Oracle Identity Manager
| Role | Description |
|---|---|
|
ALL USERS |
Members of this role have minimal permissions, including the ability to access the user's own user record. By default, each user belongs to the ALL USERS role. |
|
SYSTEM ADMINISTRATORS |
For this role, name and display name are read-only. All other operations are permitted on this role, such as adding/removing parent roles, access policies, organizations, rules, and members. Note: By default, XELSYSADM and OIMINTERNAL users are members of this role. |
|
Administrators |
This role is for internal use only, meaning it is for Oracle Identity Manager users, and other users can only view it on UI. Oracle WebLogic Server administrator is a member of this role. |
|
OPERATORS |
This role is for internal use only, meaning it is for Oracle Identity Manager users, and other users can only view it on UI. |
|
SELF OPERATORS |
This role is for internal use only, meaning it is for OIM users, and other users can only view it on UI. No users are associated with this role. Note: Oracle Identity Manager recommends that you do not modify the permissions associated with the SELF OPERATORS user role. In addition, you should not assign any users to this role. |
|
IDM Administrators |
This role is for internal use only, meaning it is for Oracle Identity Manager users, and other users can only view it on UI. This role is for WLS Administrators Group for the IDM Domain. Note: This role is applicable when Oracle Identity Manager uses LDAP Identity Store. |
|
BI Report Administrator |
This role is for internal use only, meaning it is for Oracle Identity Manager users, and other users can only view it on UI. This role is an Administrators role for BI Publisher Reports. Note: This role is applicable when Oracle Identity Manager uses DB Identity Store. |