Oracle Identity Manager provides a comprehensive set of role-based access control capabilities. Roles make it easier to assign access levels to users and to audit those assignments on an ongoing basis. Role-based access control ensures higher visibility and ease in assigning and unassigning access privileges to users, enforces the notion of least privilege, and enables compliance and audit insight.
Role-based administration typically grows and expands as new situations occur, such as applications are onboarded or phased out, as business requirements evolve. The main advantage of using this approach is ease of implementation and compliance oversight. Role-based administration can be established in a centralized fashion, distributed throughout your network, or hybridized.
Using this feature in Oracle Identity Manager, you can:
Create, edit, and delete roles via role owner approvals to enforce increased accountability and audit
Assign users to roles and remove users from roles
Assign a role as a parent role to an existing role
View access policies assigned to a role
Add, edit, or remove user membership rule of a role
Publish roles to organizations and unpublish roles from organizations
Make educated decisions to administer role content via advanced role analytics
This chapter describes roles and functionalities related to roles in the following sections: