The Access Policy feature in OIM has been moved to /identity screen from /sysadmin since OIM 12c.
To create a new Access Policy in OIM 12c, Login to /identity console, click on Roles and Access Policies, Click on Access Policies:
Click on Create:
Fill the values as mentioned below and Click on Next:
Click on Provisioned Application Add option to add resources to be provisioned by this access Policy.
Select constraints as either of Revoke or Disable to applicable for this access policy.
“When the Revoke if no longer applies option or the Disable if no longer applies option is selected, entitlements are always revoked with the policy no longer applies. If the Disable if no longer applies option is selected, then the entitlements associated with the resource are revoked when the policy no longer applies because the entitlements have been originally granted because of the role grant. The entitlements are added to the resource instance when the role is granted once again.”
To populate the default values populated during access policy evaluation, click on Resource Object as highlighted below:
Click on Finish the complete the Access Policy creation:
Note: Assigning roles to the Access Policy is not available during the access policy creation. To associate roles with the OIM Access Policy, please perform the following additional steps:
Search the role which you want to associate with the newly created access policy:
That’s all, the Role has been associated with the Access Policy ☺
I don't understand why they did half a work, where is the entitlement management, no way to add entitlement to Access Policy.
ReplyDeletethis is not helping too much