B Functional Capabilities
This appendix provides the list of Admin Role capabilities and the list of Self capabilities.
B.1 List of Authorization Functional Capabilities
The Authorization Functional Capabilities list provides the different admin role capabilities that a new admin role can be assigned with.
This section provides the list of admin role capabilities in Table B-1.
Table B-1 Authorization Functional Capabilities
Functional Type | Functional Capability | Description | Implied Capabilities |
---|---|---|---|
Admin Role |
AdminRole - Create |
Allows a User to create an Admin Role |
Create Admin Role View or Search Admin Roles Assign Capabilities Assign Admin Role Members Set Organization Scope of Control Publish Admin Role to Organization |
Admin Role |
AdminRole - Modify |
Allows a User to modify an Admin Role |
Modify Admin Role Attributes View or Search Admin Roles Assign Capabilities Assign or Unassign Admin Role Members Set Organization Scope of Control Publish Admin Role to Organization |
Admin Role |
AdminRole - Delete |
Allows a User to delete an Admin Role |
Delete Admin Role View or Search Admin Roles |
Admin Role |
AdminRole - View/Search |
Allows a User to view and search for Admin Roles |
View or Search Admin Roles View Capabilities View Admin Role Members View Organization Scope of Control View Organizations Published To |
Role |
Role - Create |
Allows a User to create a Role |
Create Role Assign Role Hierarchy Assign Access Policy Assign Role Members Publish Role to Organization |
Role |
Role - Modify |
Allows a User to modify a Role |
Modify Role Attributes Assign or Unassign Role Hierarchy Assign or Unassign Access Policy Assign or Unassign Role Members Publish Role to Organization |
Role |
Role - Delete |
Allows a User to delete a Role |
Delete Role View or Search Role |
Role |
Role - View / Search |
Allows a User to view and search for Roles |
View or Search Role View Role Hierarchy View Role Members View Role Access Policy View Organizations Published To |
User |
User - Create |
Allows a User to create another User |
Create User View or Search User |
User |
User - Modify |
Allows a User to modify another User |
Modify User Attributes View or Search User Request, Remove, or Modify Roles View Direct Reports View AdminRoles |
User |
User - Delete |
Allows a User to delete another User |
Delete User View or Search User |
User |
User - Enable |
Allows a User to enable another User |
Enable User View or Search User |
User |
User - Disable |
Allows a User to disable another User |
Disable User View or Search User |
User |
User - Lock |
Allows a User to lock an Oracle Identity Manager Account |
Lock User View or Search User |
User |
User - Unlock |
Allows a User to unlock an Oracle Identity Manager Account |
Unlock User View or Search User |
User |
User - Change Password |
Allows a User to change another User's password |
Change User Password View or Search User |
User |
User - View/Search |
Allows a User to search for and view Users and their details |
View or Search User View Roles View Direct Reports View Admin Roles |
User |
User - View Requests |
Allows a User to search for requests |
View User Requests View or Search Users |
Relationships |
Provision Accounts |
Allows a User to provision Accounts, including start and end dates, on another User |
Request Account View or Search User View or Search Accounts Modify Accounts |
Relationships |
Deprovision Accounts |
Allows a User to deprovision Accounts on another User, including setting end dates |
Remove Account View or Search User View or Search Accounts Modify Accounts |
Relationships |
Modify Provisioned Accounts |
Allows a User to modify another User's provisioned Account, including start and end dates |
Modify Accounts View or Search User View or Search Accounts |
Relationships |
Enable Provisioned Accounts |
Allows a User to enable Account of another User |
Enable Account View or Search User View or Search Accounts |
Relationships |
Disable Provisioned Accounts |
Allows a User to disable Account of another User |
Disable Account View or Search User View or Search Accounts |
Relationships |
Change Provisioned Account Password |
Allows a User to change Account password for another User |
Change Account Password View or Search User View or Search Accounts |
Relationships |
View Provisioned Accounts |
Allows a User to see another User's provisioned Accounts |
View or Search User View or Search Accounts |
Relationships |
Grant Account Entitlements |
Allows a User to grant Entitlements, including start and end dates, for another User |
Request Entitlement View or Search User View or Search Account View or Search Account Entitlement Modify Entitlement |
Relationships |
Modify Account Entitlements |
Allows a User to modify Account Entitlements for another User |
Modify Entitlement View or Search User View or Search Account View or Search Account Entitlement |
Relationships |
Revoke Account Entitlements |
Allows a User to revoke Account Entitlements for another User, including setting end dates |
Remove Entitlement View or Search User View or Search Account View or Search Account Entitlement Modify Entitlement |
Relationships |
View Account Entitlements |
Allows a User to see another User's Entitlements |
View or Search Account Entitlement View or Search User View or Search Account Entitlement |
Password Policy |
Password Policy - Create |
Allows a User to create a Password Policy |
Create Password Policy View or Search Password Policy |
Password Policy |
Password Policy - Modify |
Allows a User to modify a Password Policy |
Modify Password Policy View or Search Password Policy |
Password Policy |
Password Policy - Delete |
Allows a User to delete a Password Policy |
Delete Password Policy View or Search Password Policy |
Password Policy |
Password Policy - View/Search |
Allows a User to view and search for Password Policies |
View or Search Password Policy |
Organization |
Organization - Create |
Allows a User to create an Organization |
Create Organization View or Search Organization View or Search User View or Search Password Policy Create Sub-Organization |
Organization |
Organization - Modify |
Allows a User to modify an Organization |
Modify Organization Attributes View or Search Organization Disable Organization View Organization Members Set User Membership Rule View Available Roles View Available Accounts View Available Entitlements Provision Accounts Assign or Unassign AdminRoles |
Organization |
Organization - Delete |
Allows a User to delete an Organization |
Delete Organization View or Search Organization |
Organization |
Organization - View / Search |
Allows a User to view and search for Organizations |
View or Search Organization View Child Organizations View Members View Available Roles View Admin Roles View Provisioned Accounts |
Organization |
Organization - View Organization Members |
Allows a User to see the members of an Organization |
View Organization Members View or Search Organizations |
Organization |
Organization - View Organization Published Entitlements |
Allows a User to see the Entitlements published to an Organization. This also provides the implicit capability to View Members of the organizations in scope without allowing any edits. Note: This capability contains a composite of Organization View capability. |
View Available Entitlements View or Search Organizations |
Organization |
Organization - View Organization Published Application Instances |
Allows a User to see the applications published to an Organization. This also provides the implicit capability to View Members of the organizations in scope without allowing any edits. Note: This capability contains a composite of Organization View capability. |
View Available Accounts View or Search Organizations |
Identity Audit Policy |
Identity Audit Policy - Create |
Allows a User to create an Identity Audit Policy Note: Entity types IdentityAuditScanRun and IdentityAuditPolicyViolationCause are not supported in this release. |
Create Identity Audit Policy View or Search Identity Audit Policy Assign or Unassign Identity Audit Rule Create Identity Audit Scan Run View Identity Audit Configuration |
Identity Audit Policy |
Identity Audit Policy - Modify |
Allows a User to modify an Identity Audit Policy |
Modify Identity Audit Policy View or Search Identity Audit Policy Assign or Unassign Identity Audit Rule Create Identity Audit Scan Run View Identity Audit Configuration |
Identity Audit Policy |
Identity Audit Policy - Delete |
Allows a User to delete an Identity Audit Policy |
Delete Identity Audit Policy View or Search Identity Audit Policy |
Identity Audit Policy |
Identity Audit Policy - Enable |
Allows a User to enable an Identity Audit Policy |
Enable Identity Audit Policy View or Search Identity Audit Policy |
Identity Audit Policy |
Identity Audit Policy - Disable |
Allows a User to disable an Identity Audit Policy |
Disable Identity Audit Policy View or Search Identity Audit Policy |
Identity Audit Policy |
Identity Audit Policy - Assign Rule |
Allows a User to assign Identity Audit Rules to an Identity Audit Policy |
Assign Identity Audit Rule View or Search Identity Audit Policy |
Identity Audit Policy |
Identity Audit Policy - Unassign Rule |
Allows a User to unassign Identity Audit Rules from an Identity Audit Policy |
Unassign Identity Audit Rule View or Search Identity Audit Policy |
Identity Audit Policy |
Identity Audit Policy - View / Search |
Allows a User to view an Identity Audit Policy |
View or Search Identity Audit Policy View Identity Audit Rule |
Identity Audit Rule |
Identity Audit Rule - Create |
Allows a User to create an Identity Audit Rule |
Create Identity Audit Rule View or Search Identity Audit Rule |
Identity Audit Rule |
Identity Audit Rule - Modify |
Allows a User to modify an Identity Audit Rule |
Modify Identity Audit Rule View or Search Identity Audit Rule |
Identity Audit Rule |
Identity Audit Rule - Delete |
Allows a User to delete an Identity Audit Rule |
Delete Identity Audit Rule View or Search Identity Audit Rule |
Identity Audit Rule |
Identity Audit Rule - Enable |
Allows a User to enable an Identity Audit Rule |
Enable Identity Audit Rule View or Search Identity Audit Rule |
Identity Audit Rule |
Identity Audit Rule - Disable |
Allows a User to disable an Identity Audit Rule |
Disable Identity Audit Rule View or Search Identity Audit Rule |
Identity Audit Policy |
Identity Audit Rule - View/Search |
Allows a User to view an Identity Audit Rule |
View or Search Identity Audit Rule |
Identity Audit Configuration |
Identity Audit Configuration - Modify |
Allows a User to modify the Identity Audit Configuration |
Modify Identity Audit Configuration View Identity Audit Configuration |
Identity Audit Configuration |
Identity Audit Configuration - View |
Allows a User to view the Identity Audit Configuration |
View Identity Audit Configuration |
Identity Audit Scan Definition |
Identity Audit Scan Definition - Create |
Allows a User to create an Identity Audit Scan definition |
Create Identity Audit Scan Definition View or Search Identity Audit Scan Definition Create Identity Audit Scan Run |
Identity Audit Configuration |
Identity Audit Scan Definition - Modify |
Allows a User to modify an Identity Audit Scan definition |
Modify Identity Audit Scan Definition View or Search Identity Audit Scan Definition Create Identity Audit Scan Run |
Identity Audit Configuration |
Identity Audit Scan Definition - Delete |
Allows a User to delete an Identity Audit Scan definition |
Delete Identity Audit Scan Definition View or Search Identity Audit Scan Definition |
Identity Audit Configuration |
Identity Audit Scan Definition - View |
Allows a User to view and search for Identity Audit Scan Definitions |
View or Search Identity Audit Scan Definition View User View Role View Application Instance View Entitlement View Organization View Requests View User Roles View User Accounts View User Entitlements View Identity Audit Policy View Identity Audit Configuration View Identity Audit Scan Run Search Catalog Item View Identity Audit Policy Violation |
Identity Audit Policy Violation |
Identity Audit Policy Violation - Force Close |
Allows a User to force close an Identity Audit Policy Violation |
Force Identity Audit Policy Violation Close View or Search Identity Audit Policy Violation |
Identity Audit Policy Violation |
Identity Audit Policy Violation - Assign |
Allows a User to assign or reassign an Identity Audit Policy Violation |
Assign Identity Audit Policy Violation View or Search Identity Audit Policy Violation |
Identity Audit Policy Violation |
Identity Audit Policy Violation - Complete |
Allows a User to complete an Identity Audit Policy Violation |
Complete Identity Audit Policy Violation View or Search Identity Audit Policy Violation Accept Identity Audit Policy Violation Cause Risk Request Identity Audit Policy Violation Cause Remediation Mark Identity Audit Policy Violation Cause as Fixed |
Identity Audit Policy Violation |
Identity Audit Policy Violation - View |
Allows a User to view an Identity Audit Policy Violation |
View or Search Identity Audit Policy Violation View or Search Identity Audit Policy Violation Cause |
Certification |
Certification - Modify |
Allows a User to modify a Certification |
Modify Certification View Certification |
Certification |
Certification - View |
Allows a User to view a Certification |
View Certification |
Certification |
Certification - Modify Configuration |
Allows a User to modify the Certification Configuration |
Modify Certification Configuration |
Certification |
Certification - View Configuration |
Allows a User to view the Certification Configuration |
View Certification Configuration |
Access Policy |
Access Policy - Create |
Allows a User to create Access Policies |
Create Access Policy View or Search Access Policy |
Access Policy |
Access Policy - Delete |
Allows a User to delete Access Policies |
Delete Access Policy View or Search Access Policy |
Access Policy |
Access Policy - Modify |
Allows a User to modify Access Policies |
Edit Access Policy View or Search Access Policy |
Access Policy |
Access Policy - View/Search |
Allows a User to view and search for Access Policies |
View or Search Access Policy |
B.2 List of Self Capabilities
This appendix provides the list of Admin Role capabilities in Table B-1 and the list of Self capabilities in Table B-2.
Table B-2 Self Capabilities
Functional Type | Functional Capability | Description | Implied Capabilities |
---|---|---|---|
Self Service |
Self Service - Modify Profile |
Allows a User to modify their own user profile |
Modify Self View or Search Self |
Self Service |
Self Service - Modify Proxy |
Allows a User to add, modify, delete or view their own proxies |
Modify Self Proxy View or Search Self Add Self Proxy Delete Self Proxy View Self Proxy |
Self Service |
Self Service - Request Role Memberships |
Allows a User to request Roles published to their home organization |
Request Self Role Modify Self Role View Self Roles |
Self Service |
Self Service - Modify Roles Memberships |
Allows a User to modify Roles assigned to them |
Modify Self Role View Self Roles |
Self Service |
Self Service - Revoke Role Memberships |
Allows a User to delete Roles assigned to them |
Remove Self Role Modify Self Role View Self Roles |
Self Service |
Self Service - Request Accounts |
Allows a User to request Accounts published to their home organization, including start and end dates |
Request Self Account Modify Self Accounts View Self Accounts |
Self Service |
Self Service - Modify Accounts |
Allows a User to modify Accounts assigned to them |
Modify Self Accounts View Self Accounts |
Self Service |
Self Service - Change Account Password |
Allows a User to change password on Accounts assigned to them |
Change Self Account Password View Self Accounts |
Self Service |
Self Service - Revoke Accounts |
Allows a User to delete Accounts assigned to them now or on a specified end date |
Remove Account Modify Self Account View Self Accounts |
Self Service |
Self Service - Request Entitlements |
Allows a User to request Entitlements published to their home organization, including start and end dates |
Request Self Entitlement Modify Self Entitlement View Self Entitlements |
Self Service |
Self Service - Modify Entitlements |
Allows a User to modify Entitlements assigned to them |
Modify Self Entitlement View Self Entitlements |
Self Service |
Self Service - Revoke Entitlements |
Allows a User to delete Entitlements assigned to them now or at a specified end date |
Remove Self Entitlement Modify Self Entitlement View Self Entitlements |