Difference between Direct and Request role assignment in Oracle Identity Manager OIM 11gR2

The Request and Direct Role assignments are two types of operations that are defined in OIM. Here is the link to the doc.
For example, if you are a user administrator, then all operations such as create user, modify user, grant account, enable user account, and so on are direct operations. Similarly, if you have been assigned the User Viewer admin role, then operations such as create user, enable user, delete user, grant role, revoke entitlements, and so on result in a request being created.

See below table for various Request or Direct Operations that are allowed based on the type of Role in OIM.
Request_Direct_Role.JPG
The Help Desk role is an interesting one, it has capabilities for both operations (Direct and Request based) - for example, Change User Password can be done by the Help Desk role via Direct operation, whereas in order to Enable a User, the Help Desk user will have to invoke a Request based operation. In other words Help Desk role/user cannot directly enable a user. However as you can see in above table, the User Administrator Role can directly Enable a user.



Comments

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Session Timeout in Oracle Access Manager

SOAPUI - import certificate