•Access Policies are set of rules based on roles & resources to enable provisioning of resources to users or group of users.
•Whenever an access policy is applied, the resources are directly provisioned to the user without the any request being generated
•Access policies are not applied to subroles. Policies are only applied to direct-membership users in the roles that are defined on the access policies
•You can specify if a resource in a policy must be revoked when the policy no longer applies. If you do so, then these resources are automatically revoked from the users by Oracle Identity Manager when the policy no longer applies to the users.
•While creating an access policy, you can select resources to be denied along with resources to be provisioned for roles. If you first select a resource for provisioning and then select the same resource to be denied, then Oracle Identity Manager removes the resource from the list of resources to be provisioned. If two policies are defined for a role in which one is defined to provision a resource and the other is defined to deny the resource, then Oracle Identity Manager does not provision the resource irrespective of the priority of the policies.
•Access policies can be evaluated in the following scenarios:
Ø When a user is made a part of a role or removed from a role
Ø If the retrofit flag is set for the policy
•Evaluate User Policies schedule task evaluates the conditions and executes the access policy
•Creating Access Policies
•Following screens will show how access policies are created
No comments:
Post a Comment