Friday, 7 May 2010

Trigger Happy Oracle Identity Manager - Part 2 - Provisioning with a twist

In the previous post on OIM we discussed how a process task is triggered when a resource in de OIM is provisioned or de-provisoned. The task "Create User" starts the java task that will create a user in the Resource object to be provisioned. The resource object could be a database, ldap server, file server or application.
Part of a process definition could also be a task that would add the user to a group within a ldap server. The standard way to resolve this using a "child table" with the process. But then the provisioning to this ldap group would not be seen in the OIM as a separate resource object provisioning for that user. This make all the resources this user has been provisioned too less transparent.
If one would want to see the provisioning to a ldap group as a separate resource provisioning, the process definition of this resource object must have the task "Create User", but in stead of creating the user in the ldap server this task would be linked to the java task that would add the user to the ldap group.

De-Provisioning that resource would result in the task "Delete User" being triggered that would remove the user from the ldap group.

No comments: