Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Oracle E-Business Suite

Mapping an Oracle E-Business Suite in One Identity Manager Synchronizing Oracle E-Business Suite
Setting up the initial synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Managing E-Business Suite user accounts and employees Provision of login information Managing entitlement assignments Mapping of E-Business Suite objects in One Identity Manager Handling of E-Business Suite objects in the Web Portal Basic configuration data Access rights required for synchronizing with Oracle E-Business Suite Default project templates for synchronizing an Oracle E-Business Suite Editing system objects Configuration parameters for managing Oracle E-Business Suite Example of a schema extension file About us

Adding E-Business Suite entitlements to the IT Shop

When you assign a permission to an IT Shop shelf, it can be requested by the shop customers. To ensure it can be requested, further prerequisites need to be guaranteed:

  • The permissions must be labeled with the IT Shop option.

  • The permission must be assigned a service item.

    TIP: In the Web Portal, all products that can be requested are grouped together by service category. To make the permission easier to find in the Web Portal, assign a service category to the service item.

  • If you only want the permission to be assigned to employees through IT Shop requests, the permissions must also be labeled with the Use only in IT Shop option. Direct assignment to hierarchical roles or user accounts is no longer permitted.

NOTE: With role-based login, the IT Shop administrators can assign permissions to IT Shop shelves. Target system administrators are not authorized to add permissions to IT Shop.

To add a permission to the IT Shop.

  1. In the Manager, select the Oracle E-Business Suite | Entitlements (non role-based login) category.

    - OR -

    In the Manager, select the Entitlements | E-Business Suite Entitlements (role-based login) category.

  2. In the result list, select the permission.
  3. Select the Add to IT Shop task.
  4. In the Add assignments pane, the entitlement to the IT Shop shelves.
  5. Save the changes.

To remove, an entitlement from individual shelves of the IT Shop

  1. In the Manager, select the Oracle E-Business Suite | Entitlements (non role-based login) category.

    - OR -

    In the Manager, select the Entitlements | E-Business Suite Entitlements (role-based login) category.

  2. In the result list, select the permission.
  3. Select the Add to IT Shop task.
  4. In the Remove assignments pane, the entitlement from the IT Shop shelves.
  5. Save the changes.

To remove, an entitlement from all shelves of the IT Shop

  1. In the Manager, select the Oracle E-Business Suite | Entitlements (non role-based login) category.

    - OR -

    In the Manager, select the Entitlements | E-Business Suite Entitlements (role-based login) category.

  2. In the result list, select the permission.
  3. Select the Remove from all shelves (IT Shop) task.
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The entitlement is removed from all shelves by the One Identity Manager Service. All requests and assignment requests with this entitlement are canceled.

For more detailed information about requesting company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related topics

Assigning E-Business Suite user accounts directly to an entitlement

To react quickly to special requests, you can assign the entitlements directly to user accounts.

To assign an entitlement directly to user accounts

  1. Select the Oracle E-Business Suite | Entitlements category.

  2. Select the entitlements in the result list.

  3. Select the Assign user accounts task.

The top area of the form displays all user accounts that have already been assigned, together with their validity periods. The overview shows the user accounts that have been assigned both directly and indirectly. For direct assignments, an Active from (direct) date is set; indirect assignments do not have a direct validity date.

To assign the entitlement to a user account:

  1. Click Add.

  2. Select the user account from the User account menu.

  3. In the Active from (direct) input field, enter the first date from on the direct entitlement assignment is valid.

  4. (Optional) In the Active to (direct) input field, enter the last date on which the direct entitlement assignment is valid.

  5. (Optional) Add further user accounts.

  6. Save the changes.

To edit a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you want to edit.

  2. Change the values in the input fields Active from (direct), Active to (direct), or Description.

  3. Save the changes.

Only direct assignments can be edited. If you select and edit an indirect assignment in the overview, this creates an additional direct assignment.

Entitlement assignments cannot be deleted. Instead, there are two options for indicating that a direct assignment is no longer valid.

  • Enter the current date as the expiration date of the entitlement.

    Select this option, for example, if an entitlement assignment will become invalid on a defined date in the future.

    - OR -

  • Delete the entitlement assignment.

    Select this option, for example, if an inherited entitlement assignment also exists alongside the direct assignment, and you want the inherited entitlement assigned to replace the direct assignment.

To set the expiration date for a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you no longer want to be effective.

  2. Next to the input field Active to (direct), click ....

  3. Click Today or define a different expiration date.

  4. Save the changes.

To remove a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you no longer want to be effective.

  2. Click Delete.

  3. Save the changes.

    The first and last validity date of the direct assignment (Active from (direct) and Active to (direct)) are deleted. The final validity date (Active to (effective)) is recalculated. If no further valid assignments exist, the final validity date is set to a date in the past and XOrigin is assigned the value 16.

Detailed information about this topic
Related topics

Assigning E-Business Suite entitlements directly to a user account

To enable a quick response to special requests, you can assign entitlements directly to a user account.

To assign entitlements directly to a user account

  1. Select the Oracle E-Business Suite | User accounts category.

  2. Select the user account in the result list.

  3. Select the Assign permission task.

The top area of the form displays all entitlements that have already been assigned, together with their validity periods. The overview shows the entitlements that have been assigned both directly and indirectly. For direct assignments, an Active from (direct) date is set; indirect assignments do not have a direct validity date.

To assign an entitlement to the user account

  1. Click Add.

  2. Select the entitlement you want to assign from the E-Business Suite Entitlement menu.

  3. In the Active from (direct) input field, enter the first date from on the direct entitlement assignment is valid.

  4. (Optional) In the Active to (direct) input field, enter the last date on which the direct entitlement assignment is valid.

  5. (Optional) Add further entitlements.

  6. Save the changes.

To edit a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you want to edit.

  2. Change the values in the input fields Active from (direct), Active to (direct), or Description.

  3. Save the changes.

Only direct assignments can be edited. If you select and edit an indirect assignment in the overview, this creates an additional direct assignment.

Entitlement assignments cannot be deleted. Instead, there are two options for indicating that a direct assignment is no longer valid.

  • Enter the current date as the expiration date of the entitlement.

    Select this option, for example, if an entitlement assignment will become invalid on a defined date in the future.

    - OR -

  • Delete the entitlement assignment.

    Select this option, for example, if an inherited entitlement assignment also exists alongside the direct assignment, and you want the inherited entitlement assigned to replace the direct assignment.

To set the expiration date for a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you no longer want to be effective.

  2. Next to the input field Active to (direct), click ....

  3. Click Today or define a different expiration date.

  4. Save the changes.

To remove a direct entitlement assignment

  1. In the overview, select the direct entitlement assignment that you no longer want to be effective.

  2. Click Delete.

  3. Save the changes.

    The first and last validity date of the direct assignment (Active from (direct) and Active to (direct)) are deleted. The final validity date (Active to (effective)) is recalculated. If no further valid assignments exist, the final validity date is set to a date in the past and XOrigin is assigned the value 16.

Detailed information about this topic
Related topics

Validity period of permission assignments

You can limit the time for which permission assignments are valid. A user account can receive permissions by direct assignment as well as through a variety of different inheritance paths. Each of these assignments can have a different validity period. One Identity Manager uses all validity periods to determine the actual validity period effective at the current time. This calculation considers all assignments with OriginIndirect = 0.

Table 28: Properties of a permission assignment

Property

Description

Active from (effective)

First date from which the assignment is valid. This date is calculated from all assignments (direct and indirect).

Active to (effective)

Last date on which the assignment is valid This date is calculated from all assignments (direct and indirect). If no date is specified, the assignment is unlimited.

Active from (direct)

First date from which the direct assignment is valid

Active to (direct)

Last date on which the direct assignment is valid If no date is specified, the assignment is unlimited.

Indirect

Specifies whether this assignment maps an indirect permission from the target system. You cannot edit indirect assignments in One Identity Manager.

Description

Text field for additional explanation.

Calculation of the effective validity period

In One Identity Manager, one user account-permission combination can have multiple assignments with different validity periods. However, only the effective assignment is transferred to Oracle E-Business Suite. One Identity Manager calculates the effective validity period from all the assignments. The different assignment types are incorporated into the calculation as follows:

Table 29: Determine validity period

Type of assignment

Validity period

Direct assignment

Active from (direct) and Active to (direct)

Request

Validity period of the request when the Valid from date of the request has been reached or exceeded.

For unlimited requests, 01.01.1900 is entered at the first validity date.

assignment request

Validity period of the request when the Valid from date of the request has been reached or exceeded.

For unlimited requests, 01.01.1900 is entered at the first validity date.

Inheritance by department, location, cost center, or business role (not an assignment request)

Unlimited only

The date of the assignment is set as the first date of the validity.

Inheritance through dynamic role

Unlimited only

The date of the assignment is set as the first date of the validity.

Inheritance by system role

Unlimited only

The date of the assignment is set as the first date of the validity.

The effective assignment is controlled by a schedule.

  • Active from (effective): earliest initial validity date of all the assignments

  • Active to (effective): latest last validity date of all limited assignments

    If the assignment is unlimited, Active to (effective) is empty.

Detailed information about this topic
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating