How to Restrict the Visibility of the Accounts and Entitlments tabs for Requesters But Keep it for the Owners (Doc ID 2251631.1)

Last updated on MAY 14, 2017

Applies to:

Identity Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.

Goal

This document presents an OIM UI  customization, that will allow the requester users to raise requests for other users, but will restrict the requester users from seeing what other Accounts and Entitlements are already assigned to the target users.

Example:
1. user A and user B both are from the same organization
2. User A should be able to raise request for accounts provisioning for user B. At the same time, user A should not be able to view the accounts and entitlements details of User B.

Issue : To provide end user with capability to raise request for others for accounts or entitlements we need the "Grant user entitlement"  Admin Role to User A.

But the "Grant user entitlement" is a kind of parent capability for the "Entitlement entity" and if this is provided to end user, then he/she will automatically inherit view account and entitlement capabilities.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms