My Oracle Support Banner

Questions on REST APIs Use for Security Management User Access Management (Doc ID 2547505.1)

Last updated on SEPTEMBER 24, 2019

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.0.5 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Analytical Applications Infrastructure (OFSAAI)

Goal

Question 1:SailPoint Integration with OFSAA 8.0.5 for User Access management

Based on an enterprise wide push to have SailPoint implemented for all Active applications, have reviewed Document 1541396.1 Can User Authorization Be Done Outside Security Management System:

1. Will the document referred in the Doc ID above, i.e. User_Provisioning_API.docx applicable to OFSAA 8.0.5 as well?
2. As part of OFSAA 8.0.5.X has there been introduced any inherent features/API's (apart from Web services) to integrate third party user management tools?
3. Can the Third Party tool be allowed to edit the OFSAA CSSMS_* tables directly? Will this lead to Support issues.
 
Question 2: Is new group creation or group level maintenance activities supported via REST API's?
 
Question 3: Is there at least an Account group aggregation API to pull all entitlements (groups) within the application? To add some context here, if the person initiating REST API needs to know what all are the available Groups for User-Group mapping and their description, how do they get that?
 
Question 4: Is it required to create a separate User id for the third party IAM to be able to use REST API? If yes, what all groups/roles should that user id be given?
 
Question 5: REST API's presently support the below functionalities.
1. Create User
2. Update User
3. Delete User
4. Authorize user
5. Re-instate user
6. Map user to group

Now, if an employee leaves a firm and we want to delete the user from OFSAA, we would ideally opt to use Functionality #3 Delete user.
However, one cannot delete a user until the user is unmapped from all user-user group maps.

But via REST API, facility to un map user is not provided. So the question from our team is two fold.

1. What's the use of delete user if user cannot be deleted Or is there no such mandate to un map user from user groups if deleted via APIs?
2. Can the unmap user functionality be included in REST APIs?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.