OIM 11g R2 Ps2 (11.1.2.2.0) : Dynamic Organization Membership
In this post I will cover one of the newly introduced feature of OIM 11g R2 Ps2 which is the Dynamic Organization Membership.
What this mean is that a user can belong to one home organization and then can belong to multiple dynamic organizatons.
Dynamic organization membership provides a way to specify a rule that drives the membership of the user to one or more organizations based on their user attributes.
Membership Rule works exactly the way the Role Membership Rule works where in you specify the user attribute name and a value along with AND or OR condition as it works in case of Roles.
Also the membership is dynamic in the sense that if the condition is no longer met that then the users are automatically unassigned from that organization.
Application Instances, Entitlement and Roles are published to an organization as a way of authorization mechanism. So with this new feature user can be made member of dynamic org as a way of Role Based Access Control framework which is flexible and does not require duplication of same business logic.
Some of the screenshots below explaining this feature:-
On the User Profile , Home Org is visible
On the Organizations Tab of the User Profile, all the Dyanamic Orgs are visible
What this mean is that a user can belong to one home organization and then can belong to multiple dynamic organizatons.
Dynamic organization membership provides a way to specify a rule that drives the membership of the user to one or more organizations based on their user attributes.
Membership Rule works exactly the way the Role Membership Rule works where in you specify the user attribute name and a value along with AND or OR condition as it works in case of Roles.
Also the membership is dynamic in the sense that if the condition is no longer met that then the users are automatically unassigned from that organization.
Application Instances, Entitlement and Roles are published to an organization as a way of authorization mechanism. So with this new feature user can be made member of dynamic org as a way of Role Based Access Control framework which is flexible and does not require duplication of same business logic.
Some of the screenshots below explaining this feature:-
On the User Profile , Home Org is visible
On the Organizations Tab of the User Profile, all the Dyanamic Orgs are visible
Comments
Post a Comment