Roles is one of the important concept in OIM. Roles are used to create and manage the records of a collection of users to whom want to permit access to common functionality, such as access rights, roles, or permissions.
Role Membership rules determine which users can be assigned or removed as direct membership to or from the role. OIM provides functionality to create role membership rule through UI using Identity Self Service console. But one of the weakness while creating rule through self service console is that, only five operators are available for conditions in role membership rule =, !=, Starts with, Ends with, Contains and IN.
But what if requirement is to use other than these five operators like DOES_NOT_CONTAIN, DOES_NOT_BEGIN_WITH, DOES_NOT_ENDS_WITH, NOT_IN, LESS_THAN, GREATER_THAN, GREATER_EQUAL, LESS_EQUAL etc.
Yes its possible in OIM through SearchRule api. Following code is the example of the same.
public class CreateMembershipRule {
private RoleManager roleManager = null;
public static void main(String[] arg) throws Exception {
CreateMembershipRule objCreateMembershipRule = new CreateMembershipRule();
oimClient = objCreateMembershipRule.connectToOim();
roleManager = oimClient.getService(RoleManager.class);
objCreateMembershipRule.createRoleMemRule();
}
public void createRoleMemRule(){
SearchRule userMembershipRule1 = new SearchRule("Telephone Number", "127", SearchRule.Operator.DOES_NOT_CONTAIN);
SearchRule userMembershipRule2 = new SearchRule("Telephone Number","", SearchRule.Operator.NOT_EQUAL);
SearchRule combinedRule = new SearchRule(userMembershipRule1, userMembershipRule2, SearchRule.Operator.AND);
SearchRule userMembershipRule3 = new SearchRule("Last Name","BOR", SearchRule.Operator.DOES_NOT_CONTAIN);
SearchRule mainRule = new SearchRule(combinedRule, userMembershipRule3, SearchRule.Operator.AND);
roleManager.createRoleMembershipRule(mainRule,"ROLE_NAME");
}
private OIMClient connectToOim() {
String oimUserName = "xelsysadm";
String oimPassword = "**********";
String oimURL = "t3://<HostName>:14000";
String oimInitialContextFactory = "weblogic.jndi.WLInitialContextFactory";
String wlsAuthConfig = "authwl.conf";
String oimAppSrvType = "wls";
java.util.Hashtable<String, String> env = new java.util.Hashtable<String, String>();
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL, oimInitialContextFactory);
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
System.setProperty("java.security.auth.login.config",wlsAuthConfig);
System.setProperty("OIM.AppServerType", oimAppSrvType);
System.setProperty("APPSERVER_TYPE", oimAppSrvType);
OIMClient oimclient = new oracle.iam.platform.OIMClient(env);
try {
oimclient.login(oimUserName, oimPassword.toCharArray());
System.out.println("Successfully connected to OIM");
} catch (LoginException e) {
System.out.println("Exception in OIMClient.connectToOim()" + e.getMessage()); e.printStackTrace();
}
return oimclient;
}
}
Role Membership rules determine which users can be assigned or removed as direct membership to or from the role. OIM provides functionality to create role membership rule through UI using Identity Self Service console. But one of the weakness while creating rule through self service console is that, only five operators are available for conditions in role membership rule =, !=, Starts with, Ends with, Contains and IN.
But what if requirement is to use other than these five operators like DOES_NOT_CONTAIN, DOES_NOT_BEGIN_WITH, DOES_NOT_ENDS_WITH, NOT_IN, LESS_THAN, GREATER_THAN, GREATER_EQUAL, LESS_EQUAL etc.
Yes its possible in OIM through SearchRule api. Following code is the example of the same.
public class CreateMembershipRule {
private RoleManager roleManager = null;
public static void main(String[] arg) throws Exception {
CreateMembershipRule objCreateMembershipRule = new CreateMembershipRule();
oimClient = objCreateMembershipRule.connectToOim();
roleManager = oimClient.getService(RoleManager.class);
objCreateMembershipRule.createRoleMemRule();
}
public void createRoleMemRule(){
SearchRule userMembershipRule1 = new SearchRule("Telephone Number", "127", SearchRule.Operator.DOES_NOT_CONTAIN);
SearchRule userMembershipRule2 = new SearchRule("Telephone Number","", SearchRule.Operator.NOT_EQUAL);
SearchRule combinedRule = new SearchRule(userMembershipRule1, userMembershipRule2, SearchRule.Operator.AND);
SearchRule userMembershipRule3 = new SearchRule("Last Name","BOR", SearchRule.Operator.DOES_NOT_CONTAIN);
SearchRule mainRule = new SearchRule(combinedRule, userMembershipRule3, SearchRule.Operator.AND);
roleManager.createRoleMembershipRule(mainRule,"ROLE_NAME");
}
private OIMClient connectToOim() {
String oimUserName = "xelsysadm";
String oimPassword = "**********";
String oimURL = "t3://<HostName>:14000";
String oimInitialContextFactory = "weblogic.jndi.WLInitialContextFactory";
String wlsAuthConfig = "authwl.conf";
String oimAppSrvType = "wls";
java.util.Hashtable<String, String> env = new java.util.Hashtable<String, String>();
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL, oimInitialContextFactory);
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
System.setProperty("java.security.auth.login.config",wlsAuthConfig);
System.setProperty("OIM.AppServerType", oimAppSrvType);
System.setProperty("APPSERVER_TYPE", oimAppSrvType);
OIMClient oimclient = new oracle.iam.platform.OIMClient(env);
try {
oimclient.login(oimUserName, oimPassword.toCharArray());
System.out.println("Successfully connected to OIM");
} catch (LoginException e) {
System.out.println("Exception in OIMClient.connectToOim()" + e.getMessage()); e.printStackTrace();
}
return oimclient;
}
}
Role membership rule will look like this
