It's all about IAM

Identity And Access Management - Rajiv Dewan

Get tcDataProvider Instance

Steps to create DataProvider Instance:


tcDataProvider dataProvider = new tcDataBaseClient()
tcDataProvider  dataProvider = XLDatabase.getInstance().getDataBase(); 
Connection connection = Platform.getOperationalDS().getConnection(); 

Modify Size of OOTB Fields on Create User Form


In OIM 10g we used to change the size of OOTB fields from Formmetadata.xml but in OIM 11g we don't have any such file.


  • Export /file/User.xml from MDS
  • Search for the field which you want to modify say "Middle Name"
  • Search for max-size

  • Default size is 80, you can change it as per your requirement
  • Import the file back into MDS using weblogicImportMetadata.bat/sh
  • Run PurgeCache.bat/sh

Modify Authorization Policies in OIM 11g


In OIM 11g, we can increase the access for a user which is provided by Authorization Policy but we can't decrease the access.

OOTB Authorization Policies can't be modified and we don't have any documents for the same as well. Here are the steps to modify OOTB Authorization Policies.

Example: User should not be allowed to modify their profile attributes


  • Go to OIM_HOME\server\seed_data\Seed\OESPolicies
  • Open SelfServiceUserManagementPolicies.xml" in edit mode
  • Comment out the following portion i.e. fields which don't want users to modify:

  • Download files from "Click Here To Download"
  • Open "" in edit mode and do changes as per you environment
  • Copy "rajivdewan.bat" and "" under /server/bin
  • Copy "rajivdewan.xml" in /server/setup/deploy-files
  • Go to server OIM_HOME/bin in command prompt
  • Run "rajivdewan.bat" and provide OIM Database Password as Argument
  • Run "rajivdewan.bat" "OIM_DB_PASSWORD"It will take some time to process and you'll see following screen:

  • Go to OIM_HOME\server\setup and check logs under "rajivdewan.log" file
  • You can also check logs under "OIM_HOME\server\seed_data\Seed\OESPolicies\SeedPolicies.log"


  • Don't trust the command prompt output
  • Verify the log file for confirmation
Creation of Authorization Policy

  • Login into OIM Administration Console with "xelsysadm"
  • Create an Authorization Policy for "Self Service User Management" and under Modify User Profile, select your required attributes and click
  • Login with a user and validate