Limitation: In OIM 11g, we can increase the access for a user which is provided by Authorization Policy but we can't decrease the access.
OOTB Authorization Policies can't be modified and we don't have any documents for the same as well. Here are the steps to modify OOTB Authorization Policies.
Example: User should not be allowed to modify their profile attributes
Procedure:
- Go to OIM_HOME\server\seed_data\Seed\OESPolicies
- Open SelfServiceUserManagementPolicies.xml" in edit mode
- Comment out the following portion i.e. fields which don't want users to modify:
- Download files from "Click Here To Download"
- Open "rajivdewan.properties" in edit mode and do changes as per you environment
- Copy "rajivdewan.bat" and "rajivdewan.properties" under /server/bin
- Copy "rajivdewan.xml" in /server/setup/deploy-files
- Go to server OIM_HOME/bin in command prompt
- Run "rajivdewan.bat" and provide OIM Database Password as Argument
- Run "rajivdewan.bat" "OIM_DB_PASSWORD"It will take some time to process and you'll see following screen:
- Go to OIM_HOME\server\setup and check logs under "rajivdewan.log" file
- You can also check logs under "OIM_HOME\server\seed_data\Seed\OESPolicies\SeedPolicies.log"
Note:
- Don't trust the command prompt output
- Verify the log file for confirmation
Creation of Authorization Policy
- Login into OIM Administration Console with "xelsysadm"
- Create an Authorization Policy for "Self Service User Management" and under Modify User Profile, select your required attributes and click
- Login with a user and validate
