Monday, March 15, 2010

How To Allow User Accounts Other than 'xelsysadm' To Login To OIM Design Console which have only "READ ONLY"

It is possible that a user who do not belong to 'SYSTEM ADMINISTRATORS' group can login into Design Console and will only have read only access.

Please follow below steps to achieve this:
1) Create a group e.g. 'group1'

1) Create a user e.g. 'user1', when creating user choose "End-User Administrator" as "User Type"

3) Now login into Design Console with 'xelsysadm'.

4) Go to User Management- >> Group Entitlements

5) Search for 'group1'

6) In Group Entitlements Assign the Forms you wants to be visible to members of 'group1' e.g. "Resource Objects", "Process Definition", "Data Object Manager" etc.

7) Now 'user1' can login into Design Console.

8 ) 'user1' will be able to see that data for which 'group1' has permissions e.g. if for 'ro1' resource 'group1' has been assigned in Administrators tab and 'write' and 'delete' checkboxes are unchecked then 'user1' will be able to see 'ro1' resource in Design console but can not update anything. Same permission model can be used for other components as well.

You can repeat the same process for any number of users.