Service Account Permission

This document will list the Min permission for the Service account need to connect to OIM server as per new Design.

Operation	Capabilities
Account Aggregation	User - View / Search
Account Aggregation	View Account Entitlements
Account Aggregation( If Target account is selected)	View Provisioned Accounts
Group Aggregation	Role - View / Search
Create User	User - Create
Create User With Password	User - Create User - Change Password Grant Account Entitlements
Modify User	User - Modify
Enable User	User - Enable
Disable User	User - Disable
Lock User	User - Lock
Unlock User	User - Unlock
Delete User	User - Delete
Target Account Provisioning	Deprovision Accounts Disable Provisioned Accounts Enable Provisioned Accounts Grant Account Entitlements Modify Account Entitlements Modify Provisioned Accounts Provision Accounts Revoke Account Entitlements

Below are the steps to create Role.

Navigate to Administration Roles.
Click on Create Button.
Add Name as per requirement.
Add Capabilities as per the table specified above.
Assign service account as member and Scope as per requirement.
Click on Save.

Note: Filtering in Oracle Identity Manager can be achieved by restricting scope at permission level.
For example, Scope can be assigned to a role to restrict to fetch the data to a particular organization.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Service Account Permission

Documentation Feedback