OIM 11g R2 supports the concept of Sandboxes for performing any customizations. It has many benefits, which includes isolating the change process altogether from the live system. This in turn aids in testing without really having to worry about the after effects since the original environment is completely shielded from the changes. Anyway, this is not a post about the benefits of sandboxes. You can always refer to the official Oracle documentation for that
There is a specific point which I think can be improved upon. One needs to ‘Activate‘ the sandbox prior to using it. System Admin privileges are required for a user log into OIM (admin or self service console) and activate the same.
But, what if my use case requires testing via the login context of a normal user i.e. a non system admin user???
For e.g. I want to test out a custom approval workflow which also involves UI customization – this needs sandbox activation. In this case, if I log in via the system admin privilege user, the approval workflow itself cannot be tested – since the request itself is automatically fulfilled.
This was just one use case. I am sure there are others. The point really is that there is a dependency on System Admin role for sandbox activation which does not allow us to test the functionality using an end user context.
I my opinion, there should be a specific Admin Role e.g. Sandbox Admin, to which normal users can be assigned, so that the sandbox itself can be activated without having system admin privileges and the use case can be tested from the perspective of a non admin user.
This is w.r.t OIM 11g R2 PS1 (vanilla). Is such a provision there in PS2? Too lazy to turn on my PS2 VM. I will probably check it out and update this post later – unless someone else clarifies this 😉
Did this make sense? Is there a workaround which is there already and I might be missing? Thoughts? Opinions?