How do I manage the volume of Role Request emails in OIM 11g R2?


16/02/2013

Oracle Identity Manager – OIM 11g R2 introduced a new feature called “Catalog” that provides users of OIM the opportunity to request roles.  An user of an Organization can search or request roles using a traditional shopping cart type of process.  The process provides an option to generate emails used to notify the requesting user of the progress or stage of his/ her Role Request.  The Role Request might require multiple approvals and thus the request would generate many emails being sent at each stage of the approval process.  The Out of the Box (OOTB) Role Request workflow could have up to nine emails sent during the OIM Role Approval process.  If the Role Request is denied then the process could generate five to eight emails that would be sent to the requesting user.  This might be a useful feature for some customers but it could be a nuisance for others who would find the volume of email to be annoying and might desire to have at most two emails for either Role Approval or Role Rejection.

This post describes a way to limit the number of emails generated to two, one when the initial Role Request is made and one when a final decision (either Approve or Reject) is made.

Limiting email notifications for Role Approval Requests to two, approved and rejected…

Problem Description

In OIM 11g R2, the default behaviour for sending emails for Request Notifications is to send numerous emails for each role request.  During the configuration of the process sending of email notifications can be turned off.  There is no method to limit the number of emails generated for Request Notifications.  

Oracle’s Solution

Oracle announced at the end of last year that this issue would be fixed in the next Bundle Patch scheduled to release some time in January of 2013.  Oracle released Patch 14760806 also called ORACLE IDENTITY MANAGEMENT SUITE BUNDLE PATCH 11.1.2.0.2 (BP02) on the 14th of January.

Patch Issues

Testing of the email limit feature was delayed due to an Identity Console “Access Denied” issue (as discussed here) occurring after applying the patch.  Once the console issues were addressed the testing of the patch revealted that it still was generating nine emails for Role Approval and five to eight emails for Role Rejectinon.  

Missing Information

Going through the patch documentation we could not find relevant information as to how to limit the emails.  It is known that RequestNotificationLevel System Property deals with either turning on or off of emails completly.   The documentation didn’t yield a System Property configuration that limits the number of emails nor a new System Property to limit the number of email sent was found.  An SR was raised with Oracle suport to request more information on configuration of this feature. 

Fix

By setting this value of RequestNotificationLevel  to 2 (courtesy of Oracle support), the process now was limited to sending only two emails for either Role Request Approval or Role Request Rejection. 

No Results