OIM - Rule Designer

Rule Designer is very useful in OIM to categorize people for adding to directory groups or even to provision accounts. The rules are associated with User Groups in OIM and can have Access Policies attached to them that add them to specific groups in your directories based on their role, or any other attribute that you have defined on the user form.

When defining rules you need to be as granular as possible and use the rule that is most restrictive first so if people do not match that one, they are not evaluated for the remaining and do not degrade performance if you define hundreds of rules.

• Example: If you have a rule based on location, department, and role - and you have 3 locations, 200 departments, and 2 roles - you would want to use 'Department' and the first rule element, then 'location', then 'role' along with the qualifier 'and'.
• This means that if you are not in a certain department, you do not match the first rule, and are not evaluated for the remaining rules.
• Performance is not compromised by having to traverse all 2 roles, 3 locations, and then 200 departments

You can also nest rules which is very important if you have an 'or' condition that you want to combine with an 'and' condition.

We have found this a very effective way to manage our group assignments and permissions in Oracle Internet Directory, Active Directory, and previously eDirectory.