What is true?

“XYZ” company decided to Implement Oracle user management, to have a flexible and scalable
system for managing access privileges and user accounts. The company wants to delegate some
of Managering and administrative tasks to local administrators.
The company wants to have three local administrators, one for each region (North America,
Europe and Asia), to manage his/her region’s user accounts which have the “employee” role only.
To implement the requirement, the system administrator did the following:
1. Created the “North America admin” role, “Europe admin” role and “Asia admin” role.
2. Granted the “Role administration privilege” for “North America admin” role, “Europe admin” role
and “Asia admin” role to manage “employee” role.
3. Granted “North America admin” role to Jack, who is designated as the North America region
local administrator.
4. Granted “Europe admin” role to Joe, who is designated as the Europe region local
administrator.
5. Granted “Asia admin” role to John, who is designated as the Asia region local administrator.
What is true? (Choose all that apply.)

“XYZ” company decided to Implement Oracle user management, to have a flexible and scalable
system for managing access privileges and user accounts. The company wants to delegate some
of Managering and administrative tasks to local administrators.
The company wants to have three local administrators, one for each region (North America,
Europe and Asia), to manage his/her region’s user accounts which have the “employee” role only.
To implement the requirement, the system administrator did the following:
1. Created the “North America admin” role, “Europe admin” role and “Asia admin” role.
2. Granted the “Role administration privilege” for “North America admin” role, “Europe admin” role
and “Asia admin” role to manage “employee” role.
3. Granted “North America admin” role to Jack, who is designated as the North America region
local administrator.
4. Granted “Europe admin” role to Joe, who is designated as the Europe region local
administrator.
5. Granted “Asia admin” role to John, who is designated as the Asia region local administrator.
What is true? (Choose all that apply.)

A.
Therequirement was successfully implemented.

B.
The requirement was NOT successfully implemented.

C.
You can implement the requirement by using traditional functional security only.

Explanation:
The requirement is not met. All three roles have the same permissions and rights.
They should have access only to local user accounts.
Delegated administration (not a traditional functional security) could be used. See note below.
Note:Delegated administration is an important feature of the Oracle Identity Management
infrastructure. It enables you to store all data for users, groups, and services in a central directory,
while distributing the administration of that data to various administrators and end users. It does
this in a way that respects the various security requirements in your environment.
Oracle Delegated Administration Services is a set of pre-defined, Web-based units for performing
directory operations on behalf of a user. It frees directory administrators from the more routine

directory management tasks by enabling them to delegate specific functions to other
administrators and to end users. It provides most of the functionality that directory-enabled
applications require, such as creating a user entry, creating a group entry, searching for entries,
and changing user passwords.
Reference: Oracle Identity Management Guide to Delegated Administration
Oracle Delegated Administration Services

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *