Working with User Group Membership Rules in OIM

As was discussed in previous post, OIM users’ group membership can be automatically recalculated on each profile update by means of user group membership rules (MR).
In OIM MR is a collection of predicates in form “attribute=value” or “attribure!=value” joined by a logical operator (either AND or OR), where attribure is the name of field from USR table (USR_ or USR_UDF_).
Unfortunately, there is no OIM API (documented API) which allows creating MR from java code (see, for example, this discussion at oracle IDM forums).
There are at least 2 ways how we can create MR programmatically.

1. Create one MR via OIM Design console, export it to xml file. Create as much rules as you need based on this template (you can use java xml libraries) and the import the new rules using OIM import API.

2. You can use the following SQL queries to manage MR and their predicates:
2.1 Create rule
insert into RUL (RUL_KEY, OBJ_KEY, PKG_KEY, RUL_NAME, RUL_OPERATOR, RUL_TYPE, RUL_SUBTYPE, RUL_ALL_OBJECTS, RUL_ALL_PROCESSES, RUL_DATA_LEVEL, RUL_CREATE, RUL_CREATEBY, RUL_UPDATE, RUL_UPDATEBY, RUL_NOTE, RUL_ROWVER) values (rul_seq.nextval, null, null, 'RULE_NAME', 'AND_OR_OPERATOR', 'General', null, '0', '0', null, SYSDATE, 1, SYSDATE, 1, 'RULE_DESCRIPTION', HEXTORAW('0000000000000000'));

2.2 Delete rule with given RUL_KEY
DELETE FROM RUL
WHERE RUL_KEY= PARENT_RUL_KEY;

2.2 Add predicate to rule with given RUL_KEY
Insert into RUE (RUE_KEY, RUL_KEY, RUE_CHILD_RUL_KEY, RUE_ATTRIBUTE, RUE_VALUE, RUE_OPERATION, RUE_SEQUENCE, RUE_ATTRIBUTE_SOURCE, RUE_ATTRIBUTE_SOURCE_SDK_KEY, RUE_TYPE, RUE_DATA_LEVEL, RUE_CREATE, RUE_CREATEBY, RUE_UPDATE, RUE_UPDATEBY, RUE_NOTE, RUE_ROWVER) values (rue_seq.nextval, PARENT_RUL_KEY, null, 'ATTRIBUTE_NAME', 'ATTRIBUTE_VALUE', 'PREDICATE_OPERATOR', PREDICATE_ORDER , 'User Profile Data', null, null, null, SYSDATE, 1, SYSDATE, 1, null, HEXTORAW('0000000000000000'));

Where PARENT_RUL_KEY is a key of rule to which you want to add the predicate, PREDICATE_OPERATOR can be either 0 (==) or 1 (!=) and PREDICATE_ORDER is an order in which predicate will be evaluated during rule evaluation (initial orader is 1).

2.3. Update rule predicate with given RUL_KEY
UPDATE RUE
SET RUE_VALUE='NEW_ATTRIBUTE_VALUE'
WHERE RUL_KEY= PARENT_RUL_KEY and RUE_ATTRIBUTE='ATTRIBUTE_NAME';

2.4 Delete rule predicate with given RUL_KEY
DELETE FROM RUE
WHERE RUL_KEY= PARENT_RUL_KEY and RUE_ATTRIBUTE='ATTRIBUTE_NAME';