A domain is the top-level administrative component of Oracle IRM. It contains all other Oracle IRM components.
Within a domain there are four administrator types:
Domain administrators create other administrators. They also create roles and context templates, and can create contexts from those templates.
Domain managers create contexts from the templates created by domain administrators.
Inspectors can be given permission to view user and group rights for previously created contexts, and to run audit reports.
Context managers manage user and group rights within previously created contexts.
The four administrator types can each see and use a different combination of pages and tabs on the Oracle IRM Server administration console. See Section A.2, "Visibility of Pages and Tabs to Administrator Types".
A user can have multiple administrative roles. For example, domain administrators should normally also be made inspectors. However, because domain administrators have all the privileges of a domain manager, domain managers are prevented from also being domain administrators.
The administrative roles are not hierarchical. For example, domain administrators cannot perform context manager functions, unless a particular user is both a domain administrator and a context manager.
Note:Users who are domain administrators should also be set up as inspectors. This will let them see all contexts, and therefore be able to assess the impact of changes they make to context templates. For the same reason, contexts should normally be made visible to inspectors.
Although Oracle IRM Server supports groups (both users and groups can be given rights), groups cannot be given administrative roles.
Note:There is no correspondence between Oracle IRM domains and WebLogic server domains.