The System Administrator can use the Oracle Access Management Console to assign roles to users or groups that cover specific Application Domains. Users can be assigned multiple roles as long as the functionality doesn't overlap.
For example, if user X is assigned Global Policy Administrator, the user cannot be granted Policy Administrator for the HR domain because the latter is a child of the former.
Note:
Roles can be assigned only to users or groups from the system/default store.
From a high level:
Note:
Customers using Oracle Identity Manager (or Oracle Identity Manager XE) may want to define Enterprise Roles that are common to all of IDM and use OIM to assign users and groups to these Enterprise Roles. The Administration Console allows for this.