Service Administrators or users with Access Control - Manage application role use the Role Assignment Report to review the access, assigned through predefined roles (in bold) and application-level roles, of all users. This report shows all active users that have been assigned a predefined role. Users that are deactivated are not reflected in this report.

Inherited roles, as well as information on inheritance, are displayed in one row for each user.

In an OCI (Gen 2) environment, if a predefined role is assigned to an IDCS group, the report will show that predefined role assigned indirectly to the user via IDCS group. For example, assume that user John Doe is assigned as member of idcsgroup and this group is assigned to Service Administrator predefined role. In this scenario, the Role Assignment Report displays the following as a part of the role assignment information for John Doe:

Note:

It does not list the application roles that are subsumed into predefined roles or the component roles of application roles assigned to the user. If you need a report showing such details, you may generate the classic version of the report using the provisionReport EPM Automate command.

You can export the Role Assignment Report as a CSV file, which can then be opened using a program such as Microsoft Excel or saved to your computer. The Role Assignment Report in CSV format uses one row for each role assignment.

1. Open Access Control. See Opening Access Control.
2. Click Role Assignment Report.
   The Role Assignment Report is displayed.
3. Optional: Filter the report to display the following:
   • Role assignments of a specific user. Select Users from the drop down list and then enter a partial search string. See Using Search for instructions on using the Search feature.
   • Users assigned to a specific role. Select Roles from the drop down list and then enter a partial role name. See Using Search for instructions on using the Search feature.

     Note:

     Users may be assigned to many roles. In such cases, the report lists all the roles of the user even if you filter it for a specific role.
   The Role Assignment report is displayed. By default, the report is sorted by User Login values and then by application roles under Roles (for searches by roles). The predefined roles are displayed in bold font, while the application roles are in non-bold font.
4. Optional: Click Export to CSV to export the report into a CSV file. Note that only the information from the currently displayed report is exported to CSV.