About Oracle Storage Cloud Service Roles and Users

The following table summarizes the Oracle Storage Cloud Service roles used to access, administer, and use Oracle Storage Cloud Service instances.

Role Description More Information

TenantAdminGroup (Identity Domain Administrator)

Users who are assigned this role can perform all tasks in the My Services application, including user and role management tasks.

Note that Oracle Cloud assigns this role to all trial users.

Roles and User Accounts Predefined in My Services in Getting Started with Oracle Cloud

service-instance-name.Storage_Administrator (Service Administrator)

Users who are assigned this role can perform the following tasks:

  • Perform all tasks for an Oracle Storage Cloud Service instance, including user management

  • Monitor and manage service usage in Oracle Cloud

  • Grant roles to users

  • Create and delete containers

  • Modify container ACLs

The account administrator can create more storage administrators, as required, by assigning this role.

Managing Containers in Oracle Storage Cloud Service

Managing Objects in Oracle Storage Cloud Service

service-instance-name.Storage_ReadWriteGroup

Users who are assigned this role can perform the following tasks:

  • Create, read, modify, and delete objects within containers

  • List containers (note that they cannot create, modify, or delete containers)

  • List objects within containers unless the roles has been removed from the containers's read ACL

Managing Containers in Oracle Storage Cloud Service

Managing Objects in Oracle Storage Cloud Service

service-instance-name.Storage_ReadOnlyGroup

Can perform the following tasks:

  • Read objects

  • List containers

  • List objects within containers unless the role has been removed from the container's read ACL

Given the default ACLs added to containers, users who are assigned this role can read the contents of all containers.

Managing Containers in Oracle Storage Cloud Service

Managing Objects in Oracle Storage Cloud Service

Note that the containers ACLs can be rewritten. So while the predefined roles have semantics based on the default behavior, access to a container is governed entirely by the values set for the container's X-Container-Read and X-Container-Write metadata fields, and not by the role. For more information, see Setting Container ACLs.