Cloud Documentation
Advanced Search


Getting Started with Oracle Cloud
Close Window

Table of Contents

Show All | Collapse

Managing the Roles Assigned to a User

Topics:

Who Is Responsible for Managing Roles?

Roles control access to applications, resources, and services. For information about the predefined roles, see Roles and User Accounts Predefined in My Services.

An identity domain administrator or a service administrator must explicitly assign the appropriate roles to a user depending on the services the user is allowed to access. For example, a developer must be assigned the Database Developer role to develop and deploy applications using the Oracle Database Cloud Service.

Note:

A user account must have at least one role that grants user or administration privileges for a service. Until you assign such a role, the user will receive an error message when attempting to sign in to the service.

When assigning and removing roles, note that:

  • Identity domain administrators can assign and remove roles only for the users in the identity domains that they manage.

  • Service administrators can assign and remove roles only for the users of the services that they manage. Because service administrators cannot add users or roles, the users and roles must already be in the system before service administrators can assign a specific role to a user.

  • Non-administrative users cannot assign or remove roles.

Understanding the Time Delay for Role Assignments to Take Effect

When you assign a role to a user or remove a role from a user, the update is not immediate. It can take up to five minutes for the change in role assignment to be effective in the My Services application. This 5-minute delay applies to any changes you make to role assignments regardless of the method you use to make the change.

If you assign a user an administrative role and the user signs in to My Services before the role is in effect, then one of two conditions occurs:

  • If the user is already assigned an administrative role for at least one service in the identity domain, then My Services opens and displays information about the user's existing services. However, the user will not see the new services associated with the newly assigned administrative role.

  • If the user is not currently assigned an administrative role for a service in the identity domain, then My Services opens and displays only the Identity Self Service page. The user will not see any information about services, other users, or system notifications. The user must sign out of My Services, and then sign back in to My Services after the role is in effect.

Assigning and Removing Roles for a User

When you use the Add option to create a user account, you can assign roles to the user during the process.

After a user account exists, you can assign roles to or remove roles from the user.

Note that:

  • You can assign multiple roles to a user.

  • You assign the appropriate service role to individual users according to the service type and service instance they are allowed to access. For example, for the developer of an Oracle Database Cloud Service named mydbservice1, you would assign the mydbservice1 Database Developer role.

  • You must assign either the Identity Domain Administrator role or a specific service administrator role to any user who needs to use My Services to monitor and manage the usage of an Oracle Cloud service.

To manage the roles assigned to a user:

  1. Sign in to My Services. Be sure to specify the appropriate identity domain.

  2. Click Users.

  3. Click the Users tab.

  4. Enter all or part of the user's first name, last name, user name, or email address in the Search field, and then click the Search icon Search button.

  5. Click the Menu icon Menu icon next to the user account and select Manage Roles.

  6. Select one or more roles in a column, and then click the left and right arrows to shuttle the roles back and forth between the Available Roles column and the Assigned Roles column.

    • To select a single role, click the role.

    • To select a consecutive group of roles, click the first role you want in the group, press and hold down the Shift key, and then click the last role you want in the group.

    • To select non-consecutive roles, press and hold down the Ctrl key, and then click each role you want to select.

    Alternatively, click the double right arrow to assign all available roles to the user or click the double left arrow to remove all roles from the user.

  7. Click Save.

When you make any change to role assignments, the change is not immediate. For more information, see Understanding the Time Delay for Role Assignments to Take Effect.

For information about how to assign one role to many users at once, see Assigning One Role to Many Users.

For more information about roles, see Roles and User Accounts Predefined in My Services.

Assigning One Role to Many Users

Topics:

Task 1   Verify the User Accounts Exist

Before you can assign a role to a group of user accounts, the user accounts must already exist. For more information about creating user accounts, see Creating One User Account at a Time or Importing a Batch of User Accounts.

Task 2   Create or Edit a CSV File to Assign a Role to Many Users

You can create a comma-separated values (CSV) file that contains user information and then upload the CSV file to assign a role to all the users identified in the file.You can assign a role to a maximum of 200 users in each role upload operation.

To assign one role to many users, the CSV file needs to list only the email address for the appropriate users. The first row (line) in the file must be Email. This is the column heading. Each subsequent row specifies the email address for one user. For example:

Surrounding text describes role_batch_csv1.gif.

To create a CSV file, you can use a standard spreadsheet application, such as Microsoft Excel or Google Spreadsheet, or you can use a text editor, such as Notepad or TextPad. You must be sure to save the file in a valid CSV format.

Spreadsheet applications make it easy to create, edit, and save CSV files. You can use standard features to add and delete rows of data, edit individual fields, search for records, or sort the list.

The CSV file must adhere to the following requirements:

  • Can list a maximum of 200 users

  • Must be ANSI or UTF-8 encoded

  • Must not be larger than 256 KB (maximum file size)

  • Must include one column with this exact heading: Email

  • Does not use a comma when there is only one value

If you already created a CSV file to import user accounts, edit the CSV file to include only those users to which you want to assign a role.

  • You can select one role to assign to all the users listed in the CSV file. You can repeat the process to assign additional roles to the group of users.

  • You can create as many CSV files as needed to assign roles to your users.

Task 3   Assign the Role in Batch

To assign one role to all the users listed in a CSV file:

  1. Sign in to My Services. Be sure to specify the appropriate identity domain.

  2. Click Users.

  3. Click the Roles tab if you want to assign a predefined role; click the Custom Roles tab if you want to assign a custom role.

  4. Click Batch Assign Role.

  5. Click Browse to find and select the CSV file you want to use.

  6. Use the drop-down list to select the role you want to assign to all the users listed in the CSV file.

  7. Click Assign. The system processes the file and assigns the role you selected to each user listed in the CSV file.

    When the system finishes processing the file, the Batch Assign Role dialog box displays the following results:

    • The total number of users assigned the role and the name of the role assigned.

    • The total number of users not assigned the role, the user names, and the reason for the failure. For example, the system cannot assign a role to a user account the does not exist.

When you make any change to role assignments, the change is not immediate. For more information, see Understanding the Time Delay for Role Assignments to Take Effect.

For information about managing the roles for one user account, see Assigning and Removing Roles for a User.

For more information about roles, see Roles and User Accounts Predefined in My Services.