This graphic shows the flow of authority from role to role when users
delegate authority.
- The Oracle Internet Directory Superuser (cn=orcladmin) creates an
Oracle Context, a Realm, and a Realm Oracle Context. The Oracle
Internet Directory Superuser now creates a Realm Administrator.
-
The Realm Administrator (cn=orcladmin, cn=users, <Enterprise DN>)
delegates Oracle Context Administration to Oracle Context
Administrators.
-
The Oracle Context Administrators delegate Application Server
administration to Oracle Application Server Administrators.
-
The Oracle Application Server Administrators install components and
manage component security and configuration. There can be a separate
administrator for each component. The Oracle Application Server
Administrators delegate user and group administration to User and
Group Administrators.
-
The User and Group Administrators create users and groups. These
administrators can also grant user and group administrator privileges
to other users.