This section covers the following topics:
Within Oracle IRM, roles are for controlling access to documents. Roles are defined within a domain. They exist independently of users and contexts. Some typical roles come preconfigured at installation, and domain administrators can create more. Domain administrators may want to create roles for the following purposes:
Roles control the features of client-side applications, such as the opening, editing, and sealing of documents.
Roles control whether or not the client-side features can be used offline (while not in communication with Oracle IRM Server).
Roles control refresh requirements (how often to return to Oracle IRM Server to check for new or revised rights).
Domain administrators typically create a number of roles, then create context templates with differing permutations of those roles. When contexts are created from a context template, the context inherits the roles that were in the template. The behaviors allowed by the inherited roles are the only behaviors that the contexts can acquire.
Caution:
When roles are modified at the domain level, any changes to permitted behavior are applied to all contexts that contain that role.Note:
Only domain administrators can perform this procedure.Use the following procedure to create a role:
Click the Roles tab to reveal the Roles page.
Click the New Role icon.
Complete the Create Role wizard, noting the following:
The name given to the role can be changed later without invalidating the use of the role in the places where it is used.
The description will appear in other parts of Oracle IRM Server when roles are being chosen for particular uses, so it is recommended that you make the description as helpful as possible.
The default language is set on the Control Console. See Section 1.3.2, "Oracle Enterprise Manager Fusion Middleware Control Console ("The Control Console")".
For global enterprises, use the Translations page to create multi-language names and descriptions of the role. If the New Translation icon is not available, translation support has not been set up on the Control Console. See Section 1.3.2, "Oracle Enterprise Manager Fusion Middleware Control Console ("The Control Console")".
Use the Features page to assign features to the role. A role must contain at least one of these features: open, seal, reseal, search. Features control what users can do with documents. A description of each feature appears in the Details section as you select each item in the Available list or the Selected list. A full list of features and their descriptions is available in Section A.1, "Features and Constraints Mapped to Oracle IRM Desktop Rights". Select the Audit Use checkbox if you want to record the use of this role.
Use the Constraints page to set whether documents can be accessed when there is no connection to Oracle IRM Server, how often rights are refreshed, the time periods during which documents are available, whether only specific documents can be accessed, and whether sealed content can be exported.
Use the Review page to review all the attributes that will be assigned to the new role. If there are any attributes that you want to change, use the Back button to return to previous pages and make the required changes.
When you are satisfied with the attributes on the Review page, create the new role by clicking Finish.
The new role appears in the Name column in the left panel.
Note:
Only domain administrators can perform this procedure.Use the following procedure to modify a role:
Click the Roles tab to reveal the Roles page.
On the left panel, select the role that you want to modify.
On the right panel, locate the attributes of the role that you want to change. These can be on the Features, Translations, or Constraints tabs. All role names and descriptions, including those in the default language, can be changed on the Translations tab.
Make your changes by using the controls on the tabs, or by using the icons on the toolbars.
If you want to undo the changes you have made, select the Revert button (in the top right corner).
If you want to retain the changes you have made, select the Apply button (in the top right corner).
Note:
Only domain administrators can perform this procedure.You cannot delete a role if it is in use, that is, if it is currently assigned to a user.
Use the following procedure to delete a role:
Click the Roles tab to reveal the Roles page.
On the left panel, select the role that you want to delete.
Click the Delete button.
Confirm that you want to delete the role.