Part 3: Define users and roles

Purpose

In this part of the tutorial, you define an MCS role. Then you create a user and assign the role to the user.

When a mobile application starts, it connects with Oracle Mobile Cloud Service and a mobile backend. Information about the application, the device, and the user are all transferred to MCS.

As a mobile developer or administrator, you manage mobile users and their access to applications and resources by using realms and roles.

There are two kinds of users in Oracle Mobile Cloud Service: the team members who build mobile applications, and the mobile users who use those applications on their mobile devices.

- Team members build mobile applications by using MCS development features, and they manage the mobile users who access those applications. To manage realms, roles, and users, a team member must be assigned the necessary roles.

- Mobile users install and use the mobile applications on their devices. Mobile users include private company users doing company business, such as visiting a customer to fix a broken washing machine or install cable TV equipment, and individual users who purchase mobile applications from an industry store, such as Apple App Store or Google Play Store.

You create mobile users within a realm, and you assign zero or more roles to a user.

A realm is a container for managing users in an environment. Most environments contain multiple mobile backends. Realms allow the mobile backends to use a shared set of users and data.

A mobile backend can be associated with one and only one realm. When you create a new mobile backend, it's automatically associated with the default realm for the environment.

In this section, you create a role for any technician in the Fix It Fast company, and then you create a user and assign the role to the user.

1. Log in to your MCS instance and click the Development button.

   

2. In the Developer Portal, click the User Management icon.

   

3. In the User Management page, click the Roles icon, on the left, and then click the New Role button.

   

4. In the New Role dialog box, set the following values:

   Role Name: FIF_Technician_xx (where xx are unique characters).
   Description: This is the technician role.

   Then, click Create, and the new role is available.

   

   When the role is created, it is added to the list.

   

5. Create another role using the information below:

   Role Name: FIF_Staff_xx (where xx are unique characters).
   Description: This is a role all employees.

   

   When the role is created, it is added to the list.

   

6. On the left, click the Users icon and then the New User button.

   To complete these next steps, you must have been granted privileges to create mobile users. If you do not have these privileges, then ask someone with Identity Domain privileges in Oracle Public Cloud to create the users on your behalf.

   

7. In the Create User dialog box, set the following values:

   Username: joe_xx (where xx are unique characters - ensure the username is all lowercase characters)
   Email: <your valid email address> (the password is sent to this address - one user per email account)
   First Name : Joe
   Last Name : Technician
   Roles: FIF_Technician_xx (type your two unique characters into the field and it will filter the roles)

   Then click Create.

   

8. You can view the details of the user in the User Management page.

   

9. Create another user to be part of the Staff role.

   Username: jean_xx (where xx are unique characters - ensure the username is all lowercase characters)
   Email: <your valid email address> (this email account must be different than the one you used when creating joe user)
   First Name : Jean
   Last Name : Staff
   Roles: FIF_Staff_xx (type your two unique characters into the field and it will filter the roles) .

   

10. Now you have two users, each one assigned to a different role.

    

11. Open your inboxes for the two email addresses you used. You'll find a message from the cloud administrator.

    Open the email to see the full details on the MCS user and the password. Save these emails as you'll use them later to test the API. You may need to look in your Junk or Spam email folder if the email is not in your Inbox.

    

In the next section, you test the users you just created.

You used the MAF MCS Tester Application in Part 2 and logged in anonymously. In this section, you will log out and log back in using the user names that you just created.

1. Back in the MAF MCS Tester Application, click Logout.

   

2. Enter jean_xx as the username and the password assigned to jean_xx and click Login.

   

3. You should see more options than you did when you logged in anonymously. You should see something like the following screenshot.

   

4. Repeat the process to test the other user you created. HINT: Click Logout, enter the login information for joe_xx and click Login.

   You should see the following.

   

You have now seen that you can connect to your mobile backend by using the two users that you just created.

In this part of the tutorial, you set the IncidentReport to run only with the user and role that you created.

1. Access the Developer Portal, select the Mobile Backends icon, and find your mobile backend.

   

2. Open the mobile backend and click the APIs icon.

   

3. You should see the API that you created from the RAML document. Edit the API by clicking the pencil icon in the upper-right corner.

   

4. Here is where you can make changes to the resources, schema, document icon, and security settings.

   Click the Security tab.

   

5. Turn off the Allow Anonymouse User Access switch. Then, under API Access, click the drop-down list and enter the two unique characters that you used when you defined your role. Select your technician role from the list.

   Then, click Save.

   

6. You should see a notice saying that the API has been saved.

   To test the security settings, click the Test button.

   

7. Test an endpoint using a user belonging to the technician role. Click the GET /incidents link on the left, then expand the Parameters node. Enter lynn in the Test Console column.

   Expand the Authentication node, and set the properties to the following values.

   Mobile Backend: FIF_Technician_xx (using your unique characters)
   Version: 1.0
   Username: joe_xx (again using your unique characters)
   Password: Use the password that you received by email when you created the user.

   Then click Test Endpoint.

   

8. A Response Status of 200 should be returned, along with some example response data.

   

You have now seen that you can connect to your mobile backend using one of the users you just created.

In this part of the tutorial, you test the IncidentReport API by using the MAF MCS Tester Application while logged on as your joe_xx user.

1. Go back to the MAF MCS Tester Application and click the Logout text in the upper right corner.

   

2. Enter joe_xx as the username and the assigned password as the password and click Login.

   

3. Click the MCS Custom API option.

   

4. As you did in the previous tutorial, you can run API methods from this page.

   Remember, you must set at least two properties to call the API: URI and HTTP Method.

   

5. As you did earlier, set the URI for GET /incidents. You can find the value for this field in MCS.

   Open the FIF_IncidentReport_xx API in the API Designer.

   Then click the Test button.

   

6. Here you see all the methods that you can use. Each method has a unique URL that you can use when you test the API.

   

7. As you did earlier, you test the GET/incidents method to see the example data from the API.

   Look at the GET/incidents endpoint. The URI that you need to use in the tester consists of everything that follows the port number.

   In the example, the URI is:
   /mobile/custom/incidentreport_jg/incidents

   

8. Go back to the MAF MCS Tester Application, and in the CUSTOM API TESTER FORM section, enter that value in the URI field.

   

9. By default, the HTTP Method is set to the first method in the list, GET.

   Instead of returning all incidents, you can include a query parameter in the URL to restrict the records that are returned. Query parameters are constructed by including a "?", followed by the parameter name and then the parameter value.

   To return only incidents where the contact is lynn, append the following query parameter to the URI:

   /?contact=lynn

   

10. As you did earlier, click Invoke Custom API at the bottom of the form to run the API using the URI and HTTP Method values.

    

11. The API is accessed, and you should see the example data returned at the bottom of the page.

    This is the same example response that you saw earlier when you were logged on anonymously.

    

Fix it Fast : Table of Contents