About Oracle Java Cloud Service Roles and User Accounts

Oracle Java Cloud Service uses roles to control access to tasks and resources. A role assigned to a user gives certain privileges to the user.

The following table summarizes the responsibilities of each cloud role in the context of Oracle Java Cloud Service.

Role Responsibilities

Tenant User

  • Use the Oracle Java Cloud Service Console to create and manage service instances within a specific tenant. See the next table for more details.

  • Consume the network, compute, and storage resources allocated to a specific tenant.

Note:

Tenant Users should contact their Oracle Cloud Administrator or Tenant Administrator for their user sign-in credentials and the URL to access Oracle Java Cloud Service.

Tenant Administrator

  • Has permissions similar to a Tenant User.

  • Create and manage Tenant Users within a specific tenant.

Oracle Cloud Administrator

  • Create cloud tenants and configure the tenants for Oracle Java Cloud Service.

  • Create users and assign them roles.

  • Create cloud networks and assign them to tenants.

  • Create remote file systems to use for Oracle Java Cloud Service backups.

The following table summarizes the privileges given to the Tenant User role in Oracle Java Cloud Service.

Description of Privilege More Information

Can create and delete service instances

Managing the Life Cycle of Oracle Java Cloud Service Instances

Can stop and start service instances, and virtual machines

Stopping and Starting an Oracle Java Cloud Service Instance and Individual VMs

Can suspend and enable service instances by disabling and enabling the load balancer

Suspending an Oracle Java Cloud Service Instance

Can scale, patch, and back up or restore service instances

Scaling an Oracle Java Cloud Service Instance

Patching an Oracle Java Cloud Service Instance

Backing Up and Restoring an Oracle Java Cloud Service Instance

Can administer load balancers for service instances

Administering the Load Balancer for an Oracle Java Cloud Service Instance

When Oracle Coherence is enabled for a service instance: In addition, the Java Administrator role can:
  • Remove a Coherence data tier from a service instance (REST API only)

  • Add a Coherence data tier to an existing service instance (REST API only)

When you create an Oracle Java Cloud Service instance, the following operating system and Oracle WebLogic Server administrative user accounts are created:

User Description More Information

VM OS User

The opc user has root privileges on the OS running on a VM:

  • Can connect to a VM through SSH for direct VM-level access to an Oracle Java Cloud Service instance

  • Can create other OS accounts on a VM using the appropriate OS tool through the SSH interface

The oracle user cannot be used to log into a machine:

  • Only has regular user permissions to start and stop Oracle products that have been installed on the machine

Note that there are no default passwords for either the opc or oracle user.

SSH access to the VM by the opc user is based on the public key provided at the time the Oracle Java Cloud Service instance was provisioned.

You provide the private key when you log in to the VM as opc. Once logged in, as a root user you can switch to the oracle user with:

sudo su - oracle

Accessing a VM Through a Secure Shell (SSH)

WebLogic Administrator

Can manage Oracle WebLogic Server in Oracle Java Cloud Service

Can access and use the WebLogic Server Administration Console

Can manage users and groups in the embedded LDAP

Can configure other identity providers

Can deploy and undeploy applications using the WebLogic Server Administration Console

Accessing the Administrative Consoles Used by Oracle Java Cloud Service

Using the WebLogic Server Administration Console to Deploy and Undeploy an Application

Oracle WebLogic Server 12c (12.2.1) Administration Console Online Help

Oracle WebLogic Server 12c (12.1.3) Administration Console Online Help

Oracle WebLogic Server 11g (10.3.6) Administration Console Online Help

Note:

The WebLogic Administrator account and VM OS User accounts are not stored or managed in Oracle Cloud.

You provide the user name and password for the WebLogic Administrator when you create an Oracle Java Cloud Service instance.

The credentials and permissions for the WebLogic Administrator and all end user accounts that the administrator creates are stored and managed in Oracle WebLogic Server.