About Oracle SOA Cloud Service Roles and User Accounts

Oracle SOA Cloud Service uses roles to control access to tasks and resources. A role assigned to a user gives certain privileges to the user.

The following table summarizes the responsibilities of each cloud role in the context of Oracle SOA Cloud Service.

Role	Responsibilities
Tenant User	Use the Oracle SOA Cloud Service Console to create and manage service instances within a specific tenant. See the next table for more details. Consume the network, compute, and storage resources allocated to a specific tenant. Note: Tenant Users should contact their Oracle Cloud Administrator or Tenant Administrator for their user sign-in credentials and the URL to access Oracle SOA Cloud Service.
Tenant Administrator	Has permissions similar to a Tenant User. Create and manage Tenant Users within a specific tenant.
Oracle Cloud Administrator	Create cloud tenants and configure the tenants for Oracle SOA Cloud Service. Create users and assign them roles. Create cloud networks and assign them to tenants. Create remote file systems to use for Oracle SOA Cloud Service backups.

The following table summarizes the privileges given to a Tenant User in Oracle SOA Cloud Service:

Description of Privilege	More Information
Can create and delete service instances	Managing the Life Cycle of Oracle SOA Cloud Service Instances
Can stop and start service instances, and virtual machines	Stopping and Starting an Oracle SOA Cloud Service Instance and Individual VMs
Can suspend and enable service instances by disabling and enabling the load balancer	Suspending an Oracle SOA Cloud Service Instance
Can scale, patch, and back up or restore service instances	Scaling An Oracle SOA Cloud Service Instance Backing Up and Restoring an Oracle SOA Cloud Service Instance
Can administer load balancers for service instances	Administering the Load Balancer for an Oracle SOA Cloud Service Instance

When you create an Oracle SOA Cloud Service instance, the following Oracle Compute VM and Oracle WebLogic Server administrative user accounts are created:

Account Description More Information

Account	Description	More Information
VM OS User	The `opc` user has root privileges on the OS running on a VM: Can connect to a VM through SSH for direct VM-level access to an Oracle Java Cloud Service instance Can create other OS accounts on a VM using the appropriate OS tool through the SSH interface The `oracle` user cannot be used to log into a machine: Only has regular user permissions to start and stop Oracle products that have been installed on the machine Note that there are no default passwords for either the `opc` or `oracle` user. SSH access to the VM by the `opc` user is based on the public key provided at the time the Oracle Java Cloud Service instance was provisioned. You provide the private key when you log in to the VM as `opc`. Once logged in, as a root user you can switch to the `oracle` user with: `sudo su - oracle`	Accessing a VM Through a Secure Shell (SSH)
WebLogic Administrator	Can manage Oracle WebLogic Server in Oracle SOA Cloud Service Can access and use the WebLogic Server Administration Console Can manage users and groups in the embedded LDAP Can configure other identity providers Can deploy and undeploy applications using the WebLogic Server Administration Console	Accessing an Administration Console for Software that a Service Instance Is Running Using the WebLogic Server Administration Console to Deploy and Undeploy an Application Oracle WebLogic Server 12c (12.2.1) Administration Console Online Help Oracle WebLogic Server 12c (12.1.3) Administration Console Online Help

VM OS User

The opc user has root privileges on the OS running on a VM:

Can connect to a VM through SSH for direct VM-level access to an Oracle Java Cloud Service instance
Can create other OS accounts on a VM using the appropriate OS tool through the SSH interface

The oracle user cannot be used to log into a machine:

Only has regular user permissions to start and stop Oracle products that have been installed on the machine

Note that there are no default passwords for either the opc or oracle user.

SSH access to the VM by the opc user is based on the public key provided at the time the Oracle Java Cloud Service instance was provisioned.

You provide the private key when you log in to the VM as opc. Once logged in, as a root user you can switch to the oracle user with:

sudo su - oracle

Accessing a VM Through a Secure Shell (SSH)

WebLogic Administrator

Can manage Oracle WebLogic Server in Oracle SOA Cloud Service

Can access and use the WebLogic Server Administration Console

Can manage users and groups in the embedded LDAP

Can configure other identity providers

Can deploy and undeploy applications using the WebLogic Server Administration Console

Note:

You provide the user name and password for the WebLogic Administrator when you create an Oracle SOA Cloud Service instance.

The credentials and permissions for the WebLogic Administrator and all end user accounts that the administrator creates are stored and managed in Oracle WebLogic Server.