About users and roles

Oracle Big Data Discovery Cloud Service depends on several underlying services in Oracle Public Cloud and supports the following service users and roles: opc user in Big Data Cloud Service (BDCS), bdd user in Big Data Discovery Cloud Service (BDDCS), and Studio admin user. You also need user access to VPN, Oracle Cloud Storage, and Hadoop Cloudera Manager.

Here is a summary of the three layers that comprise user access in BDDCS:

User access to Oracle Cloud Services

Before provisioning BDDCS, create a user account in the Oracle Public Cloud (OPC). This is the account for logging into Oracle Public Cloud and into Big Data Cloud Service. At least one Big Data Cloud Service must be provisioned for your account.

You provide this account to your Oracle sales representative, so that they can place an order for BDDCS for you. See Oracle Cloud User Roles and Privileges in Getting Started with Oracle Cloud. You can use this Single Sign-On (SSO) account for logging into Oracle Public Cloud and into the BDCS, once you configure it.

Here is how you use your SSO account with BDDCS:
  • For initial access to BDDCS, you cannot rely on SSO. Instead, when an Oracle sales representative places a BDDCS order for you, you receive a "Welcome" email with the URL to provision BDDCS. This way, you are granted initial user access to BDDCS as the service administrator. You then use this access to create your instance.
  • After you have created the BDDCS instance, you rely on SSO for logging into all of these accounts: your Oracle Cloud Services Account on Oracle Public Cloud, and into your BDCS and BDDCS instances.

User access to Oracle Cloud Storage, Hadoop and VPN

Before provisioning BDDCS, in addition to the user account in Oracle Public Cloud, you need these user accounts:
  • An Oracle Cloud Storage account. You specify the storage user name and password when you create a BDDCS instance. You should already have this account. See Managing Storage Credentials in Hadoop.
  • A Hadoop Cloudera Manager administrator account for your BDCS instance. You fill in this information under Hadoop Details when you create a BDDCS instance. This account should have already been created when you created your BDCS instance.
  • VPN access for BDDCS and BDCS instances. Without this account, you cannot access BDDCS Studio in the BDCS cluster. See

User access to Studio

User access to BDDCS Studio is controlled initially at BDDCS provisioning time. This is when you, as the service administrator, configure user name and password for the Studio admin user. Once BDDCS instance is up and running, you can log into Studio using these credentials. Next, you can change your admin user password in Studio, add more users in Studio, and control their privileges from within Studio.

You cannot integrate with an external LDAP system for managing Studio's users.

If you later change the Studio's database user account, use Update Credentials in the BDDCS console to also update this account in BDDCS. However, if you change the password for the Studio admin user (not the Studio's database user account), there is no need to update credentials in the BDDCS console.

For information on adding and managing users in Studio, see the Big Data Discovery Cloud Service Administrator's Guide.