An identity domain administrator or a service administrator can grant or revoke roles.
When you assign a role to a user or remove a role from a user, the update isn’t immediate. It can take up to 5 minutes for the change in role assignment to be effective in the My Services application. This 5-minute delay applies to any changes you make to role assignments regardless of the method you use to make the change.
If you assign a user an administrative role and the user signs in to My Services before the role is in effect, then one of two conditions occurs:
If the user is already assigned an administrative role for at least one service in the identity domain, then My Services opens and displays information about the user's existing services. However, the user won’t see the new services associated with the newly assigned administrative role.
If the user isn’t currently assigned an administrative role for a service in the identity domain, then My Services opens and displays only the Identity Self Service page. The user won’t see any information about services, other users, or system notifications. The user must sign out of My Services, and then sign back in to My Services after the role is in effect.
Use the Custom Roles tab on the My Services Users page to view, add, and remove roles that you created for customized access to your Oracle Cloud services.
Only identity domain administrators can create and delete custom roles, and only in the identity domains that they have been assigned to administer.
Custom roles are used by application developers to secure applications.
For example, with Java EE applications deployed to an Oracle Java Cloud Service, the application roles specified in application deployment descriptors are mapped to the enterprise roles created in the identity management system. The mapping is based on matching fully qualified role names. For information about securing applications for a Java service, see Using Oracle Java Cloud Service-SaaS Extension.
The display name for the role. You see this name whenever My Services displays the name of the role, for example, in the Show filter on the Users tab, in the Manage Roles dialog box, and on the Custom Roles tab.
User Assignments: The number of users who are assigned the role.
Role Name: The internal name for the role.
Description: A brief description of the role. This field includes information only if the user who added the custom role entered details about the role. Including a description is optional.
Navigates to the Users tab
Sets the Show filter to the custom role that you selected
Lists only those users who are assigned that custom role
You can select other options from the Show filter to show users assigned to a different role or to show all users (that is, users assigned to any role).
If the list of custom roles spans multiple pages, then use the Next and Previous buttons to navigate across pages.
Application developers use custom roles to secure applications.
Role Name: Enter a unique name for this custom role. The role name is the internal name.
Display Name: Optionally, enter a display name for this custom role. You see this name whenever My Services displays the name of the role, for example, in the Show filter on the Users tab, in the Manage Roles dialog box, and on the Custom Roles tab.
If you don’t enter a display name, the system uses the same value that you specified for the role name.
Description: Optionally, enter more information about this custom role.
You can scroll through the pages to view the role that you just added.
You can’t remove a custom role if users are currently assigned the role. In this case, you must first remove the role from the users.
You can remove custom roles only. You can’t remove any of the predefined roles displayed on the Roles tab.
If the number of users assigned to this role is 0 (zero), then skip to the next step.
Click the name of the custom role to view all the users assigned to the role.
For each user assigned the role, click Action and select Manage Roles. Move the custom role from the Assigned Roles column to the Available Roles column. Save your changes.
Click the Custom Roles tab.
Locate the custom role that you want to remove. The number in the User Assignments field should now be 0 (zero).