Azure AD users, groups, and applications that need to connect to the database will be assigned to the database app roles.

1. Log in to Azure AD as an administrator who has privileges for creating app roles.
2. Access the Oracle Database app registration that you created.
   1. Use the Directory + subscription filter to locate the Azure Active Directory tenant that contains the Oracle Database app registration.
   2. Select Azure Active Directory.
   3. Under Manage, select App registrations, and then select the Oracle Database instance that you registered earlier.
3. Under Manage, select App roles.
4. In the App roles page, select Create app role.
5. In the Create app role page, enter the following information:
   • Display name is the displayed name of the role (for example, HR App Schema). You can include spaces in this name.
   • Value is the actual name of the role (for example, HR_APP). Ensure that this setting matches exactly the string that is referenced in the database mapping to a schema or role. Do not include spaces in this name.
   • Description provides a description of the purpose of this role.
   • Do you want to enable this app role? enables you to activate the role.
6. Click Apply.

   The app role appears in the App roles pane.

   
   

Before Microsoft Azure AD users can have access to the Oracle database, they must first be assigned to the app roles that will be mapped to Oracle Database schema users or roles.

1. Log in to Azure AD as an administrator who has privileges for assigning Azure AD users and groups to app roles.
2. In enterprise applications, find the name of the Oracle Database app registration that you created. This is automatically created when you create an app registration.
   1. Use the Directory + subscription filter to locate the Azure Active Directory tenant that contains the Oracle connection.
   2. Select Azure Active Directory.
   3. Under Manage, select Enterprise applications, and then select the Oracle Database app registration name that you registered earlier.
3. Under Getting Started, select Assign users and groups.
4. Select Add user/group.
5. In the Add assignment window, select Users and groups to display a list of users and security groups.
6. From this list, select the users and groups that you want to assign to the app role, and then click Select.
7. In the Add assignment window, select Select a role to display a list of the app roles that you have created.
8. Select the app role and then select Select.
9. Click Assign.

An application that must connect to the database using the client credential flow must to be assigned to an app role.

1. Log in to Azure AD as an administrator who has privileges for assigning Azure AD users and groups to app roles.
2. Access the app registration for the application.
3. Under Manage, select API permissions.
4. In the Configured permissions area, select + Add a permission.
5. In the Request API permission pane, select the My APIs tab.
6. Select the Oracle Database app that you want to give permission for this application to access. Then select the Application permissions option.
7. Select the database app roles to assign to the application and then click the Add Permission box at the bottom of the screen to assign the app roles and close the dialog box. Ensure that the app roles that you just assigned appear under Configured permissions.
   
   
8. Select Grant admin consent for tenancy to grant consent for the tenancy users, then select Yes in the confirmation dialog box.