Before You Begin

This 15-minute tutorial shows you how to manage the roles, users, and permission lists that are delivered with PeopleSoft Cloud Manager.

Background

This is the fourteenth tutorial in the Install PeopleSoft Cloud Manager series. Read the tutorials in the order listed. The optional tutorials offer alternate methods for setup.

• Prepare to Install PeopleSoft Cloud Manager
• Verify Oracle Cloud Account Information for PeopleSoft Cloud Manager
• Plan the Virtual Cloud Network for PeopleSoft Cloud Manager (Optional)
• Create a Virtual Cloud Network for PeopleSoft Cloud Manager in the Oracle Cloud Infrastructure Console (Optional)
• Use Custom or Private Network Resources with PeopleSoft Cloud Manager (Optional)
• Create a Custom Linux Image for PeopleSoft Cloud Manager (Optional)
• Create a Custom Windows Image for PeopleSoft Cloud Manager in Oracle Cloud Infrastructure (Optional)
• Create Vault Resources for Password Management for PeopleSoft Cloud Manager
• Generate API Signing Keys for PeopleSoft Cloud Manager
• Install the PeopleSoft Cloud Manager Stack with Resource Manager
• Log in to the Cloud Manager Instance
• Specify Cloud Manager Settings
• Use File Storage Service for PeopleSoft Cloud Manager Repository
• Manage Cloud Manager Users, Roles, and Permission Lists
• Configure a Web Proxy for PeopleSoft Cloud Manager (Optional)
• Create a Load Balancer in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager Environments (Optional)
• Create Defined Tags in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager (Optional)
• Create Data Science Resources for Auto Scaling in PeopleSoft Cloud Manager (Optional)

Understanding Access for Cloud Manager Environments

The access for Cloud Manager provisioned environments is controlled by permission lists, roles, and delegated access.

The types of access available in Cloud Manager include:

• Role-based access
  

  Control over the actions that a user can perform is determined by roles and permission lists. The delivered roles and permission lists are described in this tutorial.

  Customer administrators create roles based on delivered permission lists and assign the created role to intended users. Thus users who are assigned with the role alone can access and carry out actions on the specified resource, such as environments.

  When non-view permissions are assigned to users, corresponding resources are listed or displayed to the assigned user by default. For example, when environment upgrade permission is assigned to a user, there is no need to assign view-environment-detail permission to the user; it will be assigned automatically by the system.
  Using permission lists and roles controls access at the global level. Only an administrator can provide access at the global level, using PeopleSoft security. The user assigned with the role (containing the required permission lists) can perform the corresponding action on all resources of a resource type.

  See PeopleTools: Security Administration. See the PeopleSoft PeopleTools page on Oracle Help Center.

• Resource ownership

  The creator of a resource in Cloud Manager is automatically categorized as owner of the resource. Resource owners are automatically assigned with access to all actions available on the resource, including the ability to delegate access to the created resource.

• Resource-level access for a single resource
  

  Resource owners, administrators, or users with delegation privilege delegate access to applicable actions on a per-resource basis. The scope is limited to a single resource. This enables non-administrator users to carry out required actions on resources created by other users, without providing them with ownership on the resource or an administrator role.

  See the information on delegating access in PeopleSoft Cloud Manager. Select the PeopleSoft Cloud Manager page on Oracle Help Center.

• Resource-level access for tagged environments
  

  Administrators can delegate access to groups of users on environments that are logically grouped using environment tags.

  See the information on Role Based Security Page in PeopleSoft Cloud Manager. Select the PeopleSoft Cloud Manager page on Oracle Help Center.

Here is an example of providing global access based on roles. The Cloud Manager administrator wants to grant life-cycle management privileges to User A on all environments, both environments that User A created and those created by other users.

1. The administrator creates a role for life-cycle management called CM_LCM.

   The navigation is PeopleTools > Security > Permission & Roles > Roles.

2. The administrator associates the delivered permission lists PACL_ENV_START, PACL_ENV_BKUP_RESTOR and PACL_ENV_STOP to the CM_LCM role.
3. The administrator opens the User Profile page for User A and associates the CM_LCM role.

   The navigation is PeopleTools > Security > User Profiles > User Profiles.

This gives User A privileges to perform the environment start, stop, and backup/restore actions on all environments. By default, this means that when User A signs in to Cloud Manager, all environments will be displayed to them by default. There is no need to explicitly add (grant) a permission list to view the environment. When User A views the Actions menu for any environment the start, stop, and backup/restore actions will be available.

Here is an example of resource-level access. User B created Environment B. User B is asked to delegate access to User C to start and stop Environment B.

1. In Cloud Manager, User B clicks the Actions icon for Environment B and selects Delegate Access from the menu.
2. On the Access Details page, User B specifies User C and permission names ENV_START and ENV_STOP.
3. When User C signs in to Cloud Manager, they can view Environment B and will have Start and Stop on the Actions menu.

This gives User C privileges to perform only the start and stop actions on Environment B.

Review Cloud Manager Delivered User and Roles

Cloud Manager is delivered with the CLADM  user account, which is associated with the Cloud Administrator role and other PeopleSoft administrative roles.

Here is a summary of the roles that are delivered with Cloud Manager, and the tasks associated with each roles:

Cloud Administrator (PACL_CAD)

• Downloads and initiates the Cloud Manager image from Oracle Cloud Marketplace.
• Provisions the Cloud Manager instance in Oracle Cloud Infrastructure Compute.
• Configures the Cloud Manager Repository to auto-download required PeopleSoft Update Images (PIs) from My Oracle Support.
• Has access to all Cloud Manager tiles.
• Has the ability to add Cloud PeopleSoft Administrator and Self-Service Users.
• Can manage all environments.

Cloud PeopleSoft Administrator (PACL_PAD)

• Creates deployment templates based on downloaded PIs or customer environments that have been cloned to template in Oracle Cloud Infrastructure Compute.
• Has access to the Topology, Environment Template, Environments, and My Settings tiles.
• Can manage all environments.

Self-Service User (PACL_SSC)

• Creates Oracle Cloud Infrastructure Compute instances from available templates.
• Starts, stops, and deletes instances.
• Has access to the Environments and My Settings tiles.
• Can manage only their own environments.

Review Cloud Manager Permission Lists

Cloud Manager is delivered with these permission lists.

Permission List	Description
PACL_001	Permissions for Cloud Administrator. This provides access to the Cloud Manager Settings tile and its features.
PACL_002	Permissions for Cloud PeopleSoft Administrator. This provides access to all tiles and features except those on Cloud Manager Settings.
PACL_003	Permissions for the self-service user. This provides access to Environments and My Settings tiles and their features.
PACL_ENV_ATTRIBUTES	Administer environment configuration. This provides access to the Manage Attributes page on the Environment Details page.
PACL_ENV_BKUP_RESTOR	Back up or restore the environment. This provides access to Backup/Restore on the environment Actions menu.
PACL_ENV_CLONE	Create a copy (clone) of an environment. This provides access to Clone on the environment Actions menu.
PACL_ENV_CREATE	Create an environment. This provides access to the Create Environment button on the environments page.
PACL_ENV_DELETE	Delete an environment. This provides access to Delete on the environment Actions menu.
PACL_ENV_DETAILS	View environment details. This provides access to Details on the environment Actions menu.
PACL_ENV_DR	Set up a standby environment for disaster recovery. This provides access to Disaster Recovery on the environment Actions menu.
PACL_ENV_IMPORT	Import an environment. This provides access to the Import Environment button on the environments page.
PACL_ENV_IMPORT_NODE	Import an environment node.
PACL_ENV_INFRA_PATCH	This provides access to the Infra CPU Patches page on the Environment Details page.
PACL_ENV_LB_SETTING	Set up load balancer. This provides access to the Load Balancer Settings page on the Environment Details page.
PACL_ENV_MANAGE_NODE	Manage nodes.
PACL_ENV_MANAGE_PUM	Manage source and target information for PUM environments. This provides access to the Manage PUM Connections page on the Environment Details page.
PACL_ENV_MANAGE_TAG	Associate tags with the environment. This provides access to the Manage Tag page on the Environment Details page.
PACL_ENV_PASSWORD	This provides access to the Manage Passwords page on the Environment Details page.
PACL_ENV_PATCH	This provides access to the Apply PeopleTools Patch page on the Environment Details page.
PACL_ENV_POLICY	Create and manage policies for the environment. This provides access to the Policies page on the Environment Details page.
PACL_ENV_REFRESH	Refresh the environment. This provides access to Refresh on the environment Actions menu.
PACL_ENV_START	Start the environment. This provides access to Start on the environment Actions menu.
PACL_ENV_STOP	Stop the environment. This provides access to Stop on the environment Actions menu.
PACL_ENV_UPGRADE	Upgrade the environment's PeopleTools release. This provides access to the Upgrade PeopleTools page on the Environment Details page

View Cloud Manager Permission Lists and Roles

To view the delivered Cloud Manager Permission Lists:

1. Sign in to Cloud Manager in a browser, as described in the tutorial Specify Cloud Manager Settings.
2. On the Cloud Manager home page, click the NavBar button at the top right, click the Menu button, and select PeopleTools > Security > Permissions & Roles > Permission Lists from the menu.

   

   Description of this illustration (homepage_menu_peopletools.png)

3. Enter PACL in the Search By field, and click Search on the Permission Lists page to see the delivered Cloud Manager Permission Lists.

   Note.

   PACL_ENV_DELEGAT_ACCESS, shown in this example, is no longer supported and will be removed in a future image.
   
   

   

   Description of this illustration (view_perm_lists_1of2.png)

   

   Description of this illustration (view_perm_lists_2of2.png)

4. Navigate to PeopleTools > Security > Permissions & Roles > Roles, enter PACL and click Search to view the delivered Cloud Manager Roles, PACL_CAD, PACL_PAD and PACL_SSC.
   

   

   Description of this illustration (view_roles.png)

5. Select PACL_CAD from the Search Results and select the Permission Lists tab.

   The permission lists that are associated with Cloud Administrator include PACL_001, PACL_002, and PACL_003.

   

   Description of this illustration (cloud_admin_role_perm_lists.png)

6. Click Next in List to view the three permission lists associated with PACL_PAD, the Cloud PeopleSoft Administrator.

   The associated permission lists include the Cloud Manager permission lists PACL_002 and PACL_003.

   

   Description of this illustration (cloud_psft_admin_perm_lists.png)

7. Click Next in List to view the two permission lists associated with PACL_SSC, the Cloud Self Service User.

   The associated permission list is the Cloud Manager permission list PACL_003.

   

   Description of this illustration (cloud_selfservice_user_perm_lists.png)

Add Cloud Manager Roles to an Existing User Profile

To set up a user profile for a Cloud Manager user, the Cloud Administrator can create a new user, or begin with an existing user and add the requisite roles, as shown in this section. For details on working with PeopleSoft user profiles, see PeopleTools: Security Administration, "Working with User Profiles." See PeopleSoft PeopleTools on Oracle Help Center, Online Help and PeopleBooks.

1. Sign in to Cloud Manager in a browser using the Cloud Administrator user ID, CLADM, and the password you specified when installing Cloud Manager.
2. On the home page, select PeopleTools > Security > User Profiles > Copy User Profiles to access the User Profiles search page

   

   Description of this illustration (homepage_menu_copy_user_profiles.png)

3. Select the User ID that you want to copy, for example ASSETMGR.

4. On the Copy User Profiles page, enter a new user ID, CLDASSETMGR in this example, a description, and the password that the new user ID should use to sign in to Cloud Manager.

   Note:

   This example show the Copy ID Type Information option selected. If this option is not selected, the system does not save the EMPLID in the PSOPRDEFN table.

   Click Save.

   

   Description of this illustration (copy_user_prof_new_user_info.png)

5. On the General page, supply any necessary information.
   

   

   Description of this illustration (user_profiles_page_general_tab.png)

6. Select the Roles tab, and click the plus sign in the User Roles table to add a new row.
   

   

   Description of this illustration (user_profiles_page_roles_tab.png)

7. On the Look Up Role Name page, enter PACL in the search field, and select PACL_PAD, for the Cloud PeopleSoft Administrator.
   

   

   Description of this illustration (look_up_role_name_page.png)

   The new role appears in the User Roles table.

   

   Description of this illustration (user_profiles_page_added_role.png)

8. Repeat steps 6 and 7 to add other Cloud Manager roles, and save the profile.

Next Steps

Configure a Web Proxy for PeopleSoft Cloud Manager (Optional)

Learn More

• PeopleSoft Cloud Manager Home Page, My Oracle Support, Doc ID 2231255.2
• Cumulative Feature Overview Tool (Click Generate a CFO report and select PeopleSoft Cloud Manager at the top.)
• Oracle Cloud Documentation in Oracle Help Center

---

Title and Copyright Information

Manage Cloud Manager Users, Roles, and Permission Lists

F26263-10

January 2025

Copyright © 2025, Oracle and/or its affiliates. 

Manage the roles, users, and permission lists that are delivered with PeopleSoft Cloud Manager.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.