3.4 Role-Based Administration

Management, configuration and self-service user tasks within Oracle Private Cloud at Customer are performed through Oracle Enterprise Manager. It contains many features and options for role based access control, enabling privileges and functions associated with predefined roles. Oracle Private Cloud at Customer uses the Infrastructure as a Service (IaaS) functionality, which provides these default roles: EM_CLOUD_ADMINISTRATOR, EM_SSA_ADMINSTRATOR, EM_SSA_USER.

In a typical Oracle Private Cloud at Customer environment, a simplified approach is taken. There are three logical categories of users; each of them using the built-in IaaS roles and privileges differently.

  • Cloud Administrator

    The Cloud Administrator user account is owned by Oracle. The account has all the access rights and privileges to perform the Oracle Enterprise Manager setup for all the infrastructure components under its control, to configure the building blocks available to the virtualized environment, and to generate other roles and user accounts.

  • Customer Administrator

    The Customer Administrator account is the customer-owned account with the highest privileges. This account has no control over the infrastructure, but configures the Self Service Portal for users, manages the virtualized resources and sets quota on those resources for the end users. The Customer Administrator can submit a service request to have configuration changes applied that require Cloud Administrator privileges.

  • Cloud User

    A Cloud User account is provided to all consumers of virtualized resources. All users manage the life cycle of their deployed virtual machines, as well as the storage space and networking resources made available to them. They can do so within the limitations of the quota assigned to them by the Customer Administrator, and consult chargeback information about their usage at any time.

Oracle Enterprise Manager has two different management interfaces:

  • The Cloud Control Console is used by Customer Administrators to set up, monitor and manage your Infrastructure as a Service (IaaS) environment.

  • The Self Service Portal is the home page of the Cloud Users. It enables Cloud Users to provision and access virtual machines and applications, and allows tracking of resource consumption and data collection for chargeback and capacity planning.