Create and Assign a Custom Role

You may need to assign custom roles to some users (application developers) so that they can secure applications, or run APIs to monitor or manage specific cloud services. For example, to monitor cloud services using the REST API, a user must have the Monitoring_ApiAcces custom role.

These custom roles are not predefined unlike the other Oracle Cloud user roles, and hence must be created in Infrastructure Classic Console or Applications Console before assignment. You can create custom roles only if you’re a cloud account administrator or an identity domain administrator.

If you’re using the Cloud Account with Identity Cloud Service to create a custom role, you must first create a user group with the name of the custom role, and then assign users to the group.

To create a custom role and assign to users:

Create a user group with the custom role name.
1. Sign in to Applications Console or Infrastructure Classic Console. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
2. Open the navigation menu. Under Account Management, click Users. The User Management page appears.
3. Click the Groups tab.
4. Click Add. The Add Group dialog box opens.
5. Provide the name of your custom role. For example, Monitoring_ApiAcces or DBAAS_Notification_User.
6. Click Add.
The user group with the custom role name is created and you can view it in the Groups page.
Add users to the new group that you created.
1. In the Groups list page, select the group that you created. For example, Monitoring_ApiAcces.
2. Click Users and then click Add to Group.
3. From the Add To Group dialog box, select users to add to the group.
4. Click Add.

Selected users are added to the group and are assigned the custom role.