1. Getting Started with Oracle Cloud Applications
  2. Add Users, Assign Policies and Roles
  3. Add Users to a Cloud Account with Identity Cloud Service
  4. Create Users and Assign Roles

Create Users and Assign Roles

If you’re a cloud account administrator or an identity domain administrator, then you can create user accounts.

Typically, the following types of users are required to manage Oracle Cloud services:
  • Cloud Account Administrator
  • Identity Domain Administrator
  • Service Administrator
  • Business Administrator
  • Non-adminsitstor or a user

Create a Cloud Account Administrator

Large enterprises require multiple Cloud Account Administrators to manage their accounts, subscriptions, services, and users. You, as a buyer or a cloud account administrator, can create other users and make them Cloud Account Administrators.

With your buyer or cloud account administrator privileges, create a Cloud Account Administrator.
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Open the navigation menu. Under Account Management, click Users.
    The User Management page appears.
  3. Click Add.
  4. On the Add User page, enter this information:
    • The first name and last name of the user.
    • Their email address, alternate email address, and mobile phone number. Note that the email address and alternate email address must be different.
    • Their work information such as their title and work phone number.
  5. Click Next.
  6. On the Add User-Service Access page, click Add My Roles. Since you’ve the Cloud Account Administrator privileges, assigning your roles makes the user a Cloud Account Administrator. However, if you've other roles too, then they are also assigned to the new user.
  7. Click Finish.
The user is added and receives an email to activate their account.

Create an Identity Domain Administrator

Identity domain administrators can perform all the administrative functions related to Oracle Cloud services within an identity domain or a cloud account. They can create and manage users and services.

With your buyer or cloud account administrator privileges, create an Identity Domain Administrator.
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Open the navigation menu. Under Account Management, click Users.
    The User Management page appears.
  3. Click Add.
  4. On the Add User page, enter this information:
    • The first name and last name of the user.
    • Their email address, alternate email address, and mobile phone number. Note that the email address and alternate email address must be different.
    • Their work information such as their title and work phone number.
  5. Click Next.
  6. To assign the Identity Domain Administrator role to the user, click the text box under Identity Cloud and select this role.
  7. Click Finish.
The user is added and receives an email to activate their account. They can then create and manage users in the cloud account.

Create a Service Administrator

Service administrators manage and monitor specific services in a cloud account. You can assign all the available administration roles or specific service administration roles to the user.

By default, the Add User-Service Access page displays all services in the cloud account. If you want to assign roles for a specific service, then you can filter the list by using the Filter by Service box. You can also opt to display only services, only instances, or both, by using the Show filter.

For example, to assign roles specifically for the Oracle Cloud Infrastructure Compute Classic instance, select Compute Classic from the Filter by Service list, and then select Only Instances from the Show filter.

Note:

Only those services or applications that have associated roles are displayed in the Add User-Service Access page. See About Service Administrator Roles.
With your buyer or cloud account administrator privileges, create a service administrator.
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Open the navigation menu. Under Account Management, click Users.
    The User Management page appears.
  3. Click Add.
  4. On the Add User page, enter this information:
    • The first name and last name of the user.
    • Their email address, alternate email address, and mobile phone number. Note that the email address and alternate email address must be different.
    • Their work information such as their title and work phone number.
  5. Click Next.
  6. On the Add User-Service Access page, click Add Admin Roles. This will assign all the available administrator roles such as Service Administrator, Application Administrator, Identity Domain Administrator, or Entitlement Administrator, to the user.
  7. To assign service-specific administrator roles, click the text boxes below each required service and then select the required roles. Or, use the filter to display services that you require. For example, to assign an OCI Administrator role, filter the service list for Compute, click the text box under Compute and select the OCI_Administrator role.
  8. Click Finish.
The user is added and receives an email to activate their account.

Create a Business Administrator

Business administrators monitor the account usage and download reports. They access Infrastructure Classic Console or Applications Console in read-only mode and can only view and monitor the account usage from the Account Management page in Infrastructure Classic Console or Applications Console.

With your buyer or cloud account administrator privileges, create a Business Administrator.
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Open the navigation menu. Under Account Management, click Users.
    The User Management page appears.
  3. Click Add.
  4. On the Add User page, enter this information:
    • The first name and last name of the user.
    • Their email address, alternate email address, and mobile phone number. Note that the email address and alternate email address must be different.
    • Their work information such as their title and work phone number.
  5. Click Next.
  6. To assign the Business Administrator role, click the text box under Cloud Account and select this role. By default, a Cloud Account Administrator will also have the Business Administrator role. If you assign only the Business Administrator role to the user, then they will have read-only access to Infrastructure Classic Console or Applications Console, but can monitor the account usage and download reports.
  7. Click Finish.
The user is added and receives an email to activate their account.

Create a Non-Administrator

Oracle Cloud automatically creates several user roles such as service-specific user or developer, which are non-administrator roles. These roles let a user access the Oracle Cloud service instances within an identity domain or account. Non-administrators (end users) use the Infrastructure Classic Console or Applications Console to manage their password.

Note that not all cloud services have associated user roles. For those that do, you can use the Add User-Service Access page to assign those roles. Refer to the service-specific documentation for information on assigning these roles to a user.

By default, the Add User-Service Access page displays all services in the cloud account. If you want to assign roles for a specific service, then you can filter the list by using the Filter by Service box. You can also opt to display only services, only instances, or both, by using the Show filter.

With your buyer cloud account administrator privileges, create a non-administrator.
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Open the navigation menu. Under Account Management, click Users.
    The User Management page appears.
  3. Click Add.
  4. On the Add User page, enter this information:
    • The first name and last name of the user.
    • Their email address, alternate email address, and mobile phone number. Note that the email address and alternate email address must be different.
    • Their work information such as their title and work phone number.
  5. Click Next.
  6. To assign all the available non-administrative roles to the user, click Add User Roles.
  7. To assign specific user roles, filter the service list. Click the text box below the required service and select the required user roles. For example, APICSAUTO_ENTITLEMENT_MONITOR, which lets the user monitor API Platform service instances.
  8. Click Finish.
The user is added and receives an email to activate their account.