Get Started with Application Roles

Administrators configure what users see and do in Oracle Analytics Cloud from the Roles and Permissions page in the Console. This page presents user information in four different views: User, Groups, Application Roles, Permissions.

Users and Roles Page Description

Users tab

Lists users from the identity domain associated with your Oracle Analytics instance.

From the Users tab, you can:

  • Discover the groups and application roles that each user directly belongs to.
  • Discover the permissions granted directly to a user.
  • Add or remove application roles assigned to a user.
  • Remove permissions granted directly to a user.
  • Generate a report that lists the groups or application roles assigned to a user, either directly or indirectly.

You can’t add or remove user accounts through the Users tab. Use your identity management system to manage user accounts.

It's best practice to assign permissions to application roles. You can't grant permissions to a user. However, if the user already has permission grants (for example, though migration from an on-premise environment), you can remove these permission grants from the user.

Groups tab

Lists user groups from the identity domain associated with your Oracle Analytics instance.

From the Groups tab, you can:

  • Discover the members (users or groups) directly assigned to each group.
  • Discover the application roles or any other groups that a group is directly assigned to.
  • Add or remove application roles assigned to a group.

You can’t add or remove user groups through the Groups tab. Use your identity management system to manage user groups.

Application Roles tab

Lists the predefined application roles for Oracle Analytics and any user-defined application roles that you add.

From the Application Roles tab, you can:

  • Create your own application roles.
  • Discover the members (users, groups, application roles) directly assigned to each application role.
  • Discover the permissions directly granted to each application role.
  • Add members or remove members from each application role.
  • Discover whether an application role is a member of any other application role.
  • Add or remove memberships for each application role.
  • Grant permissions to user-defined application roles.
  • Remove permissions from user-defined application roles.
  • Generate a report that lists the users assigned to an application role, either directly or indirectly.
  • Generate a report that lists the groups (or IDCS application roles) assigned to an application role, either directly or indirectly.
  • Generate a report that lists other application roles assigned to an application role, either directly or indirectly.
  • Generate a report that lists any other application roles an application role is assigned to, either directly or indirectly.
Permissions tab Lists the permissions available in Oracle Analytics.

From the Permissions tab, you can:

  • Search for permissions and filter the permissions list.
  • Discover the application roles a permission is directly assigned to.
  • Discover the users a permission is directly assigned to.