Give a User in Oracle Identity Cloud Service Permissions to Manage Analytics Cloud Instances

You can create security policies to give users in Oracle Identity Cloud Service suitable access to Oracle Analytics Cloud instances in Oracle Cloud Infrastructure Console.

  1. Sign-in to your cloud account as Cloud Account Administrator.
  2. Navigate to the federated Oracle Identity Cloud Service.
    1. Click Identity & Security. Under Identity, click Federation.
    2. Click the link to your Oracle Identity Cloud Service Console.
  3. In Oracle Identity Cloud Service, add one or more users.
    1. In the Users section, click Add a User.
    2. Enter details about the user, and click Finish.
  4. In Oracle Identity Cloud Service, create one or more groups and assign users to the appropriate group.
    1. Click Groups in the Navigator, and then click Add.
    2. Enter details about the group, and click Next.
      For example, if you're creating a policy that gives users permissions to fully manage Oracle Analytics Cloud instances you might name the group OCI_Analytics_Admins (or similar) and include a short description such as "Users with permissions to set up and manage Oracle Analytics Cloud instances on Oracle Cloud Infrastructure" (or similar).
    3. Add one or more users to the group.
  5. In Oracle Cloud Infrastructure Console, create an OCI group that corresponds to each of the groups you created in Oracle Identity Cloud Service.
    1. Click Identity & Security. Under Identity, click Groups.
    2. Click Create Group.
    3. Enter details about the group.
      For example, if you're creating a policy that gives users permissions to fully manage Oracle Analytics Cloud instances you might name the group analytics_service_admin (or similar) and include a short description such as "Users with permissions to set up and manage Oracle Analytics Cloud instances on Oracle Cloud Infrastructure" (or similar).
  6. Map OCI groups to the corresponding groups in Oracle Identity Cloud Service.
    1. Click Identity & Security. Under Identity, click Federation.
    2. Navigate to your Oracle Identity Cloud Service federation.
      For most tenancies, the federation is named OracleIdentityCloudService.
    3. Click Add Mapping and select the name of a group you created in Oracle Identity Cloud Service. For example, OCI_Analytics_Admins.
    4. Select the OCI group you want to map to. For example, analytics_service_admin.
  7. Create a policy that gives users belonging to an OCI group, specific access permissions to Oracle Analytics Cloud instances or compartments.
    1. Click Identity & Security. Under Identity, click Policies.
    2. Select a compartment, and click Create Policy.

Users belonging to any groups mentioned in the policy statement get their new permission when they next sign in to the Console.