5 Administrative Tasks

After an Oracle Visual Builder service instance is created, an identity domain administrator assigns one or more users the Visual Builder Administrator role for the service instance. A Visual Builder Administrator can manage and set general options for applications in the service instance.

Manage Applications in the Service Instance

An Oracle Visual Builder administrator can manage any application in the service instance and does not need to be a team member to see an application on the Home page. Administrators can perform all the tasks of a developer, including adding and removing team members, and opening, staging and publishing applications.

The Home page displays a list of the applications in the service instance. Developers can only see and manage an application when they are a member of the application’s team. Administrators can select the Administered by me checkbox if they want the list of applications to include all the applications in the instance, even the applications where they are not a team member. The checkbox is not visible to developers who do not have the role of administrator.


Description of admin-homepage-applications.png follows
Description of the illustration admin-homepage-applications.png

Note:

On the Home page for classic applications, administrators can select the Applications I administer checkbox in the Filter by pane to display the applications where they are not a team member.


Description of admin-homepage1.png follows
Description of the illustration admin-homepage1.png

Access Instance Settings

Administrators can access a page for managing the instance’s global settings. The settings page contains panels for configuring security settings, specifying Access Denied messages and specifying Oracle Process Cloud Service details.

You can access the instance settings page from any Visual Builder page, but the steps for opening the page will depend on if you are developing visual applications or classic applications.

To open an instance’s settings page:

  1. Click Home in the Visual Builder title bar to open the main menu.
  2. Click Settings in the main menu.

    If you are developing visual applications, open the main navigation pane on the Home page and select Settings.


    Description of admin-settings-menu.png follows
    Description of the illustration admin-settings-menu.png

    If you are developing classic applications, select Administer Visual Builder in the Administration Options menu and then click Global Settings.


    Description of admin-options-menu.png follows
    Description of the illustration admin-options-menu.png
The settings available for the instance are grouped on the page.

Configure Security Options for Applications

Administrators can use the Security panel in the settings page to require authentication for all applications in the instance.

When an administrator enables the Allow only secure applications to be created option, all published and staged applications in the instance will require user authentication. When the option is enabled, users must be assigned a role by the identity domain administrator and log in to access an application. When the option is not enabled, applications can be created that allow access to anonymous users.

When an application has the default security settings, any user with a valid login can access the pages in an application. A developer can modify the default security settings to define the roles that can access applications, pages and components. When the secure application option is enabled, an administrator can enable an option that users must be assigned the role of Visual Builder User in addition to any other roles used to secure access to staged and published applications. For example, security can be configured so that users assigned the role Visual Builder Developer can access the designer but can’t access the published application and data because they are not assigned the role Visual Builder User.

To block access by anonymous users to all applications in the instance:

  1. Open the instance’s settings page.
  2. In the Security panel, enable Allow only secure applications to be created.

    Anonymous users can’t access the applications when this option is enabled.


    Description of admin-settings-security.png follows
    Description of the illustration admin-settings-security.png

    When the secure applications option is enabled, administrators can enable the Only Visual Builder Users can access secure applications option.

Set Page Messages for Access Denied Errors

Administrators can use the instance’s settings page to specify a URL that users are navigated to when they are denied access to an application or page.

Authenticated users might see an Access Denied page or message when they attempt to access an application or page in an application that their user role is not permitted to access. Administrators can set the default page or message that users see when they are denied access to an application or page. Access Denied messages that are set at the application level in the General Settings of an application will override messages set in the instance’s settings page. The default Access Denied page and message is used if the message options in this panel are not set.

To specify an Access Denied page or message for applications in the instance:

  1. Open the instance’s settings page.
  2. In the Security panel, type a URL that users are directed to when denied access to an application.

    The URL that you specify is used as the Access Denied page for all applications in the instance and should be accessible to users who are not logged in.


    Description of admin-settings-messages.png follows
    Description of the illustration admin-settings-messages.png

    Note:

    If you are configuring settings for classic applications, the Access Denied settings are set in the Messages panel.
  3. Type the message that you want users to see when they are denied access to a page.

    The message that you enter will be displayed in the Access Denied page for all applications in the instance except for those where a message was set at the application level in the application’s General Settings page.

Allow Other Domains Access to Services

Use the Global Settings page to specify the domains that are permitted to interact with services in your instance.

Cross-Origin Resource Sharing (CORS) is a mechanism that enables you to specify the domains that are allowed to exchange data with applications in your instance. By default, incoming requests from domains not on your instance’s list of allowed origins are blocked from accessing application resources.

To add a domain to the list of allowed origins:

  1. Open the instance’s settings page.
  2. In the Allowed Origins panel, click New Origin and type the URL of the domain that you want to allow. Click Submit.

    The Allowed Origins panel lists all origins that are permitted to retrieve information from the instance.


    Description of admin-settings-origins.png follows
    Description of the illustration admin-settings-origins.png

Switch to Your Own Oracle DB Instance

If the 5GB limit of the database provisioned with your Visual Builder instance is insufficient for your tenant schema, you can configure your instance to use an Oracle DB instance that has more space instead of the default database.

To use a different Oracle DB instance, you use a wizard in the Tenant Settings to create a connection to the database instance and export the applications stored in tenant's current database. You can connect to an Oracle DBaaS or Autonomous Transaction Processing Database (ATP) instance.

If you decide to use JDBC to connect to your DBaaS instance, you must include the privileges required to enable the ADMIN user to create a tenant schema. The following SQL shows the grants that are needed:

CREATE USER [adminuser] IDENTIFIED BY [password];
GRANT CONNECT, RESOURCE, DBA TO [adminuser];

GRANT SELECT ON SYS.DBA_PROFILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_USERS TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_DATA_FILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_SEGMENTS TO [adminuser] WITH GRANT OPTION;

If you decide to use ATP, you might want to create a new ATP ADMIN user with the correct admin privileges. The following SQL statement shows how to create a second ATP ADMIN user in SQL*Plus or SQL Developer.

DROP USER [adminuser] CASCADE;
CREATE USER [adminuser] IDENTIFIED BY [password];
GRANT CREATE USER, ALTER USER, DROP USER, CREATE PROFILE TO [adminuser] WITH ADMIN OPTION;
GRANT CONNECT TO [adminuser] WITH ADMIN OPTION;
GRANT RESOURCE TO [adminuser] WITH ADMIN OPTION;
GRANT CREATE SEQUENCE, CREATE OPERATOR, CREATE SESSION,ALTER SESSION, CREATE PROCEDURE, CREATE VIEW, CREATE JOB,CREATE DIMENSION,CREATE INDEXTYPE,CREATE TYPE,CREATE TRIGGER,CREATE TABLE,CREATE PROFILE TO [adminuser] WITH ADMIN OPTION;
GRANT UNLIMITED TABLESPACE TO [adminuser] WITH ADMIN OPTION;
GRANT SELECT ON SYS.DBA_PROFILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_USERS TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_DATA_FILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_SEGMENTS TO [adminuser] WITH GRANT OPTION;

In the wizard you need to select and export all the applications in your instance that you want to keep. After confirming that your instance is using the new database instance, you must import the exported applications into Visual Builder to save them in the new database instance.

To switch to a different Oracle DB instance:

  1. Open the instance’s Tenant Settings page.
  2. Click Use Different Database in the Tenant Database panel to open the Change Tenant Database wizard.

    In the Change Tenant Database wizard you supply the details for the connection to your Oracle DB instance.



  3. Select a Connection Type in the drop-down list.

    You can connect to your Oracle DB instance using either JDBC or an ATP Cloud Wallet.

  4. Provide the details for connecting to your database. Click Next.

    The details you need to provide will depend upon the type of connection you selected.

  5. Select all the applications that you want to export. Click Finish.

    You must select and export all the applications that you want to keep. Any applications that are not exported will be lost.



When you click Finish, the applications that you selected are downloaded to your local file system. Exported application archives include the details about the application's user roles, and they will be available when the app is re-imported into the new database.

Reset an Expired Password or ATP Wallet for Your Oracle DB Instance

If you switch to use your own Oracle DB instance and the credentials you use to access the instance expire, you can renew the expired credentials using the Update Tenant Database Connection dialog.

To regenerate the expired values, you need to provide the ADMIN user credentials that you provided when you first switched to your own Oracle DB instance. Visual Builder uses the ADMIN user credentials to generate new Visual Builder tenant credentials to replace the expired credentials. Visual Builder does not store the ADMIN user credentials that you supply.

To reset expired credentials:

  1. Open the General tab of the instance’s Tenant Settings page.
  2. In the Tenant Database field, click the Edit icon to open the Update Tenant Database Connection wizard.
  3. In the Update Tenant Database Connection wizard, supply the ADMIN user credentials that Visual Builder will use to reset the expired credentials for your Oracle DB instance.
  4. Click Finish.

Add a Connection to Integration Applications

Administrators can use the Services tab in the Tenant Settings page to add a connection to an instance of Oracle Integration as a backend service.

To add a connection to an instance of Oracle Integration as a backend service, the instance of Oracle Integration should be co-hosted with Visual Builder because the authentication types that Visual Builder supports for this configuration is Oracle Cloud Account or Propagate Current User Identity. In most cases, this backend service (Oracle Integration) will be preconfigured for your Visual Builder instance.

If you are using multiple Visual Builder instances, for example, development and production instances, you might need to add connections to Oracle Integration in more than one instance.

To add a connection to an Oracle Integration instance:

  1. Open the instance’s Tenant Settings page.
  2. In the Services tab, click Create Backend and choose Integrations in the Backend Service Type dialog.
  3. In the dialog, type the Server URL of the backend service, configure other settings, such as security, as needed, and click Create.

Add a Connection to Oracle Cloud Applications

The list of REST services in the service catalog of a visual application is retrieved from an Oracle Cloud Applications backend service. Specify the instance URL of the Oracle Cloud Applications backend service in the Tenant Settings page or in the Settings page of a visual application.

All visual applications in the tenant will use the Oracle Cloud Applications instance URL specified in Tenant Settings, but a visual application can be configured to use a different Oracle Cloud Applications backend service by specifying a different instance URL in the visual application’s Settings page. The tenant-level backend configuration is ignored if you or a visual application developer configures a different Oracle Cloud Applications backend service in a visual application’s Settings page.

The authentication choices available to configure a tenant-level Oracle Cloud Applications backend are:
  • Oracle Cloud Account: Needs federation between Oracle Cloud Applications and Visual Builder.
  • Propagate Current User Identity: Same as Oracle Cloud Applications. That is, it needs federation between Oracle Cloud Applications and Visual Builder.
  • None: This assumes your Oracle Cloud Applications REST API can be called without any authentication, which is not usually the case.

If the necessary pre-requisites for setting a tenant-level Oracle Cloud Applications backend service are not available, then a visual application developer can set up a backend service at the visual application level where more options are available. Another option is for you (the service administrator) to configure the Oracle Cloud Applications backend with None and let the visual application developer override the authentication setting at the visual application level.

To specify an Oracle Cloud Applications service for the tenant:

  1. Open the instance’s Tenant Settings page.
  2. In the Services tab, click Create Backend and choose Oracle Cloud Applications in the Backend Service Type dialog.

    When specifying the URL in the Tenant Settings, you (the service administrator) only need to provide the instance URL of the Oracle Cloud Applications backend service to retrieve the list of services.


    Description of admin-settings-fa-url.png follows
    Description of the illustration admin-settings-fa-url.png
  3. In the dialog, type the Server URL of the backend service, and configure other settings, such as security, as needed.
  4. (Optional) After you configure settings for the backend, add headers to the backend.
    Backend headers that you add will be applicable for any service connection to this backend, irrespective of the server or application profile that is used.
  5. Click Create.

    Visual Builder automatically discovers the interfaceCatalogs endpoint of the Oracle Cloud Applications backend, which retrieves the list of services and their metadata. This endpoint is typically in the form:

    https://<My Oracle Cloud Applications Instance URL >

    This endpoint is publicly accessible without any authentication.

    If there is a problem creating the connection, verify the instance URL of the Oracle Cloud Applications instance.

Add a Connection to Process Cloud Service

Administrators can use the instance’s Tenant Settings page to add a connection to an instance of Oracle Process Cloud Service as a backend service.

To add a connection to an instance of Oracle Process Cloud Service as a backend service, the instance of Oracle Process Cloud Service should be co-hosted with Visual Builder because the authentication types that Visual Builder supports for this configuration is Oracle Cloud Account or Propagate Current User Identity. In most cases, this backend service (Oracle Process Cloud Service) will be preconfigured for your Visual Builder instance.

If you are using multiple Visual Builder instances, for example, development and production instances, you might need to add connections to Oracle Process Cloud Service in more than one instance.

To add a connection to an Oracle Process Cloud Service instance:

  1. Open the instance’s Tenant Settings page.
  2. In the Services tab, click Create Backend and choose Process in the Backend Service Type dialog.
  3. In the dialog, type the Server URL of the backend service, configure other settings, such as security, as needed, and click Create.

Manage Self-signed Certificates

Administrators can use the Certificates page to upload and manage the self-signed certificates used by the instance to enable inbound and outbound SSL communications to a service’s REST APIs

When creating connections to REST services that use self-signed certificates, you might need to add an API’s certificate to your Visual Builder instance to validate SSL connections to that service. You can use the Certificates page to upload and remove certificate files (.pem)  for services. Uploading a service’s certificate file to the keystore will allow all applications in the instance to communicate with that service. The Certificates page displays a list of certificates that have been added. You can click the Delete button in a row to remove the certificate.

To upload a self-signed certificate:

  1. Open the Visual Builder main menu and click Certificates.

    The Certificates page displays a list of the certificates already uploaded to the instance.


    Description of admin-certificates-page.png follows
    Description of the illustration admin-certificates-page.png
  2. Click Upload to open the Upload Certificate dialog box.

    You use the Upload Certificate dialog box to create an alias for the certificate and upload the service’s certificate file from your local system.


    Description of admin-certificates-upload.png follows
    Description of the illustration admin-certificates-upload.png
  3. Type the alias in the Certificate Alias Name field.

    The alias is used to identify the certificate in the table in the Certificates page. The Certificate Type dropdown list is read-only because only Trust Certificates are supported.

  4. Drag the certificate file from your local system into the upload target area, or click the upload target area to browse your local system.
  5. Click Upload to add the certificate to the service keystore.