Oracle Visual Builder Roles and Privileges

A role includes privileges that allow users to perform various tasks. All Oracle Cloud services have some predefined roles for performing tasks when setting up, administering, managing, and using a service. There are predefined roles for the PaaS layer, the application layer and Oracle Visual Builder.

The PaaS-layer roles govern access to WebLogic Server. The application-layer predefined roles include ServiceAdministrator, ServiceMonitor, ServiceDeveloper, ServiceDeployer, and ServiceUser, but only some of these roles are used and mapped to the predefined roles used in Oracle Visual Builder. To perform tasks in Oracle Visual Builder, the user must be assigned to one of the Oracle Visual Builder predefined roles. Users can hold multiple roles depending on their responsibilities. For example, a user might be granted both the ServiceAdministrator and ServiceMonitor roles, but any privileges granted by the role of ServiceMonitor are ignored in Oracle Visual Builder.

Predefined Roles in PaaS and Application Layers

The following table describes the predefined roles available in the PaaS layer and the application layer.

Predefined Roles	Description
PaaS-Layer Predefined Roles	Govern access to WebLogic Server
Administrators	A user with the Administrators role can: View the server configuration, including the encrypted value of some encrypted attributes Modify the entire server configuration Deploy Enterprise Applications and Web application, EJB, Java EE Connector, and Web Service modules Start, resume, and stop servers
Deployers	A user with the Deployers role can: View the server configuration, including some encrypted attributes related to deployment activities Change startup and shutdown classes, Web applications, JDBC data pool connections, EJB, Java EE Connector, Web Service, and WebLogic Tuxedo Connector components. If applicable, edit deployment descriptors. Access deployment operations in the Java EE Deployment Implementation (JSR-88)
Monitors	A user with the Monitors role can: View the server configuration, except for encrypted attributes Get read-only access to WebLogic Server Administration Console, WLST, and MBean APIs
Operators	A user with the Operators role can: View the server configuration, except for encrypted attributes Start, resume, and stop servers
Application-Layer Predefined Roles	Govern access to the various Oracle Visual Builder features:
ServiceAdministrator	A user with the ServiceAdministrator role is a super user who can manage and administer the administrator settings of an Oracle Visual Builder instance.
ServiceMonitor	This role is not used in Oracle Visual Builder
ServiceDeveloper	A user with the ServiceDeveloper role can develop applications in an Oracle Visual Builder instance.
ServiceDeployer	This role is not used in Oracle Visual Builder.
ServiceUser	A user with the ServiceUser role has privileges to utilize only the basic functionality of a feature such as access to the staged and published applications.

Privileges Available to Roles in Oracle Visual Builder

There are three predefined roles in Oracle Visual Builder, and these roles are mapped to specific application-layer roles. The following table lists Oracle Visual Builder predefined roles and the tasks that users granted those roles can perform.

Oracle Visual Builder Predefined Role	Mapped Role	Tasks Users Can Perform in Oracle Visual Builder
Visual Builder Administrator	ServiceAdministrator	A user with this role can: Use the visual design tool Create, manage, and change the owners of applications Create associations with other services Configure security options for applications in an instance Specify error messages for Access Denied pages
Visual Builder Developer	ServiceDeveloper	A user with this role can: Use the visual design tool Create, manage, secure, and publish web and mobile applications Design pages, work with business objects, build and test applications
Visual Builder User	ServiceUser	A user with this role can only access staged and published applications. The default permission is enforced only when the service administrator adjusts security settings for the entire service instance to restrict all access to runtime applications to the users granted this role.

Oracle Visual Builder Predefined Role

Mapped Role

Tasks Users Can Perform in Oracle Visual Builder

Visual Builder Administrator

ServiceAdministrator

A user with this role can:

Use the visual design tool
Create, manage, and change the owners of applications
Create associations with other services
Configure security options for applications in an instance
Specify error messages for Access Denied pages

Visual Builder Developer

ServiceDeveloper

A user with this role can:

Use the visual design tool
Create, manage, secure, and publish web and mobile applications
Design pages, work with business objects, build and test applications

Visual Builder User

ServiceUser

A user with this role can only access staged and published applications. The default permission is enforced only when the service administrator adjusts security settings for the entire service instance to restrict all access to runtime applications to the users granted this role.

Roles Required for Git Integration

Oracle Visual Builder can be integrated with Git repositories hosted in Oracle Visual Builder Studio projects. When configuring integration with a Git repository, to access the Git repository the user will need to supply the credentials of a user in IDCS with the DEVELOPER_USER role for authentication.

If you have configured Single Sign-On (SSO) so that IDCS federates to another identity provider (IdP), the SSO user credentials can't be used to access the Git repository. You'll need to define a new user in IDCS with the DEVELOPER_USER role and use the new user's credentials when configuring the Git integration.