What is Oracle Identity Cloud Service?
Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that your users have with your applications, including with other Oracle Cloud services like Oracle Application Container Cloud Service. With Oracle Identity Cloud Service you can create custom password policies and email notifications, onboard new users, assign users and groups to applications, and run security reports. See these topics in Administering Oracle Identity Cloud Service:
Managing Service Administrators
When your Oracle Cloud account includes Oracle Identity Cloud
Service, use it to create users and groups and to give them access to Oracle Application Container Cloud
Service. Assign users the
APAAS APAASAdministrators role in order to grant them rights to create and manage applications. See these topics in Administering Oracle Identity Cloud Service:
Managing Application Roles in Oracle Identity Cloud Service
After you deploy your application with Basic or OAuth selected, you can go to the Application Overview page and click the Manage Access link. This takes you to Oracle Identity Cloud Service, where you can manage users and roles with access to the application.
For each Oracle Application Container Cloud Service application with OAuth that it manages, Oracle Identity Cloud Service provides the following predefined roles:
The application deployer is automatically assigned the
App Administrators role.
You can use these roles to implement custom authorization in the application code, which would understand and enforce the role-based grants. Typically, users with the
App Administrators role have full access to the application, users with the
App Operators role have limited access to the application, and users with the
App Monitors role have read-only access to the application.
For example, suppose the Oracle Application Container Cloud
Service application performs inventory management. The application code might permit users with the
App Administrators role to add and delete items, while users with the
App Operators role can only change amounts for existing items and users with the
App Monitors role can only view items and amounts.