Use Oracle Identity Cloud Service with Oracle Application Container Cloud Service
Topics
What is Oracle Identity Cloud Service?
Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that your users have with your applications, including with other Oracle Cloud services like Oracle Application Container Cloud Service. With Oracle Identity Cloud Service you can create custom password policies and email notifications, onboard new users, assign users and groups to applications, and run security reports. See these topics in Administering Oracle Identity Cloud Service:
Managing Service Administrators
When your Oracle Cloud account includes Oracle Identity Cloud
Service, use it to create users and groups and to give them access to Oracle Application Container Cloud
Service. Assign users the APAAS APAASAdministrators
role in order to grant them rights to create and manage applications. See these topics in Administering Oracle Identity Cloud Service:
Managing Application Roles in Oracle Identity Cloud Service
After you deploy your application with Basic or OAuth selected, you can go to the Application Overview page and click the Manage Access link. This takes you to Oracle Identity Cloud Service, where you can manage users and roles with access to the application.
For each Oracle Application Container Cloud Service application with OAuth that it manages, Oracle Identity Cloud Service provides the following predefined roles:
-
App Administrators
-
App Operators
-
App Monitors
The application deployer is automatically assigned the App Administrators
role.
You can use these roles to implement custom authorization in the application code, which would understand and enforce the role-based grants. Typically, users with the App Administrators
role have full access to the application, users with the App Operators
role have limited access to the application, and users with the App Monitors
role have read-only access to the application.
For example, suppose the Oracle Application Container Cloud
Service application performs inventory management. The application code might permit users with the App Administrators
role to add and delete items, while users with the App Operators
role can only change amounts for existing items and users with the App Monitors
role can only view items and amounts.