Configuring What Users Can See and Do

Administrators assign application roles to determine what other users can see and do in Oracle BI Cloud Service.

Getting Started with Application Roles

Administrators configure what users see and do in Oracle BI Cloud Service from the Users and Roles Console page. This page presents user information in 3 different views:

Users and Roles Page Description

Users tab

Shows users from the identity domain associated with your service.

You can’t add or remove user accounts through the Users tab but you can assign users one or more application roles in Oracle BI Cloud Service.

Roles tab

Shows roles from the identity domain associated with your service.

You can’t add or remove roles (groups of users) through the Roles tab but you can assign them to one or more application roles in Oracle BI Cloud Service.

From the Roles tab you can also see who belongs to each role.

Application Roles tab

Shows predefined application roles for Oracle BI Cloud Service together with any custom application roles you define.

From the Application Roles tab you can assign application roles to multiple users, roles, and other application roles. You can also create application roles of your own and assign privileges to them through other application roles.

Assigning Application Roles to Users

The Users page lists all the users who can sign in to Oracle BI Cloud Service. The list of names comes directly from the identity domain associated with your service. It’s the administrator’s job to assign users to appropriate application roles.

Note:

You can’t add user accounts to the identity domain through the Users page. Use My Services to manage user accounts for the identity domain.
  1. Click Console.
  2. Click Users and Roles.
  3. Click the Users tab.
  4. To show everyone, leave the Search field blank and click Show Members: All.
    To filter the list by name, enter all or part of a user name in the Search filter and press enter. The search is case-insensitive, and searches both name and display name.
  5. To see what application roles are assigned to a user:
    1. Select the user.
    2. Click the action menu and select Manage Application Roles.
    The user’s current application role assignments are displayed in the Selected Application Roles pane.

    For example, this image shows a user called Ed Ferguson assigned with the Sales Analysts application role.

  6. To assign additional application roles or remove current assignments:
    1. Show available application roles. Click Search to display all the application roles.
      Alternatively, filter the list by Name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.
      To find out what actions each application role allows, see Functionality Enabled by Application Roles.
    3. Click OK.

Assigning Application Roles to Multiple Users Through Roles

The Roles page shows you all the roles that people signing in belong to in their identity domain. The list of roles comes directly from the identity domain associated with your service. It’s often quicker to assign privileges to multiple users through their predefined identity domain roles, than it is to assign privileges to users one by one.

Note:

You can’t add roles to the identity domain through the Roles page. Use My Services to manage user accounts and roles for your identity domain.

You can assign application roles from the Roles page. You can also see who belongs to each role.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Roles tab.
  4. Look in the Members area to see who belongs to each role:
    The number of users and roles that are members are displayed on the page. Click a number, such as 1 in this image, to see the members in more detail.
  5. To display all available roles, leave the Search field blank and Show Members: All.
    To filter the list by name, enter all or part of a role name in the Search filter and press enter. The search is case-insensitive, and searches both name and display name.
    Alternatively, use the Show Members filter to list roles that are members of a particular application role or belong to another role.
  6. To see the current application roles assignments:
    1. Select the role.
    2. Click the action menu and select Manage Application Roles.
    Current application role assignments display in the Selected Application Roles pane.
  7. To assign additional application roles or remove them:
    1. Click Search to display all available application roles.
      Alternatively, enter all or part of an application role name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.
      To find out what actions each application role allows, see Functionality Enabled by Application Roles.
    3. Click OK.

Adding Members to Application Roles

Application roles determine what people are allowed to see and do in Oracle BI Cloud Service. It’s the administrator’s job to assign appropriate application roles to everyone using the service and to manage the privileges of each application role.

You can make individuals (users) and groups of users (roles) from your identity domain members of an application role. You can add other application roles as members too. See About Application Roles.

Remember:

  • Members inherit the privileges of an application role.
  • Application roles inherit privileges from their parent (application roles).

You select members for an application role or change parent privileges using the Console.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. To display all available application roles, leave the Search field blank and Show Members: All.
    To filter the list by name, enter all or part of an application role name in the Search filter and press Enter. The search is case-insensitive, and searches both name and display name.
  5. Look in the Members area to see who belongs to each application role:
    The number of users, roles, and application roles that are members displays on the page. Click a number, such as 5 in this image, to see those members in more detail (either users, roles or application roles).
  6. To add new members or remove members from an application role:
    1. Click Members.
    2. Select either users, roles, or application roles from the Type box and click Search to show the current members.
    3. Use the shuttle controls to move members between the Available and All Selected list.

      Some application roles aren't eligible to be members and these are grayed. For example, you can’t select a parent application role to be a member.

      Note:

      Users marked ‘absent’ no longer have an account in your identity domain. To remove absent users, use the shuttle control to move the user from the All selected users list to the Available users list.

    4. Click OK.
  7. To see whether an application role, such as Sales Analyst, inherits privileges from other application roles:
    1. Click the action menu.
    2. Select Manage Application Roles.

      Inherited privileges are displayed in the Selected Application Roles pane.

      In this example, the Sales Analyst application role inherits privileges from BI Content Author and BI Advanced Content Author. When you assign someone the Sales Analyst application role, you authorize them to perform actions allowed by both these application roles. See Functionality Enabled by Application Roles.

  8. To add or remove privileges:
    1. Click Search to display all available application roles.
      Alternatively, enter all or part of an application role name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.

      You can’t select application roles that are grayed out. Application roles are grayed out so you can’t create a circular membership tree.

    3. Click OK.

Adding Your Own Application Roles

Oracle BI Cloud Service provides a set of predefined application roles. You can also create application roles of your own to suit your own requirements.

For example, you can create an application role that only allows a select group of people to view specific folders or projects.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. Click Add.
  5. Enter a name and describe the application role. Click Save.
    Initially, new application roles don't have any members or privileges.
  6. Add members to the application role:
    1. Click the action menu.
    2. Select Manage Members.
    3. Select the members (users, roles or application roles) that you want assigned to this application role and move them to the Selected pane on the right.
      For example, you might want an application role that restricts access to everyone in your organization, except sales managers. To do this, move anyone who is a sales manager, to the Selected pane.
    4. Click OK.
  7. Optionally, add privileges to the new application role:
    1. Click the action menu.
    2. Select Manage Application Roles.
    3. Click Search.
    4. Move all the application roles you want this application role to inherit to the Selected Application Roles pane, and click OK.

Deleting Application Roles

You can delete application roles that you created but no longer need.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. Navigate to the application role you want to delete.
  5. Click the action menu for the application role you want to delete and select Remove.
  6. Click OK.