Delegate Creation of OCM Instances to Other Users

To delegate creation of Oracle Content Management instances to users other than the primary account administrator, the primary account administrator must add the users to the Administrators group or add the user to a group with the proper permissions.

Use one of the following methods to delegate users:

• Add Users to the Administrators Group
• Add Users to a New Administrative Group

What to Do Next

After delegating users, perform any other necessary advanced pre-deployment tasks or skip right to creating your instance:

• Create your instance in a secondary domain to accommodate different identity and security requirements (for example, one instance for development and one for production).
• Create your instance in another region to use services available in other data centers.
• Create a private instance to ensure access is limited to internal networks and that end users have the best and most reliable connection possible.
• Create your Oracle Content Management instance in the compartment you created.

Add Users to the Administrators Group

To delegate creation of Oracle Content Management instances to users other than the primary account administrator, the primary account administrator can add the users to the Administrators group. The Administrators group is created automatically when you have an Oracle Cloud account running on Oracle Cloud Infrastructure (OCI).

1. Navigate to the Domains page:
   • If you're already in the Identity & Security area of the Oracle Cloud Console, in the navigation menu on the left, click Domains.
   • If you're not already in the Oracle Cloud Console:
     1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
     2. In the Oracle Cloud Console, click , click Identity & Security, then, under Identity, click Domains.
2. Open the identity domain you're using for Oracle Content Management.
3. In the navigation menu on the left, click Groups.
4. Open the administrators group (Administrators or Domain_Administrators).
5. Click the Users tab.
6. Click Assign user to groups.
7. Select the users you want to delegate to, and then click Add.

Users you added to the Administrators group can now create Oracle Content Management instances.

Add Users to a New Administrative Group

To delegate creation of Oracle Content Management instances to users without adding them to the Administrators group, the primary account administrator must create a new group and add users to it, then give the group the proper permissions.

1. Create a group of users you want to delegate to.
   1. Navigate to the Domains page:
      • If you're already in the Identity & Security area of the Oracle Cloud Console, in the navigation menu on the left, click Domains.
      • If you're not already in the Oracle Cloud Console:
        1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
        2. In the Oracle Cloud Console, click , click Identity & Security, then, under Identity, click Domains.
   2. Open the identity domain you're using for Oracle Content Management.
   3. In the navigation menu on the left, click Groups.
   4. To create a group, click Create group.
   5. Enter a name and description for the group that makes clear to others what the group is used for.
   6. Select the users you want to add to the group.
   7. Click Create.
2. Create a policy to allow the group to manage Oracle Content Management instances.
   1. In the Identity & Security area, under Identity, click Policies.
   2. Click Create Policy.
   3. Enter a name and description.
   4. Next to Policy Builder, click Show manual editor.
   5. In the box, enter the following statement, replacing IdentityDomainName/GroupName with the name of your identity domain and the group you created, and replacing CompartmentName with the name of the compartment you created for Oracle Content Management:

      Allow group IdentityDomainName/GroupName to manage oce-instance-family in CompartmentName

   6. Click Create.
3. If your delegated users aren't administrators, you must also create the OCE_Internal_Storage_Policy, which allows Oracle Content Management to access object storage. Normally this policy is created automatically as part of instance creation, but non-administrators aren't allowed to create policies, so this background process will fail, leaving Oracle Content Management without access to object storage unless you create the policy manually.
   1. On the Policies page, click Create Policy.
   2. Enter OCE_Internal_Storage_Policy as the name, and enter a description.
   3. Next to Policy Builder, click Show manual editor.
   4. In the box, enter the following statement, replacing CompartmentName with the name of the compartment you created for Oracle Content Management:

      Allow service CEC to manage object-family in compartment CompartmentName

   5. Click Create.