Oracle by Example brandingManage Security for Oracle Data Integration Platform Cloud

section 0Before You Begin

This tutorial shows you how to assign roles to different users of the Data Integration Platform Cloud Classic. This tutorial takes approximately 20 minutes to complete.

Background

The users and roles for Data Integration Platform Cloud Classic are managed through Oracle Identity Cloud. There are two types of roles associated to DIPC.

  1. Service - These roles determine what a user can do within the Data Integration Platform Cloud Classic service such as create and delete service instances
  2. Instance - These roles determine what a user can do within a specific DIPC service instance. With every Data Integration Platform Cloud Classic service instance, you get aces to applications such as Oracle Data Integrator (ODI) console, Enterprise Data Quality (EDQ) console (that comes with Governance edition) and access to WebLogic Server and Fusion Middleware console.

It's important that you assign the right roles to your users. For example, you may want a user just to access ODI and EDQ consoles while not having the options to create and delete Data Integration Platform Cloud Classic service instances. Or there may be two Data Integration Platform Cloud Classic service instances, A and B and you'd want your user to only access the applications of Data Integration Platform Cloud Classic service A and not B.

What Do You Need?

  • A Data Integration Platform Cloud Classic instance. In this tutorial, this instance is called DIPC123.
  • Administrator credentials for your Oracle account's dashboard. This user is the administrator for all Oracle Cloud Services in this identity domain. (Let's refer to him as the super admin for this tutorial.) In this tutorial, the username for this administrator is DomainAdmin.
  • A user that that's listed as a user in Identity Cloud, but has not been assigned any roles yet. In this tutorial, this user is Laleh. and will be assigned different Data Integration Platform Cloud Classic roles.

section 1Open the Identity Cloud Console

  1. Log in to Oracle Cloud as DomainAdmin.
  2. Open the navigation menu in the upper left corner, select Platform Services, and then select Identity Cloud.
    Open Oracle Cloud navigation menu
    Description of the illustration Section1_2.png
  3. In the Service Instances section, find the instance with the name identity.
  4. Ensure that the Administrator field of the identity service instance displays the administrator name that you have credentials for. (DomainAdmin for this tutorial.)
  5. Click Open Service Console.
    6. Open Service Console for Identity
    Description of the illustration Section1_6.png

section 2Find Your Data Integration Platform Cloud Classic Service Instance

  1. Click the icon in the Applications tile.
    2. Applications tile
    Description of the illustration Section2_1.png
  2. In the list of applications, find the one that is labeled with [dics]YourApplicationName. For this tutorial, it's [dics]DIPC123.
  3. Click the name of your application.
    4. Applications
    Description of the illustration Section2_3.png

section 3Assign Application Roles to Users

In this section, you'll assign a non-admin application role to the user Laleh.

  1. Click the Applications Roles tab.
    2. Applications Roles
    Description of the illustration Section3_1.png
  2. Review the roles. The following roles are created for the Data Integration Platform Cloud Classic application and you should only assign application users to these roles.
    Role in Identity Cloud Service Equivalent ODI Profile Description Is Admin?
    Administrator Profiles ending in ADMIN Service application administrator role Yes
    Developer DESIGNER
    (Use in ODI Studio for ELT designs)    		 Service application developer role No
    User OPERATOR
    (Use in ODI console for job execution and status review)    		 Service application user role No
  3. Click the action menu for the User role.
  4. Click Assign Users.
    5. Assign Users
    Description of the illustration Section3_4.png
  5. Select the checkbox for the user Laleh from the list and then click Assign.
    6. Assign
    Description of the illustration Section3_5.png
  6. Confirm that the User row displays 1 Users Assigned.
    7. Confirm 1 user assigned
    Description of the illustration Section3_6.png
  7. Click the 1 Users Assigned link and confirm that Laleh is in the list of Users Assignments.
    8. Confirm 1 user assigned
    Description of the illustration Section3_7.png
  8. Click Close.

section 4Find the Data Integrator Console URL

In this section, you'll find the URL for the Data Integrator console with your admin credentials.

  1. While still logged in as DomainAdmin, return to the Oracle Cloud Infrastructure console.
  2. In the Oracle Cloud Infrastructure console, open the navigation menu, select Platform Services, and then Data Integration Platform Classic.
  3. Click the Manage this Service menu for DIPC123 and select Data Integration Platform Cloud Console.
    4. Select DIPC Console from Service menu
    Description of the illustration Section4_5.png
  4. From the user menu, select Open ODI.
    5. Select Open ODI from User menu
    Description of the illustration Section4_7.png
  5. Copy the URL for Oracle Data Integrator (ODI) console for the next section. It will be in the following format:
    https://<your instance name plus some information>/odiconsole/

section 5Access the Data Integrator Console with Super Admin Role

  1. In the login page, select Work Repository from the Repository dropdown list and click Proceed.
  2. Click the Management Tab in the Navigation pane.
  3. Expand the Security section.
  4. Right click Users.
  5. Click Create.
  6. Click Cancel.

    7. Don't use ODI console for user and role management. (That's the legacy method.) Add users and assign roles to users through Oracle Identity Cloud Service. The final few steps are just there to demonstrate what the admin user can do within the applications available for Data Integration Platform Cloud Classic.

section 6Access the Data Integrator Console with User Role

  1. Log in to Oracle Cloud as Laleh.
  2. Open the navigation menu, select Platform Services, and then Data Integration Platform Classic.
  3. Ensure that the username displays Laleh. (You're logged in as Laleh.)
  4. Observe that the user Laleh doesn't have the list of instances such as the DIPC123 in the list of services, and the Create Service button is disabled. Therefore, Laleh with the User role can't access the Data Integrator Console from here and she doesn't have any rights at the service instance level.
  5. Sign out.
  6. Log in to the Data Integrator console with the URL (https://<your instance name plus some information>/odiconsole/) as Laleh.
  7. On the login page, select Work Repository for the Repository dropdown list and click Proceed.
  8. Observe that the left navigation pane has no Management tab that the admin user has.

    9. This is a descriptive paragraph that follows a list item.

  9. Close the Data Integrator console window.

section 7Replace User Role with Data Integration Platform Cloud Classic Service Admin Role

In this section you revoke the application level User role from Laleh and give her a service level administrator role.

  1. Log in to Oracle Cloud as DomainAdmin.
  2. Open the Identity Cloud Service console and go to the Applications tile.
  3. In the list of applications, find the DIPC123 application and click it.
  4. Click the Applications Role tab.
  5. In the action menu of the User role, click Revoke Users.
  6. Select Laleh from the list.
  7. Click Revoke.
  8. Click Applications to go back to the list of applications.
  9. Click the application called DICS. This application is the entire Data Integration Platform Cloud Classic application added to this Identity Cloud Service instance. (All the applications in your identity domain are listed here. At this moment the abbreviated service type for Data Integration Platform Cloud Classic is labeled as DICS.)
  10. Click the Applications Role tab.
  11. Click Assign Users in the action menu for DICS_ENTITLEMENT_ADMINSTRATOR role. With this role. you get administrative rights at the service level for Data Integration Platform Cloud Classic and you can manage all the service instances from the Data Integration Platform Cloud Classic console.
  12. Select Laleh and then click Assign. (Now Laleh has the administrator role for all Data Integration Platform Cloud Classic applications, but that does not include other applications such as Database Cloud Service.)
  13. Sign out.
  14. Give a few minutes for these changes to take effect.

section 8Explore the DIPC Service Level Admin Role

  1. Log in to Oracle Cloud as Laleh.
  2. Open the navigation menu. There is no link to Identity Cloud or Database Cloud Service for a user with the Data Integration Platform Cloud Classic Entitlement Administrator role. The only application that's displayed is Data Integration Classic.
  3. Log in to the ODI console as Laleh. (https://<your instance name plus some information>/odiconsole/) You don't have access to the repositories that ODI is connected to. (You're not assigned any application roles.)
    4. No valid repository found
    Description of the illustration
  4. Log in to Oracle Cloud as DomainAdmin. For Laleh to access the ODI console, she needs any of the four Data Integration Platform Cloud Classic application roles. To access to the Management tab of the ODI console, she should have the application level administrator role, so the super admin should assign this role to Laleh.)
  5. Open the Identity Cloud Sevice console.
  6. For the DIPC123 application, assign Laleh to the Service Application Administrator role.
  7. Log out as admin and log in again as Laleh.
  8. From the DIPC123 instance, access the Data Integration Platform console.
  9. From the user menu, click Open ODI.
    Open ODI Console from User menu
    Description of the illustration Section8_15.png
  10. Observe that Laleh, now can access the ODI console, and also has the management tab available to her.

more informationWant to Learn More?