Managing What Users Can See and Do

Administrators manage what other users are allowed to see and do in Oracle Data Visualization Cloud Service.

Typical Workflow for Managing What Users See and Do

Here are the common tasks to start managing what users can see and do when working with Oracle Data Visualization Cloud Service.

Task Description More Information

Understand application roles

Learn about the predefined application roles and what they allow users to do in Oracle Data Visualization Cloud Service.

About Application Roles

Assign application roles to users

Give your users access to different features by granting them application roles.

Assigning Application Roles to Users

Assign application roles to user roles

Grant access to users more quickly through roles. Give a group of users access in one go.

Assigning Application Roles to User Roles

Add members and actions to application roles

Grant access to Oracle Data Visualization Cloud Service features in a different way. Go to the application role and assign users and groups from there.

Adding Members to Application Roles

Add your own application roles

Oracle Data Visualization Cloud Service provides application roles that map directly to all the main features but you can create your own application roles that make sense to your business too.

Adding Your Own Application Roles

Getting Started with Application Roles

Administrators configure what users see and do in Oracle Data Visualization Cloud Service from the Users and Roles Console page. This page presents user information in 3 different views:

Users and Roles Page Description

Users tab

Shows users from the identity domain associated with your service.

You can’t add or remove user accounts through the Users tab but you can assign users one or more application roles in Oracle Data Visualization Cloud Service.

Roles tab

Shows roles from the identity domain associated with your service.

You can’t add or remove roles (groups of users) through the Roles tab but you can assign them to one or more application roles in Oracle Data Visualization Cloud Service.

From the Roles tab you can also see who belongs to each role.

Application Roles tab

Shows predefined application roles for Oracle Data Visualization Cloud Service together with any custom application roles you define.

From the Application Roles tab you can assign application roles to multiple users, roles, and other application roles. You can also create application roles of your own and assign privileges to them through other application roles.

About Users and Roles

Administrators manage users and roles through My Services and Oracle Data Visualization Cloud Service. Most administrators initially use My Services to set up user accounts and give people access to Oracle Data Visualization Cloud Service through roles. In the Oracle Data Visualization Cloud Service Console, administrators see all the users and roles configured through My Services, plus they can fine tune user permissions through application roles.

My Services

The identity domain controls the authentication and authorization of users who sign in to Oracle Cloud services. When Oracle Cloud services are provisioned in an identity domain, several predefined roles and user accounts are available through My Services to help you get started. You can give people access to Oracle Data Visualization Cloud Service through these predefined roles.

Predefined Roles (My Services) Description

Identity Domain Administrator

TenantAdminGroup

Users in the organization that manage users and roles for an identity domain.

DVCS_SE DVCS_ServiceEntitlementAdministrator

Users in the organization that create and delete instances of Oracle Data Visualization Cloud Service.

ServiceName.DVCS_ServiceAdministrators

Users in the organization that administer this Oracle Data Visualization Cloud Service.

ServiceName.DVCS_AdvancedContentAuthors

Users in the organization that create visualizations, explore, and load data in this Oracle Data Visualization Cloud Service.

ServiceName.DVCS_Consumers

Users in the organization that view visualizations and explore data in Oracle Data Visualization Cloud Service.

See Adding Users and Assigning Roles and Oracle Cloud User Roles and Privileges in Managing and Monitoring Oracle Cloud.

Oracle Data Visualization Cloud Service Console

From the Console, administrators can see all the users and roles provisioned for the identity domain and give them appropriate permissions through application roles.

About Application Roles

An application role comprises a set of privileges that determine what users can see and do after signing in to Oracle Data Visualization Cloud Service. It’s your job as an administrator to assign people to one or more application roles.

There are two types of application role:

Type of Application Role Description

Predefined

Include a fixed set of privileges.

User-defined

Created by administrators. Include one or more predefined application roles.

Predefined Application Roles

Oracle Data Visualization Cloud Service provides several predefined application roles to get you started. In many cases, these predefined application roles are all that you need.

Tip:

You can also create your own application roles. See Adding Your Own Application Roles.

Predefined Application Role Description Default Members

Administrator

Allows users to administer Oracle Data Visualization Cloud Service and delegate privileges to others.

Enables access to the Console where administrators can manage user permissions, back up and restore content, schedule search indexing, and perform other administrative duties.

Identity Domain Administrator

User

Allows users to create visualizations, explore, and load data in Oracle Data Visualization Cloud Service.

Users with this role can also load and manage data sets using the Oracle Data Visualization Cloud Service REST API and Data Sync.

Administrator

Viewer

Allows users to view and run visualizations in Oracle Data Visualization Cloud Service.

User

Data Loader

Not used.

 

You can’t delete predefined application roles or remove default memberships.

Application roles can have users, roles, or other application roles as members. This means that a user who is a member of one application role might indirectly be a member of other application roles.

Why Is the Administrator Application Role Important?

You need the Administrator application role to access administrative options in the Console.

There must always be at least one person in your organization with the Administrator application role. This ensures there is always someone who can delegate permissions to others. If you remove yourself from the Administrator role you’ll see a warning message. Consider adding yourself back to the this application role before you sign out. After you sign out, you won’t be allowed to manage permissions through the Console to reinstate yourself.

No Users With the Administrator Application Role?

If no one has administrative privileges, ask your identity domain administrator to add you or another user to the <serviceInstanceName>.DVCS_ServiceAdministrator role through My Services security pages. This role is a member of the Administrator application role and enables access to the user management pages in the Console.

Assigning Application Roles to Users

The Users page lists all the users who can sign in to Oracle Data Visualization Cloud Service. The list of names comes directly from the identity domain associated with your service. It’s the administrator’s job to assign users to appropriate application roles.

Note:

You can’t add user accounts to the identity domain through the Users page. Use My Services to manage user accounts for the identity domain.
  1. Click Console.
  2. Click Users and Roles.
  3. Click the Users tab.
  4. To show everyone, leave the Search field blank and click Show Members: All.
    To filter the list by name, enter all or part of a user name in the Search filter and press enter. The search is case-insensitive, and searches both name and display name.
  5. To see what application roles are assigned to a user:
    1. Select the user.
    2. Click the action menu and select Manage Application Roles.
    The user’s current application role assignments are displayed in the Selected Application Roles pane.

    For example, this image shows a user called Ed Ferguson assigned with the Sales Analysts application role.

  6. To assign additional application roles or remove current assignments:
    1. Show available application roles. Click Search to display all the application roles.
      Alternatively, filter the list by Name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.
    3. Click OK.

Assigning Application Roles to Multiple Users Through Roles

The Roles page shows you all the roles that people signing in belong to in their identity domain. The list of roles comes directly from the identity domain associated with your service. It’s often quicker to assign privileges to multiple users through their predefined identity domain roles, than it is to assign privileges to users one by one.

Note:

You can’t add roles to the identity domain through the Roles page. Use My Services to manage user accounts and roles for your identity domain.

You can assign application roles from the Roles page. You can also see who belongs to each role.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Roles tab.
  4. Look in the Members area to see who belongs to each role:
    The number of users and roles that are members are displayed on the page. Click a number, such as 1 in this image, to see the members in more detail.
  5. To display all available roles, leave the Search field blank and Show Members: All.
    To filter the list by name, enter all or part of a role name in the Search filter and press enter. The search is case-insensitive, and searches both name and display name.
    Alternatively, use the Show Members filter to list roles that are members of a particular application role or belong to another role.
  6. To see the current application roles assignments:
    1. Select the role.
    2. Click the action menu and select Manage Application Roles.
    Current application role assignments display in the Selected Application Roles pane.
  7. To assign additional application roles or remove them:
    1. Click Search to display all available application roles.
      Alternatively, enter all or part of an application role name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.
    3. Click OK.

Adding Members to Application Roles

Application roles determine what people are allowed to see and do in Oracle Data Visualization Cloud Service. It’s the administrator’s job to assign appropriate application roles to everyone using the service and to manage the privileges of each application role.

You can make individuals (users) and groups of users (roles) from your identity domain members of an application role. You can add other application roles as members too. See About Application Roles.

Remember:

  • Members inherit the privileges of an application role.
  • Application roles inherit privileges from their parent (application roles).

You select members for an application role or change parent privileges using the Console.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. To display all available application roles, leave the Search field blank and Show Members: All.
    To filter the list by name, enter all or part of an application role name in the Search filter and press Enter. The search is case-insensitive, and searches both name and display name.
  5. Look in the Members area to see who belongs to each application role:
    The number of users, roles, and application roles that are members displays on the page. Click a number, such as 5 in this image, to see those members in more detail (either users, roles or application roles).
  6. To add new members or remove members from an application role:
    1. Click Members.
    2. Select either users, roles, or application roles from the Type box and click Search to show the current members.
    3. Use the shuttle controls to move members between the Available and All Selected list.

      Some application roles aren't eligible to be members and these are grayed. For example, you can’t select a parent application role to be a member.

      Note:

      Users marked ‘absent’ no longer have an account in your identity domain. To remove absent users, use the shuttle control to move the user from the All selected users list to the Available users list.

    4. Click OK.
  7. To see whether an application role, such as Sales Analyst, inherits privileges from other application roles:
    1. Click the action menu.
    2. Select Manage Application Roles.

      Inherited privileges are displayed in the Selected Application Roles pane.

  8. To add or remove privileges:
    1. Click Search to display all available application roles.
      Alternatively, enter all or part of an application role name and click Search.
    2. Use the shuttle controls to move application roles between the Available Application Roles list and the Selected Application Roles list.

      You can’t select application roles that are grayed out. Application roles are grayed out so you can’t create a circular membership tree.

    3. Click OK.

Adding Your Own Application Roles

Oracle Data Visualization Cloud Service provides a set of predefined application roles. You can also create application roles of your own to suit your own requirements.

For example, you can create an application role that only allows a select group of people to view specific folders or projects.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. Click Add.
  5. Enter a name and describe the application role. Click Save.
    Initially, new application roles don't have any members or privileges.
  6. Add members to the application role:
    1. Click the action menu.
    2. Select Manage Members.
    3. Select the members (users, roles or application roles) that you want assigned to this application role and move them to the Selected pane on the right.
      For example, you might want an application role that restricts access to everyone in your organization, except sales managers. To do this, move anyone who is a sales manager, to the Selected pane.
    4. Click OK.
  7. Optionally, add privileges to the new application role:
    1. Click the action menu.
    2. Select Manage Application Roles.
    3. Click Search.
    4. Move all the application roles you want this application role to inherit to the Selected Application Roles pane, and click OK.

Deleting Application Roles

You can delete application roles that you created but no longer need.

  1. Click Console.
  2. Click Users and Roles.
  3. Click the Application Roles tab.
  4. Navigate to the application role you want to delete.
  5. Click the action menu for the application role you want to delete and select Remove.
  6. Click OK.