Oracle Integration Roles and Privileges

Roles define the privileges available to users and the tasks that they can perform. You can assign predefined roles to users to allow them to work with feature sets of Oracle Integration.

Oracle Integration Roles

Oracle Integration predefined roles govern access to various Oracle Integration features.

Tip:

Integration Classic only Applies only to Oracle Integration Classic (user-managed).

You can assign one or more of these predefined roles to Oracle Integration users and groups: ServiceAdministrator, ServiceDeveloper, ServiceMonitor, ServiceDeployer, ServiceUser, ServiceInvoker, and ServiceViewer. The following table lists the predefined roles available in Oracle Integration, and the general tasks that users assigned the roles can perform.

Oracle Integration Description

ServiceAdministrator

A user with the ServiceAdministrator role is a super user who can manage and administer the features provisioned in an Oracle Integration instance.

ServiceDeveloper

A user with the ServiceDeveloper role can develop the artifacts specific to the features provisioned in an Oracle Integration instance. For example, in Integrations the user can create integrations, and in Processes the user can create process applications and decision models.

ServiceMonitor

A user with the ServiceMonitor role can monitor the features provisioned in an Oracle Integration instance. For example, the user can view instances and metrics, find out response times, and track whether instance creation completed successfully or failed.

This role provides privileges for users with limited knowledge of Oracle Integration, but with high-level knowledge of monitoring it. This user role does not grant permissions to change anything.

ServiceDeployer

A user with the ServiceDeployer role can publish the artifacts developed in a feature.

This role is not applicable for the Integrations feature.

ServiceUser

A user with the ServiceUser role has privileges to utilize only the basic functionality of a feature such as access to the staged and published applications.

For example, in Integrations the user can navigate to resource pages (such as integrations and connections) and view details, but can’t edit or modify anything. The user can also run integrations and start process applications.

ServiceInvoker

A user with the ServiceInvoker role can invoke any integration flow in an Oracle Integration instance that is exposed through SOAP/REST APIs or a scheduled integration. See Run an Integration Flow. A user with ServiceInvoker role cannot:
  • Navigate to the Oracle Integration user interface or perform any administrative actions in the user interface.
  • Invoke any of the documented Oracle Integration REST APIs. See About the REST APIs.

ServiceViewer

A user with the ServiceViewer role can navigate to all Integration resource pages (for example, integrations, connections, lookups, libraries, and so on) and view details. The user cannot edit any resources or navigate to the administrative setting pages.

In Oracle Integration, when you assign a role to a user, the user is granted that role for all Oracle Integration features provisioned on an instance. For example, when you assign the ServiceDeveloper role to a user for an instance provisioned with the Integrations, Processes, and Visual Builder feature set, the user gets developer permissions on each of these features. Further, each role grants different privileges for different features to the same user. Depending on the feature the user is accessing, the user can perform different tasks. For example, a user assigned the ServiceDeveloper role can develop process applications in Processes, whereas the same user can design integrations in Integrations. Note that not all Oracle Integration predefined roles are available in all features. For example, the ServiceMonitor role is not available in Visual Builder.

Note:

Integration Classic only Applies only to Oracle Integration Classic (user-managed).

If a user is granted access to multiple service instances provisioned in the Oracle Integration environment, it is a best practice to grant the same role to the user in all the instances. For example, suppose you have provisioned Integrations and Visual Builder as two separate instances in your Oracle Integration environment. If you assign the ServiceAdministrator role to a user in the Integrations instance, then assign the same role to the user in the Visual Builder instance too.

WebLogic Server Roles for Oracle Integration

Oracle Integration is a PaaS-layered service. There are predefined roles for the PaaS layer that govern access to WebLogic Server.

Integration Classic only Applies only to Oracle Integration Classic (user-managed).

The following table lists the predefined WebLogic Server roles available for Oracle Integration.

Oracle Integration Description

Administrators

A user with the Administrators role can:

  • View the server configuration, including the encrypted value of some encrypted attributes

  • Modify the entire server configuration

  • Deploy Enterprise Applications and Web application, EJB, Java EE Connector, and Web Service modules

  • Start, resume, and stop servers

Deployers

A user with the Deployers role can:

  • View the server configuration, including some encrypted attributes related to deployment activities

  • Change startup and shutdown classes, Web applications, JDBC data pool connections, EJB, Java EE Connector, Web Service, and WebLogic Tuxedo Connector components. If applicable, edit deployment descriptors.

  • Access deployment operations in the Java EE Deployment Implementation (JSR-88)

Monitors

A user with the Monitors role can:

  • View the server configuration, except for encrypted attributes

  • Get read-only access to WebLogic Server Administration Console, WLST, and MBean APIs

Operators

A user with the Operators role can:

  • View the server configuration, except for encrypted attributes

  • Start, resume, and stop servers

What Users Can Do in the Navigation Pane by Role

The following table lists the options in the Integration navigation pane and indicates which options you can access based on your assigned role.

Option Service Administrator Service Developer Service Deployer Service Monitor Service User Service Invoker Service Viewer

Welcome

Yes

Yes

Yes

Yes

Yes

No Yes

Home

Yes

Yes

Yes

Yes

Yes

No Yes

My Tasks

Yes

Yes

Yes

Yes

Yes

No Yes

Processes

Yes

Yes

Yes

No

No

No No

Integrations

Yes

Yes

No

Can’t use any Monitoring, Designer, or Settings options. Note: User can click Integrations, but receives a “not authorized” message.

Yes

Can use all Monitoring options. Can’t use any Designer or Settings options.

Yes

Can use all Monitoring and Designer options. Can’t use any Settings options.

No Yes

Visual Builder

Yes

Yes

Yes

No

No

No No

Settings

Yes

No

No

No

No

No No

What Users Can Do on the Home Page by Role

The following table lists the tiles, sections, and buttons on the Oracle Integration Home page and indicates what you can access based on your assigned role.

Home Page Element Service Administrator Service Developer Service Deployer Service Monitor Service User

My Tasks

Yes

Yes

Yes

Yes

Yes

Integrations

Yes

Yes

No

Yes

No

Connections

Yes

Yes

No

Yes

No

Visual Applications

Yes

Yes

Yes

No

No

Recents

Yes

Yes

Yes

No

No

Actions

Yes

Yes

Yes

Yes

Yes

Processes: Create Applications

Yes

Yes

Yes

No

No

Processes: Use Quickstart

Yes

Yes

Yes

No

No

Integrations: Create Connections

Yes

Yes

No

No

No

Integrations: Create Integrations

Yes

Yes

No

No

No

Monitor Current Tasks

Yes

Yes

Yes

No

No

Monitor Process Health: Tracking

Yes

Yes

Yes

No

No

Monitor Process Health: Dashboard

Yes

No

No

No

No

Monitor Integrations Health

Yes

Yes

No

Yes

No

What Users Can Do in the Monitoring Section by Role

The following tables list Oracle Integration predefined roles available in the Monitoring section, and the tasks users granted those roles can perform.

Usage Metrics

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

Yes

No

No

No

Export

Yes

No

Yes

No

No

No

Integrations > Dashboards

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View Activity Stream

Yes

Yes

Yes

Yes

No

Yes

View Design-time Audit

Yes

Yes

Yes

Yes

No

Yes

Download Diagnostic Logs

Note: Not available in Oracle Integration Generation 2

Yes

Yes

Yes

Yes

No

Yes

Download Incident Logs

Note: Not available in Oracle Integration Generation 2

Yes

Yes

Yes

Yes

No

Yes

View Runtime Health

Yes

Yes

Yes

Yes

No

Yes

View System Health

Yes

Yes

Yes

Yes

No

Yes

View Agent Health

Yes

Yes

Yes

Yes

No

Yes

View Integrations

Yes

Yes

Yes

Yes

No

Yes

View Scheduling

Yes

Yes

Yes

Yes

No

Yes

View Design-time Metrics

Yes

Yes

Yes

Yes

No

Yes

View the Hourly / Daily History

Yes

Yes

Yes

Yes

No

Yes

Integrations > Integrations

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

Yes

Yes

Yes

No

Yes

Integrations > Agents

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

Yes

Yes

Yes

No

Yes

Integrations > Tracking

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View Details

Yes

Yes

Yes

Yes

No

Yes

Asserter Recordings

Yes

Yes

Yes

No

No

Yes

View Business Identifiers

Yes

Yes

Yes

Yes

No

Yes

View Activity Stream

Yes

Yes

Yes

Yes

No

Yes

Download Activity Stream

Yes

Yes

Yes

Yes

No

Yes

Integrations > Errors

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

Yes

Yes

Yes

No

Yes

Abort

Yes

Yes

Yes

Yes

No

No

Resubmit

Yes

Yes

No

Yes

No

No

What Users Can Do in the Settings Section by Role

The following tables list Oracle Integration predefined roles available in the Settings section, and the tasks users granted those roles can perform.

Import/Export

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

Import

Yes

No

No

No

No

No

Export

Yes

No

No

No

No

No

Download Detailed Report

Yes

No

No

No

No

No

View

Yes

No

No

No

No

No

Storage

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Reset

Yes

No

No

No

No

No

Certificates

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Upload

Yes

No

No

No

No

No

Update

Yes

No

No

No

No

No

Delete

Yes

No

No

No

No

No

Integrations > Notifications

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Revert

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Send Now

Yes

No

No

No

No

No

Reset All Notifications

Yes

No

No

No

No

No

Integrations > Database

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Revert

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Purge Now

Yes

No

No

No

No

No

Configure database space

Yes

No

No

No

No

No

Configure Nightly Purge

Yes

No

No

No

No

No

Configure Auto Purge

Yes

No

No

No

No

No

Integrations > Recommendations

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Contribute integration mappings to Oracle Recommends

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Integrations > API Management

Table 2-1 API Platform

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Revert

Yes

No

No

No

No

No

Create Connectivity with API CS

Yes

No

No

No

No

No

Integrations > Tracing

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Revert

Yes

No

No

No

No

No

Include payload

Yes

No

No

No

No

No

Integrations > Schedule

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

Save

Yes

No

No

No

No

No

Integrations > Logging (Not Available in Oracle Integration Generation 2)

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceInvoker ServiceViewer

View

Yes

No

No

No

No

No

Save

Yes

No

No

No

No

No

Revert

Yes

No

No

No

No

No

Download Logs

Yes

No

No

No

No

No

What Users Can Do in Processes by Role

The following table lists the Oracle Integration predefined roles available in Processes, and the tasks users granted those roles can perform. Note that in Processes, the ServiceMonitor role and the ServiceUser role have the same privileges. In addition to these predefined roles, there is a set of roles defined for each process application. Service administrators are responsible for assigning process-specific roles to users.

Option Actions Service Administrator Service Developer Service Deployer ServiceMonitor and ServiceUser

My Tasks

Access Workspace (runtime), initiate requests (start applications), work on your assigned tasks, and track the status of processes

Yes

Yes

Yes

Yes

My Tasks

Monitor dashboards

Yes

Yes

Yes

Yes

Applications

Perform all actions to develop and manage process applications and their components, except restrictions on activating

Yes

Yes

Yes

No

Applications

Activate process applications to a test partition

Yes

Yes

Yes

No

Applications

Activate process applications to a production partition

Yes

No

No

No

Spaces

View your spaces and the spaces shared with you, and create, edit, share, and delete your spaces

Yes

Yes

Yes

No

Spaces

Administer any space (check status, control permissions, and delete)

Yes

No

No

No

Management

Manage process applications (activate to production partition, retire, deactivate, shut down, and manage web services)

Yes

No

No

No

Administration (runtime)

Configure connections to other services, configure process runtime and logger settings, schedule archive and purge, configure UI custom settings, assign and manage roles specific to process applications, manage credentials and certificates, and view notification logs

Yes

No

No

No

Settings (design-time)

Administer any space (check status, control permissions, delete), administer any process application (delete, unlock), delete QuickStart Apps from the gallery, enable the application player, and use the Import utility

Yes

No

No

No

What Users Can Do in Visual Builder by Role

The following table lists Oracle Integration predefined roles available in Visual Builder, and the tasks that users granted those roles can perform.

Oracle Integration Role Tasks Users Can Perform in Visual Builder

ServiceAdministrator

A user with the ServiceAdministrator role can:

  • Use the visual design tool

  • Create, manage, and change the owners of applications

  • Create associations with other services

  • Configure security options for applications in an instance

  • Specify error messages for Access Denied pages

ServiceDeveloper

A user with the ServiceDeveloper role can:

  • Use the visual design tool

  • Create, manage, secure, and publish web and mobile applications

  • Design pages, work with business objects, build and test applications

ServiceMonitor The ServiceMonitor role is not applicable in Visual Builder.
ServiceDeployer The ServiceDeployer role is not applicable in Visual Builder.

ServiceUser

A user with the role of ServiceUser can only access staged and published applications. The default permission is enforced only when the service administrator adjusts security settings for the entire service instance to restrict all access to runtime applications to the users granted the ServiceUser role.

What Users Can Do in B2B for Oracle Integration by Role

The following table lists Oracle Integration predefined roles available in B2B for Oracle Integration and the tasks that users granted those roles can perform.

Note:

The following roles do not have any privileges in B2B for Oracle Integration:
  • ServiceDeployer
  • ServiceEndUser
  • ServiceInvoker

The list of tasks that different user roles can perform on B2B integrations (integrations using the B2B action) are the same as the tasks they can perform on other integrations. See What Users Can Do in the Integrations Design Section by Role.

Action Service Administrator ServiceDeveloper ServiceMonitor ServiceUser ServiceViewer

View B2B Documents

Yes

Yes

No

No

No

Create or Modify B2B Documents

Yes

Yes

No

No

No

View B2B Schemas

Yes

Yes

No

No

No

Create or Modify B2B Schemas

Yes

Yes

No

No

No

Generate Implementation Guide

Yes

Yes

No

No

No