Oracle Integration Roles and Privileges
Roles define the privileges available to users and the tasks that they can perform. You can assign predefined roles to users to allow them to work with feature sets of Oracle Integration.
-
WebLogic Server Roles for Oracle Integration (applies only to Oracle Integration Classic (user-managed)
-
What Users Can Do in the Integrations Design Section by Role
- What Users Can Do in B2B for Oracle Integration by Role
Oracle Integration Roles
Oracle Integration predefined roles govern access to various Oracle Integration features.
Tip:
Applies only to Oracle Integration Classic (user-managed).
- For Oracle Integration Generation 2, see Oracle Integration Roles and Privileges in Provisioning and Administering Oracle Integration Generation 2.
- For Oracle Integration 3, see Oracle Integration Roles and Privileges in Provisioning and Administering Oracle Integration Generation 3.
You can assign one or more of these predefined roles to Oracle Integration users and groups: ServiceAdministrator, ServiceDeveloper, ServiceMonitor, ServiceDeployer, ServiceUser, ServiceInvoker, and ServiceViewer. The following table lists the predefined roles available in Oracle Integration, and the general tasks that users assigned the roles can perform.
Oracle Integration | Description |
---|---|
ServiceAdministrator |
A user with the ServiceAdministrator role is a super user who can manage and administer the features provisioned in an Oracle Integration instance. |
ServiceDeveloper |
A user with the ServiceDeveloper role can develop the artifacts specific to the features provisioned in an Oracle Integration instance. For example, in Integrations the user can create integrations, and in Processes the user can create process applications and decision models. |
ServiceMonitor |
A user with the ServiceMonitor role can monitor the features provisioned in an Oracle Integration instance. For example, the user can view instances and metrics, find out response times, and track whether instance creation completed successfully or failed. This role provides privileges for users with limited knowledge of Oracle Integration, but with high-level knowledge of monitoring it. This user role does not grant permissions to change anything. |
ServiceDeployer |
A user with the ServiceDeployer role can publish the artifacts developed in a feature. This role is not applicable for the Integrations feature. |
ServiceUser |
A user with the ServiceUser role has privileges to utilize only the basic functionality of a feature such as access to the staged and published applications. For example, in Integrations the user can navigate to resource pages (such as integrations and connections) and view details, but can’t edit or modify anything. The user can also run integrations and start process applications. |
ServiceInvoker |
A user with the ServiceInvoker role can invoke any integration flow in an Oracle Integration instance that is exposed through SOAP/REST APIs or a scheduled integration. See Run an Integration Flow. A user with ServiceInvoker role cannot:
|
ServiceViewer |
A user with the ServiceViewer role can navigate to all Integration resource pages (for example, integrations, connections, lookups, libraries, and so on) and view details. The user cannot edit any resources or navigate to the administrative setting pages. |
Note:
Applies only to Oracle Integration Classic (user-managed).
If a user is granted access to multiple service instances provisioned in the Oracle Integration environment, it is a best practice to grant the same role to the user in all the instances. For example, suppose you have provisioned Integrations and Visual Builder as two separate instances in your Oracle Integration environment. If you assign the ServiceAdministrator role to a user in the Integrations instance, then assign the same role to the user in the Visual Builder instance too.
WebLogic Server Roles for Oracle Integration
Oracle Integration is a PaaS-layered service. There are predefined roles for the PaaS layer that govern access to WebLogic Server.
Applies only to Oracle Integration Classic (user-managed).
The following table lists the predefined WebLogic Server roles available for Oracle Integration.
Oracle Integration | Description |
---|---|
Administrators |
A user with the Administrators role can:
|
Deployers |
A user with the Deployers role can:
|
Monitors |
A user with the Monitors role can:
|
Operators |
A user with the Operators role can:
|
What Users Can Do in the Navigation Pane by Role
The following table lists the options in the Integration navigation pane and indicates which options you can access based on your assigned role.
Option | Service Administrator | Service Developer | Service Deployer | Service Monitor | Service User | Service Invoker | Service Viewer |
---|---|---|---|---|---|---|---|
Welcome |
Yes |
Yes |
Yes |
Yes |
Yes |
No | Yes |
Home |
Yes |
Yes |
Yes |
Yes |
Yes |
No | Yes |
My Tasks |
Yes |
Yes |
Yes |
Yes |
Yes |
No | Yes |
Processes |
Yes |
Yes |
Yes |
No |
No |
No | No |
Integrations |
Yes |
Yes |
No Can’t use any Monitoring, Designer, or Settings options. Note: User can click Integrations, but receives a “not authorized” message. |
Yes Can use all Monitoring options. Can’t use any Designer or Settings options. |
Yes Can use all Monitoring and Designer options. Can’t use any Settings options. |
No | Yes |
Visual Builder |
Yes |
Yes |
Yes |
No |
No |
No | No |
Settings |
Yes |
No |
No |
No |
No |
No | No |
What Users Can Do on the Home Page by Role
The following table lists the tiles, sections, and buttons on the Oracle Integration Home page and indicates what you can access based on your assigned role.
Home Page Element | Service Administrator | Service Developer | Service Deployer | Service Monitor | Service User |
---|---|---|---|---|---|
My Tasks |
Yes |
Yes |
Yes |
Yes |
Yes |
Integrations |
Yes |
Yes |
No |
Yes |
No |
Connections |
Yes |
Yes |
No |
Yes |
No |
Visual Applications |
Yes |
Yes |
Yes |
No |
No |
Recents |
Yes |
Yes |
Yes |
No |
No |
Actions |
Yes |
Yes |
Yes |
Yes |
Yes |
Processes: Create Applications |
Yes |
Yes |
Yes |
No |
No |
Processes: Use Quickstart |
Yes |
Yes |
Yes |
No |
No |
Integrations: Create Connections |
Yes |
Yes |
No |
No |
No |
Integrations: Create Integrations |
Yes |
Yes |
No |
No |
No |
Monitor Current Tasks |
Yes |
Yes |
Yes |
No |
No |
Monitor Process Health: Tracking |
Yes |
Yes |
Yes |
No |
No |
Monitor Process Health: Dashboard |
Yes |
No |
No |
No |
No |
Monitor Integrations Health |
Yes |
Yes |
No |
Yes |
No |
What Users Can Do in the Monitoring Section by Role
The following tables list Oracle Integration predefined roles available in the Monitoring section, and the tasks users granted those roles can perform.
Usage Metrics
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
Yes |
No |
No |
No |
Export |
Yes |
No |
Yes |
No |
No |
No |
Integrations > Dashboards
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View Activity Stream |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Design-time Audit |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Download Diagnostic Logs Note: Not available in Oracle Integration Generation 2 |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Download Incident Logs Note: Not available in Oracle Integration Generation 2 |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Runtime Health |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View System Health |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Agent Health |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Integrations |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Scheduling |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Design-time Metrics |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View the Hourly / Daily History |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Integrations > Integrations
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Integrations > Agents
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Integrations > Tracking
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View Details |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Asserter Recordings |
Yes |
Yes |
Yes |
No |
No |
Yes |
View Business Identifiers |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
View Activity Stream |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Download Activity Stream |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Integrations > Errors
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Abort |
Yes |
Yes |
Yes |
Yes |
No |
No |
Resubmit |
Yes |
Yes |
No |
Yes |
No |
No |
What Users Can Do in the Settings Section by Role
The following tables list Oracle Integration predefined roles available in the Settings section, and the tasks users granted those roles can perform.
- Integrations > Schedule
-
Integrations > Log Levels (Not Available in Oracle Integration Generation 2)
Import/Export
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
Import |
Yes |
No |
No |
No |
No |
No |
Export |
Yes |
No |
No |
No |
No |
No |
Download Detailed Report |
Yes |
No |
No |
No |
No |
No |
View |
Yes |
No |
No |
No |
No |
No |
Storage
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Reset |
Yes |
No |
No |
No |
No |
No |
Certificates
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Upload |
Yes |
No |
No |
No |
No |
No |
Update |
Yes |
No |
No |
No |
No |
No |
Delete |
Yes |
No |
No |
No |
No |
No |
Integrations > Notifications
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Revert |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Send Now |
Yes |
No |
No |
No |
No |
No |
Reset All Notifications |
Yes |
No |
No |
No |
No |
No |
Integrations > Database
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Revert |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Purge Now |
Yes |
No |
No |
No |
No |
No |
Configure database space |
Yes |
No |
No |
No |
No |
No |
Configure Nightly Purge |
Yes |
No |
No |
No |
No |
No |
Configure Auto Purge |
Yes |
No |
No |
No |
No |
No |
Integrations > Recommendations
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Contribute integration mappings to Oracle Recommends |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Integrations > API Management
Table 2-1 API Platform
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Revert |
Yes |
No |
No |
No |
No |
No |
Create Connectivity with API CS |
Yes |
No |
No |
No |
No |
No |
Integrations > Tracing
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Revert |
Yes |
No |
No |
No |
No |
No |
Include payload |
Yes |
No |
No |
No |
No |
No |
Integrations > Schedule
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
Save |
Yes |
No |
No |
No |
No |
No |
Integrations > Logging (Not Available in Oracle Integration Generation 2)
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceInvoker | ServiceViewer |
---|---|---|---|---|---|---|
View |
Yes |
No |
No |
No |
No |
No |
Save |
Yes |
No |
No |
No |
No |
No |
Revert |
Yes |
No |
No |
No |
No |
No |
Download Logs |
Yes |
No |
No |
No |
No |
No |
What Users Can Do in Processes by Role
The following table lists the Oracle Integration predefined roles available in Processes, and the tasks users granted those roles can perform. Note that in Processes, the ServiceMonitor role and the ServiceUser role have the same privileges. In addition to these predefined roles, there is a set of roles defined for each process application. Service administrators are responsible for assigning process-specific roles to users.
Option | Actions | Service Administrator | Service Developer | Service Deployer | ServiceMonitor and ServiceUser |
---|---|---|---|---|---|
My Tasks |
Access Workspace (runtime), initiate requests (start applications), work on your assigned tasks, and track the status of processes |
Yes |
Yes |
Yes |
Yes |
My Tasks |
Monitor dashboards |
Yes |
Yes |
Yes |
Yes |
Applications |
Perform all actions to develop and manage process applications and their components, except restrictions on activating |
Yes |
Yes |
Yes |
No |
Applications |
Activate process applications to a test partition |
Yes |
Yes |
Yes |
No |
Applications |
Activate process applications to a production partition |
Yes |
No |
No |
No |
Spaces |
View your spaces and the spaces shared with you, and create, edit, share, and delete your spaces |
Yes |
Yes |
Yes |
No |
Spaces |
Administer any space (check status, control permissions, and delete) |
Yes |
No |
No |
No |
Management |
Manage process applications (activate to production partition, retire, deactivate, shut down, and manage web services) |
Yes |
No |
No |
No |
Administration (runtime) |
Configure connections to other services, configure process runtime and logger settings, schedule archive and purge, configure UI custom settings, assign and manage roles specific to process applications, manage credentials and certificates, and view notification logs |
Yes |
No |
No |
No |
Settings (design-time) |
Administer any space (check status, control permissions, delete), administer any process application (delete, unlock), delete QuickStart Apps from the gallery, enable the application player, and use the Import utility |
Yes |
No |
No |
No |
What Users Can Do in Visual Builder by Role
The following table lists Oracle Integration predefined roles available in Visual Builder, and the tasks that users granted those roles can perform.
Oracle Integration Role | Tasks Users Can Perform in Visual Builder |
---|---|
ServiceAdministrator |
A user with the ServiceAdministrator role can:
|
ServiceDeveloper |
A user with the ServiceDeveloper role can:
|
ServiceMonitor | The ServiceMonitor role is not applicable in Visual Builder. |
ServiceDeployer | The ServiceDeployer role is not applicable in Visual Builder. |
ServiceUser |
A user with the role of ServiceUser can only access staged and published applications. The default permission is enforced only when the service administrator adjusts security settings for the entire service instance to restrict all access to runtime applications to the users granted the ServiceUser role. |
What Users Can Do in B2B for Oracle Integration by Role
The following table lists Oracle Integration predefined roles available in B2B for Oracle Integration and the tasks that users granted those roles can perform.
Note:
The following roles do not have any privileges in B2B for Oracle Integration:- ServiceDeployer
- ServiceEndUser
- ServiceInvoker
The list of tasks that different user roles can perform on B2B integrations (integrations using the B2B action) are the same as the tasks they can perform on other integrations. See What Users Can Do in the Integrations Design Section by Role.
Action | Service Administrator | ServiceDeveloper | ServiceMonitor | ServiceUser | ServiceViewer |
---|---|---|---|---|---|
View B2B Documents |
Yes |
Yes |
No |
No |
No |
Create or Modify B2B Documents |
Yes |
Yes |
No |
No |
No |
View B2B Schemas |
Yes |
Yes |
No |
No |
No |
Create or Modify B2B Schemas |
Yes |
Yes |
No |
No |
No |
Generate Implementation Guide |
Yes |
Yes |
No |
No |
No |