Oracle Integration Roles and Privileges

Roles define the privileges available to users and the tasks that they can perform. You can assign predefined roles to users to allow them to work with feature sets of Oracle Integration.

• Oracle Integration Roles

• WebLogic Server Roles for Oracle Integration (applies only to Oracle Integration Classic (user-managed)

• What Users Can Do in the Navigation Pane by Role

• What Users Can Do on the Home Page by Role

• What Users Can Do in the Integrations Design Section by Role

• What Users Can Do in the Monitoring Section by Role

• What Users Can Do in the Settings Section by Role

• What Users Can Do in Processes by Role

• What Users Can Do in Visual Builder by Role

• What Users Can Do in B2B for Oracle Integration by Role

Oracle Integration Roles

Oracle Integration predefined roles govern access to various Oracle Integration features.

Tip:

Applies only to Oracle Integration Classic (user-managed).

• For Oracle Integration Generation 2, see Oracle Integration Roles and Privileges in Provisioning and Administering Oracle Integration Generation 2.
• For Oracle Integration 3, see Oracle Integration Roles and Privileges in Provisioning and Administering Oracle Integration Generation 3.

You can assign one or more of these predefined roles to Oracle Integration users and groups: ServiceAdministrator, ServiceDeveloper, ServiceMonitor, ServiceDeployer, ServiceUser, ServiceInvoker, and ServiceViewer. The following table lists the predefined roles available in Oracle Integration, and the general tasks that users assigned the roles can perform.

Oracle Integration	Description
ServiceAdministrator	A user with the ServiceAdministrator role is a super user who can manage and administer the features provisioned in an Oracle Integration instance.
ServiceDeveloper	A user with the ServiceDeveloper role can develop the artifacts specific to the features provisioned in an Oracle Integration instance. For example, in Integrations the user can create integrations, and in Processes the user can create process applications and decision models.
ServiceMonitor	A user with the ServiceMonitor role can monitor the features provisioned in an Oracle Integration instance. For example, the user can view instances and metrics, find out response times, and track whether instance creation completed successfully or failed. This role provides privileges for users with limited knowledge of Oracle Integration, but with high-level knowledge of monitoring it. This user role does not grant permissions to change anything.
ServiceDeployer	A user with the ServiceDeployer role can publish the artifacts developed in a feature. This role is not applicable for the Integrations feature.
ServiceUser	A user with the ServiceUser role has privileges to utilize only the basic functionality of a feature such as access to the staged and published applications. For example, in Integrations the user can navigate to resource pages (such as integrations and connections) and view details, but can’t edit or modify anything. The user can also run integrations and start process applications.
ServiceInvoker	A user with the ServiceInvoker role can invoke any integration flow in an Oracle Integration instance that is exposed through SOAP/REST APIs or a scheduled integration. See Run an Integration Flow. A user with ServiceInvoker role cannot: Navigate to the Oracle Integration user interface or perform any administrative actions in the user interface. Invoke any of the documented Oracle Integration REST APIs. See About the REST APIs.
ServiceViewer	A user with the ServiceViewer role can navigate to all Integration resource pages (for example, integrations, connections, lookups, libraries, and so on) and view details. The user cannot edit any resources or navigate to the administrative setting pages.

In Oracle Integration, when you assign a role to a user, the user is granted that role for all Oracle Integration features provisioned on an instance. For example, when you assign the ServiceDeveloper role to a user for an instance provisioned with the Integrations, Processes, and Visual Builder feature set, the user gets developer permissions on each of these features. Further, each role grants different privileges for different features to the same user. Depending on the feature the user is accessing, the user can perform different tasks. For example, a user assigned the ServiceDeveloper role can develop process applications in Processes, whereas the same user can design integrations in Integrations. Note that not all Oracle Integration predefined roles are available in all features. For example, the ServiceMonitor role is not available in Visual Builder.

Note:

Applies only to Oracle Integration Classic (user-managed).

If a user is granted access to multiple service instances provisioned in the Oracle Integration environment, it is a best practice to grant the same role to the user in all the instances. For example, suppose you have provisioned Integrations and Visual Builder as two separate instances in your Oracle Integration environment. If you assign the ServiceAdministrator role to a user in the Integrations instance, then assign the same role to the user in the Visual Builder instance too.

WebLogic Server Roles for Oracle Integration

Oracle Integration is a PaaS-layered service. There are predefined roles for the PaaS layer that govern access to WebLogic Server.

Applies only to Oracle Integration Classic (user-managed).

The following table lists the predefined WebLogic Server roles available for Oracle Integration.

Oracle Integration	Description
Administrators	A user with the Administrators role can: View the server configuration, including the encrypted value of some encrypted attributes Modify the entire server configuration Deploy Enterprise Applications and Web application, EJB, Java EE Connector, and Web Service modules Start, resume, and stop servers
Deployers	A user with the Deployers role can: View the server configuration, including some encrypted attributes related to deployment activities Change startup and shutdown classes, Web applications, JDBC data pool connections, EJB, Java EE Connector, Web Service, and WebLogic Tuxedo Connector components. If applicable, edit deployment descriptors. Access deployment operations in the Java EE Deployment Implementation (JSR-88)
Monitors	A user with the Monitors role can: View the server configuration, except for encrypted attributes Get read-only access to WebLogic Server Administration Console, WLST, and MBean APIs
Operators	A user with the Operators role can: View the server configuration, except for encrypted attributes Start, resume, and stop servers

What Users Can Do in the Navigation Pane by Role

The following table lists the options in the Integration navigation pane and indicates which options you can access based on your assigned role.

Option	Service Administrator	Service Developer	Service Deployer	Service Monitor	Service User	Service Invoker	Service Viewer
Welcome	Yes	Yes	Yes	Yes	Yes	No	Yes
Home	Yes	Yes	Yes	Yes	Yes	No	Yes
My Tasks	Yes	Yes	Yes	Yes	Yes	No	Yes
Processes	Yes	Yes	Yes	No	No	No	No
Integrations	Yes	Yes	No Can’t use any Monitoring, Designer, or Settings options. Note: User can click Integrations, but receives a “not authorized” message.	Yes Can use all Monitoring options. Can’t use any Designer or Settings options.	Yes Can use all Monitoring and Designer options. Can’t use any Settings options.	No	Yes
Visual Builder	Yes	Yes	Yes	No	No	No	No
Settings	Yes	No	No	No	No	No	No

What Users Can Do on the Home Page by Role

The following table lists the tiles, sections, and buttons on the Oracle Integration Home page and indicates what you can access based on your assigned role.

Home Page Element	Service Administrator	Service Developer	Service Deployer	Service Monitor	Service User
My Tasks	Yes	Yes	Yes	Yes	Yes
Integrations	Yes	Yes	No	Yes	No
Connections	Yes	Yes	No	Yes	No
Visual Applications	Yes	Yes	Yes	No	No
Recents	Yes	Yes	Yes	No	No
Actions	Yes	Yes	Yes	Yes	Yes
Processes: Create Applications	Yes	Yes	Yes	No	No
Processes: Use Quickstart	Yes	Yes	Yes	No	No
Integrations: Create Connections	Yes	Yes	No	No	No
Integrations: Create Integrations	Yes	Yes	No	No	No
Monitor Current Tasks	Yes	Yes	Yes	No	No
Monitor Process Health: Tracking	Yes	Yes	Yes	No	No
Monitor Process Health: Dashboard	Yes	No	No	No	No
Monitor Integrations Health	Yes	Yes	No	Yes	No

What Users Can Do in the Monitoring Section by Role

The following tables list Oracle Integration predefined roles available in the Monitoring section, and the tasks users granted those roles can perform.

• Usage Metrics

• Integrations > Dashboards

• Integrations > Integrations

• Integrations > Agents

• Integrations > Tracking

• Integrations > Errors

Usage Metrics

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	Yes	No	No	No
Export	Yes	No	Yes	No	No	No

Integrations > Dashboards

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View Activity Stream	Yes	Yes	Yes	Yes	No	Yes
View Design-time Audit	Yes	Yes	Yes	Yes	No	Yes
Download Diagnostic Logs Note: Not available in Oracle Integration Generation 2	Yes	Yes	Yes	Yes	No	Yes
Download Incident Logs Note: Not available in Oracle Integration Generation 2	Yes	Yes	Yes	Yes	No	Yes
View Runtime Health	Yes	Yes	Yes	Yes	No	Yes
View System Health	Yes	Yes	Yes	Yes	No	Yes
View Agent Health	Yes	Yes	Yes	Yes	No	Yes
View Integrations	Yes	Yes	Yes	Yes	No	Yes
View Scheduling	Yes	Yes	Yes	Yes	No	Yes
View Design-time Metrics	Yes	Yes	Yes	Yes	No	Yes
View the Hourly / Daily History	Yes	Yes	Yes	Yes	No	Yes

Integrations > Integrations

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	Yes	Yes	Yes	No	Yes

Integrations > Agents

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	Yes	Yes	Yes	No	Yes

Integrations > Tracking

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View Details	Yes	Yes	Yes	Yes	No	Yes
Asserter Recordings	Yes	Yes	Yes	No	No	Yes
View Business Identifiers	Yes	Yes	Yes	Yes	No	Yes
View Activity Stream	Yes	Yes	Yes	Yes	No	Yes
Download Activity Stream	Yes	Yes	Yes	Yes	No	Yes

Integrations > Errors

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	Yes	Yes	Yes	No	Yes
Abort	Yes	Yes	Yes	Yes	No	No
Resubmit	Yes	Yes	No	Yes	No	No

What Users Can Do in the Settings Section by Role

The following tables list Oracle Integration predefined roles available in the Settings section, and the tasks users granted those roles can perform.

• Import/Export

• Storage

• Certificates

• Integrations > Notifications

• Integrations > Database

• Integrations > Recommendations

• Integrations > API Management

• Integrations > Tracing

• Integrations > Schedule

• Integrations > Log Levels (Not Available in Oracle Integration Generation 2)

Import/Export

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
Import	Yes	No	No	No	No	No
Export	Yes	No	No	No	No	No
Download Detailed Report	Yes	No	No	No	No	No
View	Yes	No	No	No	No	No

Storage

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Reset	Yes	No	No	No	No	No

Certificates

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Upload	Yes	No	No	No	No	No
Update	Yes	No	No	No	No	No
Delete	Yes	No	No	No	No	No

Integrations > Notifications

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Revert	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Send Now	Yes	No	No	No	No	No
Reset All Notifications	Yes	No	No	No	No	No

Integrations > Database

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Revert	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Purge Now	Yes	No	No	No	No	No
Configure database space	Yes	No	No	No	No	No
Configure Nightly Purge	Yes	No	No	No	No	No
Configure Auto Purge	Yes	No	No	No	No	No

Integrations > Recommendations

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Contribute integration mappings to Oracle Recommends	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No

Integrations > API Management

Table 2-1 API Platform

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Revert	Yes	No	No	No	No	No
Create Connectivity with API CS	Yes	No	No	No	No	No

Integrations > Tracing

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Revert	Yes	No	No	No	No	No
Include payload	Yes	No	No	No	No	No

Integrations > Schedule

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
Save	Yes	No	No	No	No	No

Integrations > Logging (Not Available in Oracle Integration Generation 2)

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceInvoker	ServiceViewer
View	Yes	No	No	No	No	No
Save	Yes	No	No	No	No	No
Revert	Yes	No	No	No	No	No
Download Logs	Yes	No	No	No	No	No

What Users Can Do in Processes by Role

The following table lists the Oracle Integration predefined roles available in Processes, and the tasks users granted those roles can perform. Note that in Processes, the ServiceMonitor role and the ServiceUser role have the same privileges. In addition to these predefined roles, there is a set of roles defined for each process application. Service administrators are responsible for assigning process-specific roles to users.

Option	Actions	Service Administrator	Service Developer	Service Deployer	ServiceMonitor and ServiceUser
My Tasks	Access Workspace (runtime), initiate requests (start applications), work on your assigned tasks, and track the status of processes	Yes	Yes	Yes	Yes
My Tasks	Monitor dashboards	Yes	Yes	Yes	Yes
Applications	Perform all actions to develop and manage process applications and their components, except restrictions on activating	Yes	Yes	Yes	No
Applications	Activate process applications to a test partition	Yes	Yes	Yes	No
Applications	Activate process applications to a production partition	Yes	No	No	No
Spaces	View your spaces and the spaces shared with you, and create, edit, share, and delete your spaces	Yes	Yes	Yes	No
Spaces	Administer any space (check status, control permissions, and delete)	Yes	No	No	No
Management	Manage process applications (activate to production partition, retire, deactivate, shut down, and manage web services)	Yes	No	No	No
Administration (runtime)	Configure connections to other services, configure process runtime and logger settings, schedule archive and purge, configure UI custom settings, assign and manage roles specific to process applications, manage credentials and certificates, and view notification logs	Yes	No	No	No
Settings (design-time)	Administer any space (check status, control permissions, delete), administer any process application (delete, unlock), delete QuickStart Apps from the gallery, enable the application player, and use the Import utility	Yes	No	No	No

What Users Can Do in Visual Builder by Role

The following table lists Oracle Integration predefined roles available in Visual Builder, and the tasks that users granted those roles can perform.

Oracle Integration Role	Tasks Users Can Perform in Visual Builder
ServiceAdministrator	A user with the ServiceAdministrator role can: Use the visual design tool Create, manage, and change the owners of applications Create associations with other services Configure security options for applications in an instance Specify error messages for Access Denied pages
ServiceDeveloper	A user with the ServiceDeveloper role can: Use the visual design tool Create, manage, secure, and publish web and mobile applications Design pages, work with business objects, build and test applications
ServiceMonitor	The ServiceMonitor role is not applicable in Visual Builder.
ServiceDeployer	The ServiceDeployer role is not applicable in Visual Builder.
ServiceUser	A user with the role of ServiceUser can only access staged and published applications. The default permission is enforced only when the service administrator adjusts security settings for the entire service instance to restrict all access to runtime applications to the users granted the ServiceUser role.

What Users Can Do in B2B for Oracle Integration by Role

The following table lists Oracle Integration predefined roles available in B2B for Oracle Integration and the tasks that users granted those roles can perform.

Note:

The following roles do not have any privileges in B2B for Oracle Integration:

• ServiceDeployer
• ServiceEndUser
• ServiceInvoker

The list of tasks that different user roles can perform on B2B integrations (integrations using the B2B action) are the same as the tasks they can perform on other integrations. See What Users Can Do in the Integrations Design Section by Role.

Action	Service Administrator	ServiceDeveloper	ServiceMonitor	ServiceUser	ServiceViewer
View B2B Documents	Yes	Yes	No	No	No
Create or Modify B2B Documents	Yes	Yes	No	No	No
View B2B Schemas	Yes	Yes	No	No	No
Create or Modify B2B Schemas	Yes	Yes	No	No	No
Generate Implementation Guide	Yes	Yes	No	No	No