Assigning Service Roles for Oracle Integration Access

After an Oracle Integration instance has been created, assign instance roles to groups of users in Oracle Identity Cloud Service to allow them to work with the features of the Oracle Integration instance.

Note:

It's a best practice to assign Oracle Integration instance roles to selected groups rather than users.

  1. On the Identity Provider Details page, select Groups from the Resources options.
  2. From the table, select an IDCS group to grant them access.
  3. On the Group Details page, click the Manage Service Roles button.
  4. On the Manage Service Roles page, locate your integration service (INTEGRATIONCAUTO for Oracle Integration, INTEGRATIONSUB for Oracle Integration for SaaS). At the far right, click Task menu , and choose Manage instance access.
    The Manage Access screen lists instances. Note that you must assign roles for each instance individually.
    • Instance names follow this format: displayname-tenancyid-regionid

    • Instance URLs follow this format: https://displayname-tenancyid-regionid.integration.ocp.oraclecloud.com/ic/home/
  5. From the Manage Access options, select instance roles for the group under one or more specified instances.
    Want to learn more about specific Oracle Integration roles? See Oracle Integration Service Roles.
  6. Click Save Instance Settings, then Apply Service Role Settings.

Oracle Integration Service Roles

Oracle Integration predefined roles govern access to various Oracle Integration features.

For details on what you can do in each Oracle Integration feature by service role, see Oracle Integration Roles and Privileges.

You can assign one or more of these predefined roles to Oracle Integration users and groups: ServiceAdministrator, ServiceDeveloper, ServiceMonitor, ServiceDeployer, ServiceUser, ServiceInvoker, and ServiceViewer. The following table lists the predefined roles available in Oracle Integration, and the general tasks that users assigned the roles can perform.

Oracle Integration Description

ServiceAdministrator

A user with the ServiceAdministrator role is a super user who can manage and administer the features provisioned in an Oracle Integration instance.

ServiceDeveloper

A user with the ServiceDeveloper role can develop the artifacts specific to the features provisioned in an Oracle Integration instance. For example, in Integrations the user can create integrations, and in Processes the user can create process applications and decision models.

ServiceMonitor

A user with the ServiceMonitor role can monitor the features provisioned in an Oracle Integration instance. For example, the user can view instances and metrics, find out response times, and track whether instance creation completed successfully or failed.

This role provides privileges for users with limited knowledge of Oracle Integration, but with high-level knowledge of monitoring it. This user role does not grant permissions to change anything.

ServiceDeployer

A user with the ServiceDeployer role can publish the artifacts developed in a feature.

This role is not applicable for the Integrations feature.

ServiceUser

A user with the ServiceUser role has privileges to utilize only the basic functionality of a feature such as access to the staged and published applications.

For example, in Integrations the user can navigate to resource pages (such as integrations and connections) and view details, but can’t edit or modify anything. The user can also run integrations and start process applications.

ServiceInvoker

A user with the ServiceInvoker role can invoke any integration flow in an Oracle Integration instance that is exposed through SOAP/REST APIs or a scheduled integration. See Run an Integration Flow. A user with ServiceInvoker role cannot:
  • Navigate to the Oracle Integration user interface or perform any administrative actions in the user interface.
  • Invoke any of the documented Oracle Integration REST APIs. See About the REST APIs.

ServiceViewer

A user with the ServiceViewer role can navigate to all Integration resource pages (for example, integrations, connections, lookups, libraries, and so on) and view details. The user cannot edit any resources or navigate to the administrative setting pages.

In Oracle Integration, when you assign a role to a user, the user is granted that role for all Oracle Integration features provisioned on an instance. For example, when you assign the ServiceDeveloper role to a user for an instance provisioned with the Integrations, Processes, and Visual Builder feature set, the user gets developer permissions on each of these features. Further, each role grants different privileges for different features to the same user. Depending on the feature the user is accessing, the user can perform different tasks. For example, a user assigned the ServiceDeveloper role can develop process applications in Processes, whereas the same user can design integrations in Integrations. Note that not all Oracle Integration predefined roles are available in all features. For example, the ServiceMonitor role is not available in Visual Builder.