About Oracle SOA Cloud Service Roles and User Accounts

Oracle SOA Cloud Service uses roles to control access to tasks and resources. A role assigned to a user gives certain privileges to the user.

The following role is created for Oracle SOA Cloud Service: SOA Administrator.

When the Oracle SOA Cloud Service account is first set up, the service administrator is given the SOA Administrator role. User accounts with the role must be added before anyone can access and use Oracle SOA Cloud Service.

The identity domain administrator can create more SOA administrators by creating user accounts and assigning the role to users. For information about how to add user accounts in Oracle Cloud, see:

For Oracle Cloud Infrastructure: Managing Oracle Identity Cloud Service Users and Groups in the Oracle Cloud Infrastructure Console in the Oracle Cloud Infrastructure documentation.
For Oracle Cloud Infrastructure Classic: Managing Users, User Accounts, and Roles in Managing and Monitoring Oracle Cloud

Topics:

SOA Administrator

The primary role in Oracle SOA Cloud Service is SOA Administrator.

The following table summarizes the privileges given to the SOA Administrator role.

Description of Privilege	More Information
Can create and delete service instances	Provision an Oracle SOA Cloud Service Instance Delete an Oracle SOA Cloud Service Instance
Can stop and start service instances, and VMs	Stop or Start an Oracle SOA Cloud Service Instance and Individual VMs
Can suspend and enable service instances by disabling and enabling the load balancer	Disable Load Balancer Traffic to Suspend an Oracle SOA Cloud Service Instance
Can scale, patch, and back up or restore service instances	Scale an Oracle SOA Cloud Service Instance About Managing Patches for Instances Provisioned With Earlier Releases Back Up and Restore an Oracle SOA Cloud Service Instance
Can administer load balancers for service instances	Administer the Load Balancer for an Oracle SOA Cloud Service Instance
Can monitor and manage service usage in Oracle Cloud	For Oracle Cloud Infrastructure: See the Oracle Cloud Infrastructure documentation. For Oracle Cloud Infrastructure Classic: Performing Service-Specific Tasks in Managing and Monitoring Oracle Cloud
Can grant the SOA Administrator role to existing users	For Oracle Cloud Infrastructure: Managing Oracle Identity Cloud Service Users and Groups in the Oracle Cloud Infrastructure Console in the Oracle Cloud Infrastructure documentation. For Oracle Cloud Infrastructure Classic: Managing Users, User Accounts, and Roles in Managing and Monitoring Oracle Cloud

Related Service Administrators

The following table summarizes the privileges given to other related service administrator roles in Oracle Cloud.

Role	Privileges
`Compute_Operations`	Create Oracle SOA Cloud Service instances on Oracle Cloud Infrastructure Classic regions.
`DBaaS_Administrator`	Create and manage Oracle Database Classic Cloud Service deployments. A database deployment must exist prior to creating an Oracle SOA Cloud Service instance, unless you create the service instance by using a QuickStart template. See Quickly Try Out an Instance in Oracle Cloud Infrastructure Classic.
`Storage_ReadWriteGroup`	Enable backups for an Oracle SOA Cloud Service instance, and store the backups in an existing Oracle Cloud Infrastructure Object Storage Classic container.
`Storage_Administrator`	Create Oracle Cloud Infrastructure Object Storage Classic containers to use as backup storage locations for Oracle SOA Cloud Service instances.

Service Instance Users

Learn about the operating system and Oracle WebLogic Server administrative user accounts that are created when you create an Oracle SOA Cloud Service instance.

Account Description More Information

Account	Description	More Information
VM OS User	The `opc` user has root privileges on the OS running on a VM: Can connect to a VM through SSH for direct VM-level access to an Oracle SOA Cloud Service instance. Can create other OS accounts on a VM using the appropriate OS tool through the SSH interface. The `oracle` user cannot be used to log into a host: Only has regular user permissions to start and stop Oracle products that have been installed on the host. Note that there are no default passwords for either the `opc` or `oracle` user. NOTE: Do not update the `oracle` user password or password expiration policy. The PaaS Service Manager uses the `oracle` user for administrative access and counts on the password being stable. SSH access to the VM by the `opc` user is based on the public key provided at the time the Oracle SOA Cloud Service instance was provisioned. You provide the private key when you log in to the VM as `opc`. Once logged in, as a root user you can switch to the `oracle` user with: `sudo su - oracle`	Access a VM Through a Secure Shell (SSH)
WebLogic Administrator	Can manage Oracle WebLogic Server in Oracle SOA Cloud Service. Can access and use the WebLogic Server Administration Console. Can manage users and groups in the embedded LDAP. Can configure other identity providers. Can deploy and undeploy applications using the WebLogic Server Administration Console.	Access an Administration Console for Software that a Service Instance Is Running Use the WebLogic Server Administration Console to Deploy and Undeploy an Application

VM OS User

The opc user has root privileges on the OS running on a VM:

Can connect to a VM through SSH for direct VM-level access to an Oracle SOA Cloud Service instance.
Can create other OS accounts on a VM using the appropriate OS tool through the SSH interface.

The oracle user cannot be used to log into a host:

Only has regular user permissions to start and stop Oracle products that have been installed on the host.

Note that there are no default passwords for either the opc or oracle user.

NOTE: Do not update the oracle user password or password expiration policy. The PaaS Service Manager uses the oracle user for administrative access and counts on the password being stable.

SSH access to the VM by the opc user is based on the public key provided at the time the Oracle SOA Cloud Service instance was provisioned.

You provide the private key when you log in to the VM as opc. Once logged in, as a root user you can switch to the oracle user with:

sudo su - oracle

Access a VM Through a Secure Shell (SSH)

WebLogic Administrator

Can manage Oracle WebLogic Server in Oracle SOA Cloud Service.

Can access and use the WebLogic Server Administration Console.

Can manage users and groups in the embedded LDAP.

Can configure other identity providers.

Can deploy and undeploy applications using the WebLogic Server Administration Console.

Access an Administration Console for Software that a Service Instance Is Running

Use the WebLogic Server Administration Console to Deploy and Undeploy an Application

Note:

The Oracle WebLogic Server administrator account and VM OS User accounts are not stored or managed in Oracle Cloud.

You provide the user name and password for the WebLogic Administrator when you create an Oracle SOA Cloud Service instance.

The credentials and permissions for the WebLogic Administrator and all end user accounts that the administrator creates are stored and managed in Oracle WebLogic Server.

Oracle Cloud Infrastructure Policies

Learn about how to create and manage resources in Oracle Cloud Infrastructure, administrators define policies that grant privileges to users and groups.

To create and manage resources in Oracle Cloud Infrastructure, administrators define policies that grant privileges to users and groups. For example, to create a database for use with Oracle SOA Cloud Service in either an Oracle Autonomous Transaction Processing or Oracle Cloud Infrastructure database, an administrator must create policies that grant you access to these services. See Securing IAM in the Oracle Cloud Infrastructure documentation.

In order to create Oracle SOA Cloud Service instances in an Oracle Cloud Infrastructure region, an administrator must create policies that grant specific privileges to Oracle SOA Cloud Service.

For example, the administrator must specify the following policy to grant Oracle SOA Cloud Service access to the Autonomous Transaction Processing or Oracle Cloud Infrastructure database:

Autonomous Transaction Processing database
Allow service PSM to inspect autonomous-database in compartment Autonomous Transaction Processing database compartment
Oracle Oracle Cloud Infrastructure database
Allow service PSM to inspect database-family in compartment Oracle Cloud Infrastructure database compartment

See Prerequisites for Oracle Platform Services on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.