How Do I Assign the Roles?

If IDCS role synchronization hasn't been disabled for your Oracle Cloud Applications environment, you can follow the instructions in Assign Oracle Cloud Applications Roles, wait a half hour while the roles are synchronized with the IDCS system, and then your users should be able to use VB Studio without any further involvement on your part.

If role synchronization has been disabled, role assignment is a two-step process:

1. Create an Oracle Cloud Applications user, then assign a role to that user using the Oracle Cloud Applications Security Console. See Assign Oracle Cloud Applications Roles.
2. In IDCS, manually assign a VB Studio role (DEVELOPER_ADMINISTRATOR or DEVELOPER_USER) to the Oracle Cloud Applications user. See Assign VB Studio Roles in OCI Identity and Access Management.

Assign Oracle Cloud Applications Roles

Before beginning the process, review some background information:

• Standard roles (listed in step 7 below) are predefined. Their privileges are automatically updated as necessary, such as when new features or services are added.
• Custom roles are created as substitutes for standard roles, allowing only specific privileges. These privileges are assigned in the Oracle Cloud Applications Security Console.

  If you're using custom roles, you'll want to be sure that your custom roles have the privileges and permissions required for working in VB Studio. See Configure Oracle Cloud Applications Custom Roles.

To assign an Oracle Cloud Applications role to a new or existing Oracle Cloud Applications user:

1. Sign in to Oracle Cloud Applications as an administrator with access to the Security Console.
2. Click Navigation menu to open the navigation menu and, under Tools, click Security Console.
   
   

   
   Description of the illustration fa-tools-security-console.png

   
   
3. Click Users in the navigation pane.
   The User Accounts page is displayed.
   

   
   Description of the illustration fa-user-accounts-page.png

   
   
4. To create a new user, click Add User Account and follow the prompts. To assign a role to an existing user, use the Search field to find the user you want, then skip to step 6.
   The Add User Account page is displayed.
5. Fill out the User Information fields (First Name, Last Name, Email, Password, Confirm Password).
   
   

   
   Description of the illustration fa-add-user-account-page-filled.png

   
   

   The User Name field has been filled in for you, using the first and last names you entered separated by a period.

6. Click Add Role.
   The Add Role Membership from Role page is displayed.
7. Select one of the standard Oracle Cloud Applications roles:
   • Application Administrator (ORA_FND_APPLICATION_ADMINISTRATOR_JOB)
   • Application Developer (ORA_FND_APPLICATION_DEVELOPER_JOB)
   • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
   • Sales Administrator (ORA_ZBS_SALES_ADMINISTRATOR_JOB)
   • Customer Relationship Management Application Administrator (ORA_ZCA_CUSTOMER_RELATIONSHIP_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)

   Note:

   To see the list of assignable roles when extending Oracle Cloud Applications, users need to be assigned a role with the PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV privilege, such as ORA_PER_EMPLOYEE_ABSTRACT or ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB.

   Instead of standard roles, you can also select custom roles if you've created them.

8. After you select the role to assign to the user, click Add Role Membership.
   
   

   
   Description of the illustration fa-add-role-membership-done.png

   
   
9. Click Done.
   The Add User Account page is displayed, showing the new user with an assigned role.
   

   
   Description of the illustration fa-add-user-account-role-all-filled.png

   
   
10. Click Save and Close.

From the time role membership was granted via the Security Console, it will take approximately 30 minutes for a user to gain access. If, after 30 minutes, a user is still seeing a You are not a member of this organization warning message when attempting to create a simple extension, it's very likely that IDCS role sync has been disabled on your environment. In this case, you need assign one of the VB Studio roles to the Oracle Cloud Applications user. See Assign VB Studio Roles in OCI Identity and Access Management.

Assign VB Studio Roles in OCI Identity and Access Management

If you just created a new user in Oracle Cloud Applications, it will take at least 30 minutes for the user profile to show up in OCI Identity and Access Management so that you can assign a VB Studio user role to it.

Once you've waited at least 30 minutes, you can assign VB Studio roles. Here's how:

1. In a web browser, go to https://cloud.oracle.com.

   To view the list of supported browsers for the Oracle Cloud Console, also called the OCI console, see Supported Browsers.

   Note:

   If you have a direct link to OCI Identity and Access Management (formerly called the IDCS Console), use that instead, make sure you select Domains, and then skip to step 7.
2. In Cloud Account Name, enter your Oracle Cloud account or tenancy name and click Next.
3. On the Single Sign-On (SSO) panel, if required, select the OracleIdentityCloudService identity domain and click Continue.

   This is the identity domain associated with your Oracle Cloud Applications instance.

4. Enter your Oracle Cloud account credentials and click Sign In.

   If you've recently created your Oracle Cloud account, wait for some time to see your services in the Oracle Cloud Console.

5. In the upper-left corner, click Navigation Menu .
6. Select Identity & Security and then, under Identity, select Domains.
7. On the Domains page, next to Applied filters, make sure the root compartment is selected.
8. Click the OracleIdentityCloudService identity domain, then click the Oracle cloud services tab.
9. Search for and select the service that begins with either DevServiceAppAUTO_ or VisualBuilderStudioInstance_:
   • Select DevServiceAppAUTO_ for older VB Studio instances that were migrated from Oracle Gen 1 Cloud to Oracle Gen 2 Cloud Infrastructure, also known as Oracle Cloud Infrastructure (OCI).
   • Select VisualBuilderStudioInstance_ for newly created Gen 2 (OCI) VB Studio instances.
   
   
   
   Description of the illustration id-domains-example.png
   
   
10. Click Application roles.

    A user must be assigned one of these two roles to access VB Studio, either directly or indirectly via a group.

    This VB Studio role...	Enables a user to:
    DEVELOPER_ADMINISTRATOR	Set up VB Studio, manage all projects, manage VM executors and executor templates, view the Recent Activities feed, and update the organization details. The user with this role is also called the Organization Administrator. Assign this role to users who can administer VB Studio.
    DEVELOPER_USER	Create and access VB Studio projects. All non-admin users of VB Studio must be assigned this role. Note that this role doesn't allow the user to update the organization details and view the Recent Activities feed.

11. For each VB Studio role that you want to assign, click the three dots at the end of the row and then click Manage users.
12. The Manage user assignments page lists the users already assigned to the selected VB Studio role. Click Assign users to add a new user to this role.
13. On the Assign users page, search for and select the user you'd like to grant this VB Studio role to, then click Assign.
14. Click Close.
15. Repeat these steps to assign VB Studio roles to additional users.