1. Securing Applications
  2. Role Copying or Editing

Role Copying or Editing

Rather than create a role from scratch, you can copy a role, then edit the copy to create a new role. Or you can edit existing roles.

Caution: While creating custom roles, make sure you assign only the required privileges. Assigning all the privileges may impact subscription usage. Before you proceed, see topic Guidance for Assigning Predefined Roles.

Initiate a copy or an edit from the Roles tab in the Security Console. Do either of the following:

  • Create a visualization graph and select any role in it. Right-click and select Copy Role or Edit Role.

  • Generate a list of roles in the Search Results column of the Roles page. Select one of them and click its menu icon. In the menu, select Copy Role or Edit Role.

If you're copying a role, select one of two options in a Copy Option dialog:

  • Copy top role: You copy only the role you have selected. The source role has links to roles in its hierarchy, and the copy inherits links to the original versions of those roles. If you select this option, subsequent changes to the inherited roles affect not only the source highest role, but also your copy.

  • Copy top role and inherited roles: You copy not only the role you have selected, but also all of the roles in its hierarchy. Your copy of the highest role is connected to the new copies of subordinate roles. If you select this option, you insulate the copied role from changes to the original versions of the inherited roles.

Next, an editing train opens. Essentially, you follow the same process in editing a role as you would follow to create one. However, note the following:

  • In the Basic Information page, a Predefined role box is checked if you selected the Edit Role option for a role shipped by Oracle. In that case, you can:

    • Add custom data security policies. Modify or remove those custom data security policies.

    • Add or remove users if the role is a job, abstract, or discretionary role.

    You can't:

    • Modify, add, or remove function security policies.

    • Modify or remove data security policies provided by Oracle.

    • Modify the role hierarchy.

    The Predefined role check box is cleared if you're editing a custom role or if you have copied a role. In that case, you can make any changes to role components.

  • By default, the name and code of a copied role match the source role's, except a prefix, suffix, or both are appended. In the Roles Administration page, you can configure the default prefix and suffix for each value.

  • A copied role can't inherit users from a source job or abstract role. You must select users for the copied role. (They may include users who belong to the source role.)

  • When you copy a role, the Role Hierarchy page displays all roles subordinate to it. However, you can add roles only to, or remove them from, the highest role you copied.

To monitor the status of a role-copy job, select the Administration tab, and then the Role Status tab of the Administration page.

Related Topics