Advisory Note on Subscription Impact
Assigning predefined roles and privileges as is to users may impact subscription usage, even if you haven't purchased the subscription. Privileges that are assigned but remain unused can still account for subscription consumption.
Before you assign predefined roles with privileges, evaluate the business needs of your users. Do your users need the entire role and all its privileges in full scope? Or, do they need the role but only a few of its privileges? Evaluating what your users need will help you avoid potential security risks and also keep a check on the subscription consumption.
If you want users to have the predefined role in full scope and have purchased all the impacted cloud services, you can assign the role with privileges as is. For example, only while setting up an application, you may need to assign the predefined Application Implementation Consultant role as is. Once the setup is complete, you can unassign it. Otherwise, Oracle recommends that you make a copy of that predefined role, remove the privileges you don't need, and assign only the required privileges. For a list of all predefined roles with privileges that impact subscription usage, see the spreadsheet Predefined Roles with Subscription Impact. To give you an example, here's an indicative list of the top three roles that impact subscription usage:
- Employee (ORA_PER_EMPLOYEE_ABSTRACT)
- Application Implementation Consultant (ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB)
- Contingent Worker (ORA_PER_CONTINGENT_WORKER_ABSTRACT)