1. Getting Started with Your Customer Data Management (CDM) Implementation
  2. Setup Users and Security

Setup Users and Security

Although the initial user can perform many of the setup tasks in this guide, this user can't perform all of them without additional privileges. For example, the initial user can't run scheduled processes.

How Permissions Are Grouped and Provisioned

Oracle follows the industry standard Role Based Access Control approach to security. In Oracle Applications Cloud, the privileges are bundled in:

  • Job roles, which correspond to the jobs that the person is doing in your organization.

  • Abstract roles, which permit users to carry on tasks that are common to all employees or resources.

For example, the Data Steward Manager job role makes it possible for a user to perform all of the customer data steward manager duties, such as reviewing and assigning duplicate identification batches and duplicate resolution requests to customer data steward. The Employee abstract role adds the ability to access reports and manage personal profile information. The Resource abstract role makes it possible for a user to be assigned as a resource to the customer data management department.

Security Roles Required by Setup Users

To perform the setup tasks mentioned in this guide, you must provision setup users with all the job roles granted to the initial user. These job roles are:

  • Application Implementation Consultant (job role)

    Provides access to all the setup tasks across all products.

  • IT Security Manager (job role)

    Provides access to the security tasks, including the ability to assign other enterprise roles.

  • Application Diagnostics Administrator (job role)

    Provides access to the diagnostic tests and data.

In addition, you also need to provision them with:

  • Employee (abstract role)

    Provides the ability to run and monitor background processes and manage personal profile information.

  • Master Data Management Application Administrator (job role)

    Permits the setup user to perform the same functional setups as a customer data management application administrator.

To perform the setup tasks in this guide as the initial user, you must provision these additional roles to yourself as well. While the initial user can create other users and perform many setup tasks, the initial user can't complete all the tasks without the additional security roles.

About Role Provisioning Rules

In Oracle Customer Data Management Cloud, you provision job roles and abstract roles to users using role provisioning rules. If users meet the conditions of the rule, the application provisions them with the job roles and abstract roles that you want to assign to the user.

The following figure shows how the role provisioning rule conditions must be met to provision the job roles and abstract roles.

The figure shows the job roles and abstract roles are provisioned to a user by the application only when the role provisioning rule conditions are met.

The role provisioning rules you use to provision customer data management application users and the initial setup users have different conditions.

How You Provisioning Customer Data Management Application Users

You provision job roles to customer data management users, such as data steward managers and customer data steward based on the role the user plays in the resource organization. This resource role is the job title, which appears under the user name in the Resource Directory.

The following figure shows resource directory page with the resource role appearing as job tittle under the user name highlighted with the callout 1.
The resource role appears in the Resource Directory page as the job title under the user name.

How You Create a Special Provisioning Rule for Setup Users

As users doing the initial setup aren't part of your company's resource organization, you don't want them to be a part of the resource hierarchy and you don't want them to appear in the Resource Directory. For these reasons, you don't create setup users as resources, and you don't assign them resource roles.

Because setup users don't have resource roles, you must create a special role provisioning rule that uses a different field as the condition. You create a Customer Data Management Setup User job, a field not normally used in Oracle Customer Data Management Cloud, and provision the setup user with job roles based on this job. You need to provision these roles to the Customer Data Management Setup User job: Application Implementation Consultant, Application Diagnostic Administrator, It Security Manager, and Master Data Management Application Administrator.

How You Provision Setup Users

The following figure illustrates the two provisioning rules used to provision the Customer Data Management Setup User job role and employee abstract role to the setup user. The employee role provisioning rule is already set up for you by Oracle unless you're implementing your application in a Global Single Instance environment. In GSI environments, you must set up all provisioning rules yourself.

The two provisioning rules used to provision the Customer Data Management Setup User job role and employee abstract role to the setup user.

What Happens When You Create Users

When you create users, Oracle Customer Data Management Cloud:

  • Creates accounts, user names, and temporary passwords

  • Provisions the job roles and abstract roles the users require to carry out their jobs

  • Sends users an e-mail with their sign-in credentials

Tip: System notification e-mail, including the initial e-mail with sign-in information, don't include the URL for accessing Oracle Customer Data Management Cloud. You must provide this URL to users separately.