Working with Roles and Permissions

Security ensures that each user has the right access to functions and data.

Videos

Your Goal	Watch This Video
Learn about security in Oracle Fusion Cloud Enterprise Data Management.	Overview: Understanding Security in Enterprise Data Management Cloud Part 1 Overview: Understanding Security in Enterprise Data Management Cloud Part 2

Your Goal

Watch This Video

Learn about security in Oracle Fusion Cloud Enterprise Data Management.

Overview: Understanding Security in Enterprise Data Management Cloud Part 1

Overview: Understanding Security in Enterprise Data Management Cloud Part 2

There are two levels of security:

In Oracle Fusion Cloud EPM, users are created and assigned application roles.
In Cloud EDM, users and groups are assigned granular roles and permissions. After a user has access to a viewpoint, the viewpoint data security controls the allowed actions on nodes and properties.

The first level of security is managed in Cloud EPM through My Services when your Identity Domain Administrator creates users. Each user is assigned an application role.

There are two Cloud EDM application roles:

User

A user with the User application role can log into Cloud EDM and can be assigned roles and permissions to view and manage application data.
Service Administrator

A user with the Service Administrator application role can perform most functional activities and can access views, applications, and data including:
- Provisioning roles in Cloud EDM and creating groups, see Access Control in Administering Access Control.
- Migrating artifacts across test and production environments, see Using Migration.
- Performing daily maintenance, see Using the Maintenance Snapshot in Getting Started Guide for Administrators.
However, Service Administrators cannot be assigned to a request or a request subscription unless they have Participant(Write) permission on the data objects in that request.

If you do not have either the User or Service Administrator application role, you are not able to access Cloud EDM, and the following message is displayed:

"No valid role for this user. You must have either the User or Service Administrator application role assigned in Oracle Fusion Cloud Enterprise Performance Management in order to log into Enterprise Data Management Cloud. Contact your system administrator to have a role assigned."

Working with Groups in Cloud EDM

You can use groups to grant permissions to your applications, dimensions, node types, hierarchy sets, and views. Enterprise Data Management offers three types of groups:

PREDEFINED: These groups are automatically created for each application role. All users are assigned to a PREDEFINED group based on their application role (e.g., User).
EPM: These are the groups that you create in Access Control in Tools.
IDCS: These are the groups that you create in the Oracle Cloud Identity Console. You can view them in Access Control and assign them to granular roles and EPM groups.

For more information, see Managing Groups in Administering Access Control.