Working with Roles and Permissions

24 Working with Roles and Permissions

Security ensures that each user has the right access to functions and data.

Videos

Your Goal	Watch This Video
Learn about security in Oracle Enterprise Data Management Cloud.	Overview: Understanding Security in Enterprise Data Management Cloud Part 1 Overview: Understanding Security in Enterprise Data Management Cloud Part 2

Your Goal

Watch This Video

Learn about security in Oracle Enterprise Data Management Cloud.

Overview: Understanding Security in Enterprise Data Management Cloud Part 1

Overview: Understanding Security in Enterprise Data Management Cloud Part 2

There are two levels of security:

In Oracle Fusion Cloud EPM, users are created and assigned predefined roles.
In Oracle Enterprise Data Management Cloud, users and groups are assigned application roles and permissions. After a user has access to a viewpoint, the viewpoint data security controls the allowed actions on nodes and properties.

The first level of security is managed in Oracle Fusion Cloud EPM through My Services when your Identity Domain Administrator creates users. Each user is assigned a predefined role.

There are two Oracle Enterprise Data Management Cloud predefined roles:

User

A user with the User predefined role can log into Oracle Enterprise Data Management Cloud and can be assigned roles and permissions to view and manage application data.
Service Administrator

A user with the Service Administrator predefined role can perform most functional activities and can access views, applications, and data including:
- Provisioning roles in Oracle Enterprise Data Management Cloud and creating groups, see Access Control in Administering Access Control for Oracle Enterprise Performance Management Cloud.
- Migrating artifacts across test and production environments, see Using Migration.
- Performing daily maintenance, see Using the Maintenance Snapshot in Getting Started with Oracle Enterprise Performance Management Cloud for Administrators.
However, Service Administrators cannot be assigned to a request or a request subscription unless they have Participant(Write) permission on the data objects in that request.

If you do not have either the User or Service Administrator predefined role, you are not able to access Oracle Enterprise Data Management Cloud, and the following message is displayed:

"No valid role for this user. You must have either the User or Service Administrator predefined role assigned in Oracle Fusion Cloud Enterprise Performance Management in order to log into Enterprise Data Management Cloud. Contact your system administrator to have a role assigned."

Working with Groups in Oracle Enterprise Data Management Cloud

You can use groups to grant permissions to your applications, dimensions, node types, hierarchy sets, and views. Enterprise Data Management offers three types of groups:

PREDEFINED: These groups are automatically created for each predefined role. All users are assigned to a predefined group based on their predefined role (e.g., User).
EPM: These are the groups that you create in Access Control in Tools.
IDCS: These are the groups that you create in the Oracle Cloud Identity Console. You can view them in Access Control and assign them to application roles and EPM groups.

For more information, see Managing Groups in Administering Access Control for Oracle Enterprise Performance Management Cloud.