Assigning Roles to Users

If you create users but not assign them to predefined roles, then they will not be reflected in Oracle Enterprise Performance Management Cloud. You can assign predefined roles to users while creating them or later on by loading user assignments to role from a CSV file. In OCI Gen 2 environments, you can use Identity groups to assign predefined roles to multiple EPM Cloud users.

Any EPM Cloud user assigned to the Identity Domain Administrator role can manage users and predefined role assignments in EPM Cloud. In OCI environments, Service Administrators can assign or unassign predefined roles without being assigned to the Identity Domain Administrator role. See Understanding Predefined Roles for detailed information on predefined roles in EPM Cloud.

You can assign predefined roles to EPM Cloud users using:

• My Services (Classic)
• Oracle Cloud Identity Console
• Oracle Cloud Console (IAM))
• Identity Cloud Service Groups in Oracle Cloud Identity Console
• Identity Cloud Service Groups in Oracle Cloud Console (IAM)
• CSV files

Users in EPM Cloud that have not been assigned to a predefined role are considered as deactivated users.

Any predefined role assignment or unassignment is reflected in EPM Cloud Access Control only after one of the following conditions occur:

• A user logs in after 4+ minutes approximately.
• When a user access Role Assignment Report tab in Access Control.
• An EPM Automate assignRole or unassignRole or roleAssignmentReport command is executed
• The REST API for assign role, unassign role, or role assignment report is executed

If the users and pre-defined role assignments are imported using EPM Automate importSnapshot or cloneEnvironment commands or REST API, the changes are reflected in Access Control Immediately.

Note:

After assigning roles, a Service Administrator should email the URLs to access the test and production environments of the service to EPM Cloud users.

You use different URLs to access the test and production environments of the service. Be sure to include the appropriate URL in the email.

Assigning Roles Using CSV Files

To assign predefined roles to many users at once, you use role upload files, one for each role. Create role upload files by dividing the users in the user upload file among comma-separated value files, one for each role. Each file must contain the user name of the users to whom you want to assign a specific role.

Note:

EPM Cloud does not support the use of custom roles created in the identity domain.

Email Notification to User

By default, Oracle Fusion Cloud EPM Administrator (oraclecloudadmin_ww@oracle.com) sends an email to each new user after the user is assigned a predefined role.

The email contains the credentials (user name and a temporary password) that the user needs to sign in to the environment.

• User names must contain only ASCII characters and must be unique within the identity domain.
• If used as the user name, the Email ID must be unique.
• The first name, last name and email ID of users may contain the apostrophe punctuation mark (').
• Email IDs containing the apostrophe punctuation mark cannot be used as the user name. Use these information sources:

Note:

In case the user is assigned a predefined role using groups, this email notification will not be sent.

Troubleshooting

See Resolving User, Role, and Group Management Issues in Oracle Enterprise Performance Management Cloud Operations Guide.