Assigning Roles to Users

If you create users but not assign them to predefined roles, they will not be reflected in the Oracle Fusion Cloud Enterprise Performance Management and Oracle Enterprise Data Management Cloud environment. You can assign predefined roles to users while creating them or later on by loading user assignments to role from a CSV file. You can also use identity groups to assign predefined roles to multiple users.

Any user assigned to the Identity Domain Administrator role can manage users and predefined role assignments in the environment. Service Administrators can assign or unassign predefined roles without being assigned to the Identity Domain Administrator role. See Understanding Predefined Roles for detailed information on predefined roles.

See these topics:

• Assigning Roles
• Using IDCS Groups to Assign Predefined Roles to Users
• Assigning Roles Using CSV files

Users that have not been assigned to a predefined role are considered as deactivated users.

Any predefined role assignment or unassignment is reflected in Access Control only after one of the following conditions occur:

• A user logs in after 4+ minutes approximately.
• When a user access Role Assignment Report tab in Access Control.
• An EPM Automate assignRole or unassignRole or roleAssignmentReport command is executed
• The REST API for assign role, unassign role, or role assignment report is executed

If the users and pre-defined role assignments are imported using the importSnapshot or cloneEnvironment EPM Automate commands or REST API, the changes are reflected in Access Control Immediately.

Note:

After assigning roles, a Service Administrator should email users the URLs for accessing the test and production environments of the service. Remember that different URLs are used for the test and production environments, so be sure to include the correct one in the email.

Assigning Roles Using CSV Files

To assign predefined roles to many users at once, you use role upload files, one for each role. Create role upload files by dividing the users in the user upload file among comma-separated value files, one for each role. Each file must contain the user name of the users to whom you want to assign a specific role.

Note:

The environment does not support the use of custom roles created in the identity domain.

Email Notification to User

By default, the Cloud Account Administrator (oraclecloudadmin_ww@oracle.com) sends an email to each new user after the user is assigned a predefined role.

The email contains the credentials (user name and a temporary password) that the user needs to sign in to the environment.

• User names must contain only ASCII characters and must be unique within the identity domain.
• If used as the user name, the Email ID must be unique.
• The first name, last name and email ID of users may contain the apostrophe punctuation mark (').
• Email IDs containing the apostrophe punctuation mark cannot be used as the user name.

Note:

In case the user is assigned a predefined role using groups, this email notification will not be sent.

Troubleshooting

See Resolving User, Role, and Group Management Issues in Oracle Enterprise Performance Management Cloud Operations Guide.