Access to Oracle Enterprise Performance Management Cloud components are controlled by the predefined roles in the identity domain to which users are assigned. Service Administrators can assign users to application-specific roles of planning, consolidation, account reconciliation, and data management applications to enable them to complete additional tasks in an environment.
For example, Service Administrators can assign a user to the Approval Administrator role of a planning or consolidation application to enable the user to perform approvals-related activities.
Additionally, Service Administrators can, from Access Control, create groups comprising identity domain users or other groups. Assigning roles to such groups enables Service Administrators to grant roles to many users at once, thereby reducing administrative overheads.
Assigning roles at the application-level can only enhance the access rights of users; none of the privileges granted by a predefined role can be curtailed by roles assigned at the application-level.
Access Control enables you to complete these activities in an environment: