Create and Manage Custom Self-Service Roles
Custom self-service roles give you the flexibility to segment self-service users into different groups and provide them with a more specifically tailored experience.
For example, you might want to allow some users to see knowledge that other users can't see.
Digital Customer Service includes three self-services roles: User, Account Administrator and Account Manager. All self-service users are given the User role. The first user of an account is assigned the Account Administrator role. The following table shows the job roles these self-service roles are given and if they are used in data security policies:
Self-Service Role |
Related Identity Provider Role |
Use in Data Security Policy |
---|---|---|
User |
Customer Self-Service User |
No |
Account Administrator |
Customer Self-Service Account Administrator |
Yes |
Account Manager |
No related role |
Yes |
Custom self-service roles can be defined and mapped to custom identity provider roles or used in data security policies. When a self-service user is assigned a custom self-service role, this user is also assigned to the corresponding custom identity provider role.
A custom self-service role can be mapped to only one custom identity provider role. Out of the box self-services roles can't be mapped to any identity provider roles.
Here's a list of tasks that you must perform to grant a self-service user a custom self-service role:
-
Create a custom self-service role
-
Create or locate a role in Fusion Service
-
Create or locate a role in Identity Cloud Service
-
Map the custom self-service role to an identity provider role
-
Grant the custom self-service role to a self-service user
To assign these custom roles to new users, refer to "Add Mappings to User Roles" in Related Topics.
Create a Custom Self-Service Role
You can define custom self-service roles by adding a new code to the ORA_SVC_CSS_REL_TYPE_CD lookup type. You do this using the Manage Self-Service Relationship Type Standard Lookup task in Functional Setup Manager.
-
Sign in to Fusion Service as an administrator or setup user.
-
In the Setup and Maintenance area, go to the following:
-
Offering: Service.
-
Functional Area: Digital Customer Service.
-
Task: Manage Self-Service Relationship Type Standard Lookup
Tip: Select All Tasks from the Show drop down list to display the task. -
-
Click Manage Self-Service Relationship Type Standard Lookup.
-
Add the custom self-service roles by adding the new codes to this standard lookup by doing the following:
-
Click the New (+) icon.
-
Enter values for the Lookup Code and Meaning fields.
Optionally, enter values for other fields.
-
Add a new row for each new self-service role.
-
Click Save and Close.
-
Create or Locate a Custom Identity Provider Role in Fusion Service Using Security Console
For this task you create a new role or locate an existing role in Security Console. For more information on creating roles, refer to the Create Job and Abstract Roles topic from the Securing CX Sales and Fusion Service guide, in the Related Links
Create or Locate a Custom Identity Provider Role in Identity Cloud Service
curl --location --request POST 'https://idcs-002d5462cc68420a96fcb9ed392854d2.identity.c9dev2.oc9qadev.com/admin/v1/Groups' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ4NXQjUzI1NiI6InZfUW8......LCZhakQ' \
--data-raw '{
"displayName": "Adjudicator",
"externalId": "CUST_ADJUDICATOR",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group": {
"creationMechanism": "api",
"description": "Created using Postman"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group",
"urn:ietf:params:scim:schemas:extension:custom:2.0:Group"
]
}'
For more information on creating groups, refer to the Create Groups in Oracle Identity Cloud Service topic in the Related Topics.
Map the Custom Self-Service Role to an Identity Provider Role
For this task you use the Functional Setup Manager task, Manage Custom Role Mapping for Digital Customer Service to enable the viewing of existing mappings and creating new mappings between custom Self-Service roles and custom identity provider roles.
-
Sign in to Fusion Service as an administrator user.
-
In the Setup and Maintenance screen, select Service, then Digital Customer Service.
-
From the Show drop down list, select All Tasks.
-
Click Manage Custom Role Mapping for Digital Customer Service.
-
Select a Self-Service role.
-
Select a Job role.
-
Click Save.
Grant a User the Custom Self Service Role
You use the selfServiceRoles REST API to assign a custom self-service role to a self-service user. The functional security required to use this API is given to the Customer Self-Service Account Administrator job role and the Customer Self-Service Administration duty role.
Here's an example:
curl --location --request POST 'https://<POD>.fa.<data center ID>.oraclecloud.com/crmRestApi/resources/11.13.18.05/selfServiceRoles' \
--user 'ADMIN_USER:ADMIN_USER_PWD' \
--header 'Content-Type: application/json' \
--data-raw ' {
"AccountPartyId": 100000015022002,
"ContactPartyId": 300100544667497,
"RelationshipTypeCd": "CUST_ADJUDICATOR"
}'