Create and Manage Custom Self-Service Roles

Custom self-service roles give you the flexibility to segment self-service users into different groups and provide them with a more specifically tailored experience.

For example, you might want to allow some users to see knowledge that other users can't see.

Digital Customer Service includes three self-services roles: User, Account Administrator and Account Manager. All self-service users are given the User role. The first user of an account is assigned the Account Administrator role. The following table shows the job roles these self-service roles are given and if they are used in data security policies:

Self-Service Role	Related Identity Provider Role	Use in Data Security Policy
User	Customer Self-Service User	No
Account Administrator	Customer Self-Service Account Administrator	Yes
Account Manager	No related role	Yes

Custom self-service roles can be defined and mapped to custom identity provider roles or used in data security policies. When a self-service user is assigned a custom self-service role, this user is also assigned to the corresponding custom identity provider role.

A custom self-service role can be mapped to only one custom identity provider role. Out of the box self-services roles can't be mapped to any identity provider roles.

Here's a list of tasks that you must perform to grant a self-service user a custom self-service role:

• Create a custom self-service role

• Create or locate a role in Fusion Service

• Create or locate a role in Identity Cloud Service

• Map the custom self-service role to an identity provider role

• Grant the custom self-service role to a self-service user

To assign these custom roles to new users, refer to "Add Mappings to User Roles" in Related Topics.

Create a Custom Self-Service Role

You can define custom self-service roles by adding a new code to the ORA_SVC_CSS_REL_TYPE_CD lookup type. You do this using the Manage Self-Service Relationship Type Standard Lookup task in Functional Setup Manager.

1. Sign in to Fusion Service as an administrator or setup user.

2. In the Setup and Maintenance area, go to the following:

   • Offering: Service.

   • Functional Area: Digital Customer Service.

   • Task: Manage Self-Service Relationship Type Standard Lookup

   Tip: Select All Tasks from the Show drop down list to display the task.

3. Click Manage Self-Service Relationship Type Standard Lookup.

4. Add the custom self-service roles by adding the new codes to this standard lookup by doing the following:

   1. Click the New (+) icon.

   2. Enter values for the Lookup Code and Meaning fields.

      Optionally, enter values for other fields.

   3. Add a new row for each new self-service role.

   4. Click Save and Close.

Create or Locate a Custom Identity Provider Role in Fusion Service Using Security Console

For this task you create a new role or locate an existing role in Security Console. For more information on creating roles, refer to the Create Job and Abstract Roles topic from the Securing CX Sales and Fusion Service guide, in the Related Links

Create or Locate a Custom Identity Provider Role in Identity Cloud Service

The custom role must exist in Identity Cloud Service also and the code of the role in Fusion Service must be the external ID of the group in Identity Cloud Service. You use IDCS SCIM API calls can to create the group in IDCS. Refer to the following example of the API Call.

curl --location --request POST 'https://idcs-002d5462cc68420a96fcb9ed392854d2.identity.c9dev2.oc9qadev.com/admin/v1/Groups' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ4NXQjUzI1NiI6InZfUW8......LCZhakQ' \
--data-raw '{
"displayName": "Adjudicator",
"externalId": "CUST_ADJUDICATOR",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group": {
"creationMechanism": "api",
"description": "Created using Postman"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group",
"urn:ietf:params:scim:schemas:extension:custom:2.0:Group"
]
}'

For more information on creating groups, refer to the Create Groups in Oracle Identity Cloud Service topic in the Related Topics.

Map the Custom Self-Service Role to an Identity Provider Role

For this task you use the Functional Setup Manager task, Manage Custom Role Mapping for Digital Customer Service to enable the viewing of existing mappings and creating new mappings between custom Self-Service roles and custom identity provider roles.

1. Sign in to Fusion Service as an administrator user.

2. In the Setup and Maintenance screen, select Service, then Digital Customer Service.

3. From the Show drop down list, select All Tasks.

4. Click Manage Custom Role Mapping for Digital Customer Service.

5. Select a Self-Service role.

6. Select a Job role.

7. Click Save.

Grant a User the Custom Self Service Role

You use the selfServiceRoles REST API to assign a custom self-service role to a self-service user. The functional security required to use this API is given to the Customer Self-Service Account Administrator job role and the Customer Self-Service Administration duty role.

Here's an example:

curl --location --request POST 'https://<POD>.fa.<data center ID>.oraclecloud.com/crmRestApi/resources/11.13.18.05/selfServiceRoles' \
--user 'ADMIN_USER:ADMIN_USER_PWD' \
--header 'Content-Type: application/json' \
--data-raw ' {
"AccountPartyId": 100000015022002,
"ContactPartyId": 300100544667497,
"RelationshipTypeCd": "CUST_ADJUDICATOR"
}'