Access Control Overview

While overall access rights are controlled by predefined roles, Service Administrators can grant application roles to other users and groups by using Access Control. Users with the Service Administrator role can assign different application roles to other users to enable them to complete additional tasks. For example, they can assign a user the Approval Administrator role, which enables that user to perform approvals-related activities. Additionally, users with the Service Administrator role can create groups. Assigning roles to groups enables the Service Administrator user to grant roles to many users.

Use Access Control to perform these tasks:

Create groups and add EPM Cloud users or other groups as members.
Add or delete group members.
Assign application roles to groups or to users.
View a list of users who are members of a group.

Note:

Application roles can only enhance the access rights of users. None of the privileges granted by a predefined role are reduced by roles assigned at the application-level. For more information about application roles and what each role can perform, see Application Roles in the Oracle Help Center.

Tip:

When you assign application roles, best practice is to assign the lowest-level role that provides the required privileges.

To access the Access Control tool, click the Navigator icon Screenshot of the Navigator icon in NSPB and under Tools, select Access Control.

For details about the tasks you can complete within each tab in Access Control, see the following help topics from the Oracle Help Center:

On the Manage Groups tab, you can create or delete groups. You can also add or remove users from the groups.

For more information, see Managing Groups.
On the Manage Users tab, you can assign a user to one or more groups.

For more information, see Assigning a User to Many Groups.
On the Assign Application Roles tab, you can manage (assign or unassign) application roles to users who have a predefined role. You can also generate a Role Assignment Report for a specific user.

For more information, see Managing the Application Roles of Users.
On the Role Assignment Report tab, you can review all the users and the roles (predefined and application-level) assigned to each user.

For more information, see Viewing the Role Assignment Report For Your Environment.
On the User Login Report tab, you can view information about the users who logged in to the environment in the past 24 hours. The report lists the IP address of the computer from which the user logged in. The report also lists the date and time (UTC) at which the user accessed the environment.

For more information, see Viewing the User Login Report.
On the User Group Report tab, you can view a report of the direct or indirect membership of users that are assigned to groups. You can also export this report as a CSV file.

For more information, see Viewing and Exporting the User Group Report.

For more information about using Access Control, see the Administering Access Control for Oracle Enterprise Performance Management Cloud guide in the Oracle Help Center.

General Notices