Access Control Overview

While access to Planning and Budgeting components is controlled by predefined roles, Access Control lets Service Administrator give users more access by assigning application roles. Assigning different roles to users lets them do additional tasks. For example, you can give someone the Approval Administrator role so they can handle approvals-related activities.

Also, if you have the Service Administrator role, you can create groups and assign roles to groups to give access to many users.

Use Access Control to:

Create groups and add Cloud EPM users or other groups as members.
Add or remove group members.
Assign application roles to groups or to users.
See a list of members in each group.

Note:

Application roles assigned can only add to a user's access rights. None of the privileges from a predefined role are reduced by roles assigned at the application-level. For more information about application roles and what each role can perform, see Application Roles in the Oracle Help Center.

Tip:

When you assign application roles, best practice is to assign the lowest-level role that gives the accesss someone needs.

To open the Access Control tool, click the Navigator icon Screenshot of the Navigator icon in NSPB and under Tools, select Access Control.

For details about what you can do in each tab in Access Control, see the following help topics from the Oracle Help Center:

On the Manage Groups tab, you can create or delete groups. You can also add or remove users from the groups.

For more information, see Managing Groups.
On the Manage Users tab, you can assign a user to one or more groups.

For more information, see Assigning a User to Many Groups.
On the Assign Application Roles tab, you can manage (assign or unassign) application roles for users who have a predefined role. You can also get a Role Assignment Report for a specific user.

For more information, see Managing the Application Roles of Users.
On the Role Assignment Report tab, you can see all the users and the roles (predefined and application-level) assigned to each user.

For more information, see Viewing the Role Assignment Report For Your Environment.
On the User Login Report tab, you can see information about users who logged in during the past 24 hours. The report lists the user's IP address and the date and time (UTC) they accessed the environment.

For more information, see Viewing the User Login Report.
On the User Group Report tab, you can see a report of users' direct or indirect group membership. You can also export the report as a CSV file.

For more information, see Viewing and Exporting the User Group Report.

For more information about using Access Control, see the Administering Access Control guide in the Oracle Help Center.

General Notices