Overview of Role-Based Access Control (RBAC)

Oracle Fusion applications use a role-based access control (RBAC) security model to secure access to functionality and data. With RBAC, you provide users with roles, and the roles are assigned access privileges.

This diagram shows the relationship between users, roles, and privileges. Users get roles assigned. The roles contain privileges to access functionality and data.

In Oracle CX, users gain access to application data and functions when you assign them these types of roles:

• Job roles: These give users the permissions they need to perform tasks that are specific to a job, such as a salesperson or sales manager.
• Abstract roles: These give users the permissions to complete tasks that are common to all users.

Users can have any number of different roles at the same time. The combination of roles determines the user's level of access to protected system resources. For example, a user might be assigned the Sales Manager role, the Sales Analyst role, and the Employee role. In this case, the user has this access:

• As an employee, the user can access employee functions and data.
• As a sales manager, the user can access sales manager functions and data.
• As a sales analyst, the user can access sales analysis functions and data.

When the user signs in to the application and is successfully authenticated, a user session is established. All the roles assigned to the user are loaded into the session repository. The application determines the set of privileges for application resources that are provided by the roles and then grants the user the most permissive level of access.

You can assign roles to a user manually when you create the user, or automatically, by creating role provisioning rules.