Overview of Users and Security Setup
Because you followed the Implementing Sales guide steps to set up your initial set of users, then you already know that Oracle applications use a role-based access control (RBAC) security model to secure user access to functionality and data.
In a role-based access control security model, users are assigned roles, and roles are assigned access privileges to protected system resources.
Oracle Sales and Oracle Fusion Service users who access the transactional UI, for example salespeople or service representatives working on leads or service requests, are created as Sales resources.
Default Preferences
To set up default preferences for users and roles, access the Security Console as a setup user or other user with the IT Security Manager job role. Only setup users, or other users with the IT Security Manager job role, can access the Security Console. See Overview of Security Console for more information.
Lightweight Directory Access Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP) identity store is a repository of user identity data. Your LDAP directory stores definitions of LDAP user accounts.
In general, changes you make to user accounts are automatically synchronized between Oracle CX and your LDAP directory server. However, you must also run processes on a daily basis to manage the information exchange. For information, see Retrieve Latest LDAP Changes.
Setup Tasks in the UI and Other Setup Options
As a setup user, you use multiple different tasks in Setup and Maintenance to create and maintain users. You also have more setup options to consider. The following table describes these tasks and setup options.
| User Task | Description |
|---|---|
|
Manage Job Roles Task Navigation: Setup and Maintenance > Sales Offering > Users and Security functional area |
Oracle provides many predefined job roles. The relevant sales roles are listed in the Security Reference for Sales and Fusion Service guide. You perform the Manage Job Roles task to:
This task opens the Roles tab of the Security Console. |
|
Manage Duties Task Manage Sales and Service Access Management Task Navigation: Setup and Maintenance > Sales Offering > Users and Security functional area |
You perform the Manage Duties task to:
This task opens the Roles tab of the Security Console. |
|
Manage Data Security Policies Task Manage Sales and Service Access Task Navigation: Setup and Maintenance > Sales Offering > Users and Security functional area |
You use the Manage Data Security Policies task to manage the data security policies that determine grants of entitlement to a user or role on an object or attribute group. This task opens the Roles tab of the Security Console. You can also use the Manage Sales and Service Access task to review and configure data security. This task opens the Sales and Service Access Management work area. For information, see the What are the basic security concepts and procedures for Oracle CX? playbook. |
|
Manage Users Task Navigation: Navigator > Users and Roles item or Setup and Maintenance > Sales Offering > Users and Security functional area |
You create application users in the UI using the Manage
Users task. A user with the IT Security Manager job role performs the Manage
Users tasks. You can also create sales users by importing users. For information on the user import options available for Sales, see Overview of Importing Sales Resources. |
|
Manage HCM Role Provisioning Rules Task Navigation: Setup and Maintenance Sales Offering > Users and Security functional area |
Oracle provides predefined role mapping rules for provisioning many of the standard job roles included with the application. However, using the Manage HCM Role Provisioning Rules task, you can create any additional role mappings you need to, to control the provisioning of roles to application users. For example, you can create a role mapping to provision the Channel Sales Manager role automatically to specific sales managers. See Role Provisioningfor more information. |
|
Import and Export Management |
You can import users in bulk using data files. For information on the user import options available, see Overview of Importing Sales Resources. |
|
Import Partner Users Task |
You can also import partner contact data using the Import Partner Users task. For more information, see the Getting Started with Your Partner Relationship Management Implementation guide. |
|
Single Sign-On Authentication |
Single sign-on authentication is optionally available for user authentication. If your enterprise has moved from a traditional on-premises environment to an Oracle Cloud implementation, you might want to use your existing identity management solution for authenticating your employees, and you might also want to provide a single sign-on experience. Implementing federated single sign-on lets you provide users with single sign-on access to applications and systems located across organizational boundaries. For additional information, see Oracle Applications Cloud Service Entitlements (Doc ID 2004494.1) on My Oracle Support at https://support.oracle.com. |
|
User Passwords |
Setup users provisioned with the IT Security Manager job role can use the Users tab in the Security Console work area to reset passwords for all application users. Users who can't access the Security Console can reset only their own passwords using the Set Preferences link in the Settings and Actions menu available by clicking their user name in the application or by using the Forgot Password link on the sign-in page. See Reset Passwords for more information. |
|
Names and Email Addresses |
Use the Users tab in the Security Console work area to change user email addresses. You can use the procedure described in this topic to update addresses of both setup users and sales users. If you're updating the email addresses of sales users, then you can also use the same import process you use to create them. See User Names for more information. |