User Role

This page is accessed via Configuration and Administration > User Management > User Role.

User Role controls data visibility via a virtual private database (VPD) and functional security (Level) for a user. After a role is added, it can be assigned directly to a user or assigned to another role. If you assign multiple roles, a user can switch between each role without logging out and logging back into the system. For example, you may configure many user roles that provide domain-level visibility into different sets of data for different companies. Then, you can assign one or more of these roles to a user and the user could switch between the roles as needed without logging in and out. You can also assign multiple roles to a master role and then assign the master role to a user thereby providing that user with visibility in multiple domains of select data.

Note: If you have multiple sessions open with the same user, and the user changes roles in one session, then the role is changed in all other sessions.

Changing a User Role

A user with multiple or master role assignments can change roles by clicking the nickname or user name link in the Unified Global Header.

Adding a User Role:

1. Enter a User Role ID.
2. Enter a Level. The level provides a grouping capability of User Roles that can be used in external predicates.
3. Select a Domain Name.
4. Select a Data Source Profile ID. The data source profile allows you to enter data into a different database other than the default. You can also configure data source connections that enable Oracle Trace functionality.

   Note: This field should only be used by experienced database administrators. Contact Technical Support to learn more about this topic.

5. Select a VPD context. A VPD context is a set of context variables with defined values, used in creating external predicates.
6. Select a VPD Profile. A VPD profile can limit user access to specific table sets and data fields in a domain. In most cases, you should select the default VPD profile because it provides access to all the data in the domain, including its domain grants.

   Note: Creating or editing VPD profiles requires a working knowledge of Oracle databases.

7. The VPD Domain can be either blank or the same as current Domain Name. User Role overrides to ACL rights are only respected when the VPD domain is specified in the user role. Otherwise, standard ACL rights for the agent user are used.

User Role Grants

Use this section of the page to assign one or more roles to an existing role. This allows one role to assume the data visibility/functionality security attributes of multiple roles. When you assign the "master role" to a user, that person can switch to any role associated with the master.

1. Enter a Grantee User Role ID.
2. Click Save for each grantee user role ID you enter.

User Grants

Use this section to assign one or more users to an existing role.

1. Enter a Grantee User.
2. Click Save for each grantee user you select.

Access Control List

Note: You must have an access control list associated with the user role, in order for the user role to be used.

1. Enter an Access Control ID.
2. If you are granting access to the entry points specified in the access control list, select the Granted check box. If you want to prevent the user role from accessing the entry points in the access control list, clear the Granted check box.
3. Click Save for each access control list you add.
4. Click Finished to save the user role.