User Groups and Privileges

The Oracle® Communications Security Shield (OCSS) provides a set of user groups to help you manage access to the service according to the least amount of privilege needed. The privileges of each group determine which tabs, links, and information the user can see and which actions the user can perform.

When a user's job requires more privileges than a particular user group allows, the Administrator can assign the user to more groups to provide the right set of privileges for the user's job. For example, suppose a user needs to monitor activity on the system by other users, as well as, to monitor the system. The Administrator can assign the user to both the OCSS User Tracking and Monitor group and the OCSS Device Configuration Editor group to give the user the privileges needed to do the job.

User groups are a collection of specific privileges, not user roles. You can use already established user roles, or create new user roles and determine which user groups a role needs. In this way, you can create defined roles and associated privilege needs based on user groups.

OCSS User and Administrator Groups and Privileges

The following table lists the OCSS user groups and their privileges.

Groups	Privileges
OCSS ACL Editor—Manages the Access Control Lists, including adding, editing, and deleting lists as well as individual entries.	Sees the Landing Page and Access Control List (ACL) tabs. Can view the Detected Threats tile.
CGBU OCSS Administrator—Manages other aspects of the OCCSC service.	Access the Landing Page and Settings tabs. Manage on-premises devices. Access the CCS Configuration and Configuration Wizard on the Settings tab.
OCSS Device Configuration Editor—Manages device configuration.	Access the Landing Page and Settings tabs. View the Detected Threats tile. Manage on-premises devices. Access the CCS Configuration on the Settings tab.
OCSS Configuration Editor—Manages configuration parameters including thresholds and enforcement actions.	Access the Landing Page and Settings tabs. Access to the Autonomous Threat Protection and Configuration Wizard links under Edit Settings. Access the OCSS configuration through the Settings tab and modify the configuration. Access the Configuration Wizard from the Settings tab. Initiate the Configuration Wizard.
OCSSC User—Monitors call patterns and threats patterns.	Access the Landing Page tab. View the Detected Threats tile.
OCSSC User Tracking and Monitoring Editor—Views and manages Activity Logging.	Access the Landing Page and Activity Log tabs. View the Detected Threats tile.

For more information about Administrator roles, see Understanding Administrator Roles.

OCSS Analytics Groups

The following table lists the OCSS data visualization and analytics groups and their privileges.

Groups	Privileges
OCSSAnalyticsUser—Views the analytics reports.	View all reports and visualizations (Read-Only).
OCSSAnalyticsEditor—Views and manages the analytics reports for a tenant.	View all reports and visualizations. Create, modify, export, and delete reports.

Upgrade and Downgrade Support

Upgrade—OCSS does not assign any preexisting user accounts to any of the new default groups upon upgrade.

Downgrade—OCSS allows all user accounts to survive a downgrade and revert to their previous authentication and authorization behavior.

For more information about managing users:

See User and Role Maintenance, if you use Oracle Identity Cloud Services (IDCS).
See Managing Users, if you use Oracle Cloud Infrastructure (OCI) Identity Access Management (IAM).