User Groups and Privileges
The Oracle® Communications Security Shield (OCSS) provides a set of user groups to help you manage access to the service according to the least amount of privilege needed. The privileges of each group determine which tabs, links, and information the user can see and which actions the user can perform.
When a user's job requires more privileges than a particular user group allows, the Administrator can assign the user to more groups to provide the right set of privileges for the user's job. For example, suppose a user needs to monitor activity on the system by other users, as well as, to monitor the system. The Administrator can assign the user to both the OCSS User Tracking and Monitor group and the OCSS Device Configuration Editor group to give the user the privileges needed to do the job.
User groups are a collection of specific privileges, not user roles. You can use already established user roles, or create new user roles and determine which user groups a role needs. In this way, you can create defined roles and associated privilege needs based on user groups.
OCSS User and Administrator Groups and Privileges
The following table lists the OCSS user groups and their privileges.
|OCSS ACL Editor—Manages the Access Control Lists, including adding, editing, and deleting lists as well as individual entries.||
|CGBU OCSS Administrator—Manages other aspects of the OCCSC service.||
|OCSS Device Configuration Editor—Manages device configuration.||
|OCSS Configuration Editor—Manages configuration parameters including thresholds and enforcement actions.||
|OCSSC User—Monitors call patterns and threats patterns.||
|OCSSC User Tracking and Monitoring Editor—Views and manages Activity Logging.||
For more information about Administrator roles, see Understanding Administrator Roles.
OCSS Analytics Groups
The following table lists the OCSS data visualization and analytics groups and their privileges.
|OCSSAnalyticsUser—Views the analytics reports.||
|OCSSAnalyticsEditor—Views and manages the analytics reports for a tenant.||
Upgrade and Downgrade Support
Upgrade—OCSS does not assign any preexisting user accounts to any of the new default groups upon upgrade.
Downgrade—OCSS allows all user accounts to survive a downgrade and revert to their previous authentication and authorization behavior.
- See User and Role Maintenance, if you use Oracle Identity Cloud Services (IDCS).
- See Managing Users, if you use Oracle Cloud Infrastructure (OCI) Identity Access Management (IAM).